Filtered by vendor Microsoft
Subscribe
Total
21800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-8271 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2018-11-06 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in Windows when the Windows bowser.sys kernel-mode driver fails to properly handle objects in memory, aka "Windows Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-0965 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2018-11-05 | 7.7 HIGH | 8.4 HIGH |
| A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8439. | |||||
| CVE-2018-8438 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Server and 1 more | 2018-11-02 | 6.8 MEDIUM | 6.8 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437. | |||||
| CVE-2018-8437 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2018-11-02 | 5.5 MEDIUM | 6.2 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8438. | |||||
| CVE-2018-8436 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2018-11-02 | 5.5 MEDIUM | 6.2 MEDIUM |
| A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Windows Hyper-V Denial of Service Vulnerability." This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8437, CVE-2018-8438. | |||||
| CVE-2018-8426 | 1 Microsoft | 3 Sharepoint Enterprise Server 2013, Sharepoint Enterprise Server 2016, Sharepoint Server 2010 | 2018-11-02 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. | |||||
| CVE-2018-8441 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2018-11-02 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability." This affects Windows 10, Windows 10 Servers. | |||||
| CVE-2018-8443 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2018-11-02 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8445, CVE-2018-8446. | |||||
| CVE-2018-8442 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2018-11-02 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. | |||||
| CVE-2018-8336 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2018-11-02 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8419, CVE-2018-8442, CVE-2018-8443, CVE-2018-8445, CVE-2018-8446. | |||||
| CVE-2008-1363 | 2 Microsoft, Vmware | 5 Windows, Ace, Player and 2 more | 2018-11-01 | 7.2 HIGH | N/A |
| VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware Player 2.0.x before 2.0.3 and 1.0.x before 1.0.6, VMware ACE 2.0.x before 2.0.1 and 1.0.x before 1.0.5, and VMware Server 1.0.x before 1.0.5 on Windows allow local users to gain privileges via an unspecified manipulation of a config.ini file located in an Application Data folder, which can be used for "hijacking the VMX process." | |||||
| CVE-2008-3615 | 2 Apple, Microsoft | 2 Quicktime, Windows | 2018-11-01 | 9.3 HIGH | N/A |
| ir50_32.qtx in an unspecified third-party Indeo v5 codec for QuickTime, when used with Apple QuickTime before 7.5.5 on Windows, accesses uninitialized memory, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file. | |||||
| CVE-2018-8429 | 1 Microsoft | 5 Excel, Excel Viewer, Office and 2 more | 2018-11-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. | |||||
| CVE-2008-0927 | 2 Microsoft, Novell | 2 Windows-nt, Edirectory | 2018-10-31 | 5.0 MEDIUM | N/A |
| dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777. | |||||
| CVE-2008-1998 | 2 Ibm, Microsoft | 2 Db2, Windows | 2018-10-31 | 8.5 HIGH | N/A |
| The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 on Windows allows remote authenticated users to overwrite arbitrary files via the log file parameter. | |||||
| CVE-2018-8315 | 1 Microsoft | 10 Chakracore, Edge, Internet Explorer and 7 more | 2018-10-31 | 4.0 MEDIUM | 4.2 MEDIUM |
| An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | |||||
| CVE-2017-0175 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2018-10-30 | 2.1 LOW | 4.7 MEDIUM |
| The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259. | |||||
| CVE-2009-3676 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2018-10-30 | 7.1 HIGH | N/A |
| The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability." | |||||
| CVE-2017-0104 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2018-10-30 | 9.3 HIGH | 8.1 HIGH |
| The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, Windows Server 2012 Gold and R2, and Windows Server 2016 allows remote attackers to issue malicious requests via an integer overflow, aka "iSNS Server Memory Corruption Vulnerability." | |||||
| CVE-2016-7275 | 1 Microsoft | 1 Office | 2018-10-30 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability." | |||||