CVE Daily
← All tags

Tag: Microsoft Windows

All CVEs associated with "Microsoft Windows". Page 73/121 • 14518 CVEs.

Subscribe CVEs: RSS for “Microsoft Windows”  ·  RSS (High+Critical only)

About “Microsoft Windows”

A curated feed of “Microsoft Windows”-related CVEs appears below. We currently track 14518 CVEs for this tag (all time). In the last 365 days, 1678 were published. Average CVSS is 7.3 (all time; 7.2 over 365d), and 66% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-416 - Use After Free, CWE-122 - Heap-based Buffer Overflow, CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition').

In our taxonomy this topic maps to a MODERATE impact class. Issues here typically affect operating system packages or kernels. Plan reboots or service restarts and coordinate rollouts across fleets. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.

CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).

CVSS ≥ 0.0
2018-02-15
High

CVE-2018-0842

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0840

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2018-0839

Microsoft Edge in Microsoft Windows 10 1703 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-0838

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, ak…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0837

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, ak…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0836

Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vu…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0835

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, ak…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0834

Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, ak…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2018-0833

The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests…

CVSS: 5.3 CWE: CWE-476 - NULL Pointer Dereference View on NVD
Medium

CVE-2018-0832

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure…

CVSS: 4.7 CWE: CWE-401 - Missing Release of Memory after Effective Lifetime View on NVD
High

CVE-2018-0831

The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are han…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2018-0830

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Window…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0829

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Window…

CVSS: 4.7 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-0828

Windows 10 version 1607 and Windows Server 2016 allow an elevation of privilege vulnerability due to how the MultiPoint management account password is stored, aka "Windows Elevation of Privilege Vuln…

CVSS: 7.8 CWE: CWE-522 - Insufficiently Protected Credentials View on NVD
Medium

CVE-2018-0827

Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and Windows Server, version 1709 allows a Device Guard security feature bypass vulnerability due to the way objects are handled in me…

CVSS: 5.3 CWE: N/A View on NVD
High

CVE-2018-0826

Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects a…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0825

StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows S…

CVSS: 7.5 CWE: N/A View on NVD
High

CVE-2018-0823

The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "N…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0822

NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windo…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0821

AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonatio…

CVSS: 7.0 CWE: CWE-269 - Improper Privilege Management View on NVD
High

CVE-2018-0820

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Window…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2018-0810

The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, and Windows Server 2012 allows an information disclosure vulnerability due to the way memory is initialized, aka "Windows Kernel I…

CVSS: 4.7 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2018-0809

The Windows kernel in Windows 10, versions 1703 and 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows El…

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2018-0771

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature By…

CVSS: 4.3 CWE: N/A View on NVD
Low

CVE-2018-0763

Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID i…

CVSS: 3.1 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0761

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0760

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1, Windows Server 2008 R2, and Windows Server 2012 allows information disclosure, due to how the Windows EOT font en…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2018-0757

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Window…

CVSS: 4.7 CWE: N/A View on NVD
High

CVE-2018-0756

The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handle…

CVSS: 7.8 CWE: N/A View on NVD
Medium

CVE-2018-0755

The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft Windows 7 SP1 and Windows Server 2008 R2 allows information disclosure, due to how the Windows EOT font engine handles embedded…

CVSS: 5.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-0742

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Window…

CVSS: 7.8 CWE: N/A View on NVD
2018-02-13
High

CVE-2017-1711

IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicious code from a DLL masquerading as a windows DLL in the temp directory. IBM X-Force ID: 134532.

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2018-02-12
High

CVE-2018-1214

Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows user account named "OMEAdapterUser" with a default password as part of the installation process. This unnecessary user account al…

CVSS: 7.0 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
High

CVE-2016-8742

The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a…

CVSS: 7.8 CWE: CWE-264 View on NVD
2018-02-09
High

CVE-2018-1000041

GNOME librsvg version before commit c6ddf2ed4d768fd88adbea2b63f575cd523022ea contains a Improper input validation vulnerability in rsvg-io.c that can result in the victim's Windows username and NTLM…

CVSS: 8.8 CWE: N/A View on NVD
2018-02-08
High

CVE-2018-0517

Untrusted search path vulnerability in Anshin net security for Windows Version 16.0.1.44 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS: 7.8 CWE: CWE-426 - Untrusted Search Path View on NVD
2018-02-07
Medium

CVE-2017-15392

Insufficient data validation in V8 in Google Chrome prior to 62.0.3202.62 allowed an attacker who can write to the Windows Registry to potentially exploit heap corruption via a crafted Windows Regist…

CVSS: 4.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2017-15387

Insufficient enforcement of Content Security Policy in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to open javascript: URL windows when they should not be allowed to via a…

CVSS: 8.8 CWE: N/A View on NVD
High

CVE-2016-6169

Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (memory corruption and application crash) or potentiall…

CVSS: 7.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2016-6168

Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 and earlier on Windows allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a…

CVSS: 7.8 CWE: CWE-416 - Use After Free View on NVD
2018-02-06
High

CVE-2018-5457

A uncontrolled search path element issue was discovered in Vyaire Medical CareFusion Upgrade Utility used with Windows XP systems, Versions 2.0.2.2 and prior versions. A successful exploit of this vu…

CVSS: 7.0 CWE: CWE-427 - Uncontrolled Search Path Element View on NVD
2018-01-31
High

CVE-2018-6384

Unquoted Windows search path vulnerability in NSClient++ before 0.4.1.73 allows non-privileged local users to execute arbitrary code with elevated privileges on the system via a malicious program.exe…

CVSS: 7.8 CWE: CWE-428 - Unquoted Search Path or Element View on NVD
2018-01-26
High

CVE-2017-14593

Sourcetree for Windows had several argument and command injection bugs in Mercurial and Git repository handling. An attacker with permission to commit to a repository linked in Sourcetree for Windows…

CVSS: 8.8 CWE: CWE-77 - Improper Neutralization of Special Elements used in a Command ('Command Injection') View on NVD
High

CVE-2017-3762

Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a…

CVSS: 7.8 CWE: CWE-798 - Use of Hard-coded Credentials View on NVD
2018-01-24
High

CVE-2018-1000006

GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, 1.6.15 and earlier has a vulnerability in the protocol handler, specifically Electron apps running on Windows 10, 7 or 2008 that…

CVSS: 8.8 CWE: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') View on NVD
2018-01-18
High

CVE-2018-2627

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Installer). Supported versions that are affected are Java SE: 8u152 and 9.0.1. Difficult to exploit vulnerability allows low pr…

CVSS: 7.5 CWE: N/A View on NVD
Low

CVE-2018-2575

Vulnerability in the Core RDBMS component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2, and 12.2.0.1. Difficult to exploit vulnerability allows high privileg…

CVSS: 2.0 CWE: N/A View on NVD
High

CVE-2018-2569

Vulnerability in the Java ME SDK component of Oracle Java Micro Edition (subcomponent: Installer). The supported version that is affected is 8.3. Easily exploitable vulnerability allows unauthenticat…

CVSS: 7.8 CWE: N/A View on NVD
2018-01-16
Medium

CVE-2016-0215

IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, Solaris and Windows allow remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a sub…

CVSS: 6.5 CWE: CWE-20 - Improper Input Validation View on NVD
2018-01-13
Medium

CVE-2018-0486

Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signatures of user attribute data, which allows remote atta…

CVSS: 6.5 CWE: CWE-347 - Improper Verification of Cryptographic Signature View on NVD
2018-01-10
High

CVE-2017-17662

Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 devices allows attackers to read arbitrary files through a sequence of the form '.x./' or '....\x/' where x is a pattern composed…

CVSS: 7.5 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2018-01-08
High

CVE-2018-5279

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
Low

CVE-2018-5278

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…

CVSS: 3.3 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-5277

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-5276

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-5275

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-5274

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-5273

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-5272

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-5271

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
High

CVE-2018-5270

In Malwarebytes Premium 3.3.1.2183, the driver file (FARFLT.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input value…

CVSS: 7.8 CWE: CWE-20 - Improper Input Validation View on NVD
2018-01-05
High

CVE-2017-4948

VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View Client (4.x before 4.7.0) contain an out-of-bounds read vulnerability in TPView.dll. On Workstation, this issue in conjunction with o…

CVSS: 7.1 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2017-4946

The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a privilege escalation vulnerability. Successful exploitation of this issue could result in a low privileged windows user escalating…

CVSS: 7.8 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2017-4945

VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a guest access control vulnerability. This issue may allow program execution via Unity on locked Windows VMs. VMware Tools must be…

CVSS: 5.5 CWE: N/A View on NVD
2018-01-04
Medium

CVE-2018-0803

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to access information from one domain and inject it into another domain, due to how Mic…

CVSS: 4.2 CWE: CWE-863 - Incorrect Authorization View on NVD
Medium

CVE-2018-0800

Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-0788

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 and R2 allows an elevation of privilege vu…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0781

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine han…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2018-0780

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
High

CVE-2018-0778

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Mem…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0777

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine han…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0776

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine han…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0775

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Mem…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0774

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Mem…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0773

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Mem…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0772

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold,…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0770

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine han…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0769

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine han…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0768

Microsoft Edge in Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Mem…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2018-0767

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the scripting engin…

CVSS: 5.3 CWE: CWE-125 - Out-of-bounds Read View on NVD
Medium

CVE-2018-0766

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to further compromise the user's system, due to how the Microsoft…

CVSS: 4.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2018-0762

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold,…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
High

CVE-2018-0758

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine han…

CVSS: 7.5 CWE: CWE-787 - Out-of-bounds Write View on NVD
Medium

CVE-2018-0754

The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and…

CVSS: 5.5 CWE: N/A View on NVD
Medium

CVE-2018-0753

Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a denial of service vulnerability due to the…

CVSS: 5.9 CWE: N/A View on NVD
High

CVE-2018-0752

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of p…

CVSS: 7.8 CWE: CWE-732 - Incorrect Permission Assignment for Critical Resource View on NVD
High

CVE-2018-0751

The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of p…

CVSS: 7.1 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2018-0750

The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Windows Elevation o…

CVSS: 5.5 CWE: N/A View on NVD
High

CVE-2018-0749

The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, W…

CVSS: 7.8 CWE: N/A View on NVD
High

CVE-2018-0748

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Window…

CVSS: 7.8 CWE: CWE-269 - Improper Privilege Management View on NVD
Medium

CVE-2018-0747

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Window…

CVSS: 4.7 CWE: N/A View on NVD
Medium

CVE-2018-0746

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclo…

CVSS: 4.7 CWE: CWE-665 - Improper Initialization View on NVD
Medium

CVE-2018-0745

The Windows kernel in Windows 10 version 1703. Windows 10 version 1709, and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are handled in memory, a…

CVSS: 4.7 CWE: CWE-665 - Improper Initialization View on NVD
High

CVE-2018-0744

The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privi…

CVSS: 7.0 CWE: N/A View on NVD
High

CVE-2018-0743

Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 version 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in…

CVSS: 7.0 CWE: N/A View on NVD
Medium

CVE-2018-0741

The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows Server 2008 SP2 and R2 SP1 allows an information disclosure vulnerability due to the way objects are handled in memory, aka "Micro…

CVSS: 5.3 CWE: N/A View on NVD
2017-12-27
High

CVE-2016-6914

Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file.

CVSS: 7.8 CWE: CWE-276 - Incorrect Default Permissions View on NVD
High

CVE-2017-7160

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-7157

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-7156

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2017-12-25
High

CVE-2017-13870

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-13866

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-13864

An issue was discovered in certain Apple products. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected. The issue involves the "APNs Server" component. It allows man…

CVSS: 5.9 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-13856

An issue was discovered in certain Apple products. iOS before 11.2 is affected. Safari before 11.0.2 is affected. iCloud before 7.2 on Windows is affected. iTunes before 12.7.2 on Windows is affected…

CVSS: 8.8 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
2017-12-20
High

CVE-2017-17793

Information Disclosure vulnerability in creer_fichier_zip in admin/maintenance.php in BlogoText through 3.7.6 allows remote attackers to defeat a filename-randomization protection mechanism, and read…

CVSS: 7.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-12-15
High

CVE-2017-14184

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334…

CVSS: 8.8 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
2017-12-14
High

CVE-2017-7344

A privilege escalation in Fortinet FortiClient Windows 5.4.3 and earlier as well as 5.6.0 allows attacker to gain privilege via exploiting the Windows "security alert" dialog thereby popping up when…

CVSS: 8.1 CWE: N/A View on NVD
High

CVE-2017-17518

swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to c…

CVSS: 8.8 CWE: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') View on NVD
Critical

CVE-2017-17671

vBulletin through 5.3.x on Windows allows remote PHP code execution because a require_once call is reachable with an unauthenticated request that can include directory traversal sequences to specify…

CVSS: 9.8 CWE: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') View on NVD
2017-12-12
High

CVE-2017-11930

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
Medium

CVE-2017-11927

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709…

CVSS: 6.5 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
Medium

CVE-2017-11919

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, Windows…

CVSS: 5.3 CWE: CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor View on NVD
High

CVE-2017-11918

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-11914

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handle…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-11913

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-11912

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in W…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-11911

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles obje…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-11910

ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handle…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-11909

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles obje…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD
High

CVE-2017-11908

ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory…

CVSS: 7.5 CWE: CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer View on NVD