| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9521 | Hig | 0.57 | 8.8 | 0.02 | Nov 14, 2018 | In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for… | ||
| CVE-2018-15711 | Hig | 0.60 | 8.8 | 0.36 | Nov 14, 2018 | Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges. | ||
| CVE-2018-15710 | Hig | 0.57 | 7.8 | 0.44 | Nov 14, 2018 | Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php. | ||
| CVE-2018-15709 | Hig | 0.59 | 8.8 | 0.21 | Nov 14, 2018 | Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request. | ||
| CVE-2018-6083 | Hig | 0.57 | 8.8 | 0.02 | Nov 14, 2018 | Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page. | ||
| CVE-2018-6074 | Hig | 0.57 | 8.8 | 0.02 | Nov 14, 2018 | Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page. | ||
| CVE-2018-6073 | Hig | 0.57 | 8.8 | 0.02 | Nov 14, 2018 | A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | ||
| CVE-2018-6072 | Hig | 0.57 | 8.8 | 0.01 | Nov 14, 2018 | An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||
| CVE-2018-6071 | Hig | 0.57 | 8.8 | 0.01 | Nov 14, 2018 | An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2018-6067 | Hig | 0.57 | 8.8 | 0.02 | Nov 14, 2018 | Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2018-6065 | Hig | 0.77 | 8.8 | 0.59 | KEV | Nov 14, 2018 | Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |
| CVE-2018-6064 | Hig | 0.61 | 8.8 | 0.07 | Nov 14, 2018 | Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2018-6063 | Hig | 0.57 | 8.8 | 0.02 | Nov 14, 2018 | Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. | ||
| CVE-2018-6062 | Hig | 0.57 | 8.8 | 0.02 | Nov 14, 2018 | Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | ||
| CVE-2018-6061 | Hig | 0.49 | 7.5 | 0.01 | Nov 14, 2018 | A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2018-6060 | Hig | 0.57 | 8.8 | 0.02 | Nov 14, 2018 | Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2018-6057 | Hig | 0.57 | 8.8 | 0.01 | Nov 14, 2018 | Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page. | ||
| CVE-2018-17474 | Hig | 0.57 | 8.8 | 0.01 | Nov 14, 2018 | Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||
| CVE-2018-17469 | Hig | 0.57 | 8.8 | 0.01 | Nov 14, 2018 | Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. | ||
| CVE-2018-17466 | Hig | 0.57 | 8.8 | 0.03 | Nov 14, 2018 | Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||
| CVE-2018-17465 | Hig | 0.57 | 8.8 | 0.02 | Nov 14, 2018 | Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. | ||
| CVE-2018-17463 | Hig | 0.79 | 8.8 | 0.84 | KEV | Nov 14, 2018 | Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |
| CVE-2018-3698 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2018 | Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access. | ||
| CVE-2018-3697 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2018 | Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access. | ||
| CVE-2018-3635 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2018 | Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access. | ||
| CVE-2018-12174 | Hig | 0.51 | 7.8 | 0.00 | Nov 14, 2018 | Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE 2018 Update 3 may allow an authenticated user to potentially escalate privileges via local access. | ||
| CVE-2018-19277 | — | Hig | 0.54 | 8.8 | 0.08 | Nov 14, 2018 | securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file | |
| CVE-2018-19271 | — | Hig | 0.00 | 8.8 | 0.02 | Nov 14, 2018 | Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter. | |
| CVE-2018-8609 | Hig | 0.58 | 8.8 | 0.09 | Nov 14, 2018 | A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This… | ||
| CVE-2018-8589 | Hig | 0.63 | 7.8 | 0.03 | KEV | Nov 14, 2018 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2. | |
| CVE-2018-8588 | Hig | 0.43 | 7.5 | 0.14 | Nov 14, 2018 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,… | ||
| CVE-2018-8584 | Hig | 0.54 | 7.8 | 0.03 | Nov 14, 2018 | An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. | ||
| CVE-2018-8582 | Hig | 0.59 | 8.8 | 0.19 | Nov 14, 2018 | A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique… | ||
| CVE-2018-8581 | Hig | 0.68 | 7.4 | 0.28 | KEV | Nov 14, 2018 | An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server. | |
| CVE-2018-8577 | Hig | 0.52 | 7.8 | 0.19 | Nov 14, 2018 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel… | ||
| CVE-2018-8576 | Hig | 0.52 | 7.8 | 0.19 | Nov 14, 2018 | A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique… | ||
| CVE-2018-8575 | Hig | 0.52 | 7.8 | 0.19 | Nov 14, 2018 | A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server. | ||
| CVE-2018-8574 | Hig | 0.52 | 7.8 | 0.19 | Nov 14, 2018 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is… | ||
| CVE-2018-8573 | Hig | 0.52 | 7.8 | 0.19 | Nov 14, 2018 | A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from… | ||
| CVE-2018-8570 | Hig | 0.50 | 7.5 | 0.14 | Nov 14, 2018 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. | ||
| CVE-2018-8562 | Hig | 0.51 | 7.8 | 0.01 | Nov 14, 2018 | An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server… | ||
| CVE-2018-8561 | Hig | 0.51 | 7.8 | 0.01 | Nov 14, 2018 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1,… | ||
| CVE-2018-8557 | Hig | 0.43 | 7.5 | 0.14 | Nov 14, 2018 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,… | ||
| CVE-2018-8556 | Hig | 0.43 | 7.5 | 0.14 | Nov 14, 2018 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,… | ||
| CVE-2018-8555 | Hig | 0.43 | 7.5 | 0.14 | Nov 14, 2018 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,… | ||
| CVE-2018-8554 | Hig | 0.51 | 7.8 | 0.01 | Nov 14, 2018 | An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2018-8485, CVE-2018-8561. | ||
| CVE-2018-8553 | Hig | 0.52 | 7.8 | 0.19 | Nov 14, 2018 | A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,… | ||
| CVE-2018-8552 | Hig | 0.56 | 7.5 | 0.51 | Nov 14, 2018 | An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This… | ||
| CVE-2018-8551 | Hig | 0.43 | 7.5 | 0.14 | Nov 14, 2018 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,… | ||
| CVE-2018-8550 | Hig | 0.54 | 7.8 | 0.03 | Nov 14, 2018 | An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server… |
- risk 0.57cvss 8.8epss 0.02
In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for…
- risk 0.60cvss 8.8epss 0.36
Nagios XI 5.5.6 allows remote authenticated attackers to reset and regenerate the API key of more privileged users. The attacker can then use the new API key to execute API calls at elevated privileges.
- risk 0.57cvss 7.8epss 0.44
Nagios XI 5.5.6 allows local authenticated attackers to escalate privileges to root via Autodiscover_new.php.
- risk 0.59cvss 8.8epss 0.21
Nagios XI 5.5.6 allows remote authenticated attackers to execute arbitrary commands via a crafted HTTP request.
- risk 0.57cvss 8.8epss 0.02
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Failure to apply Mark-of-the-Web in Downloads in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to bypass OS level controls via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
A heap buffer overflow in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
An integer overflow leading to use after free in PDFium in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- risk 0.57cvss 8.8epss 0.01
An integer overflow in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Incorrect IPC serialization in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.77cvss 8.8epss 0.59
Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.61cvss 8.8epss 0.07
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
- risk 0.49cvss 7.5epss 0.01
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Lack of special casing of Android ashmem in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to bypass inter-process read only guarantees via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.01
Incorrect handling of PDF filter chains in PDFium in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
- risk 0.57cvss 8.8epss 0.03
Incorrect texture handling in Angle in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
- risk 0.57cvss 8.8epss 0.02
Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page.
- risk 0.79cvss 8.8epss 0.84
Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
- risk 0.51cvss 7.8epss 0.00
Improper file permissions in the installer for the Intel Ready Mode Technology may allow an unprivileged user to potentially gain privileged access via local access.
- risk 0.51cvss 7.8epss 0.00
Improper directory permissions in the installer for the Intel Media Server Studio may allow unprivileged users to potentially enable an escalation of privilege via local access.
- risk 0.51cvss 7.8epss 0.00
Insufficient input validation in installer in Intel Rapid Store Technology (RST) before version 16.7 may allow an unprivileged user to potentially elevate privileges or cause an installer denial of service via local access.
- risk 0.51cvss 7.8epss 0.00
Heap overflow in Intel Trace Analyzer 2018 in Intel Parallel Studio XE 2018 Update 3 may allow an authenticated user to potentially escalate privileges via local access.
- risk 0.54cvss 8.8epss 0.08
securityScan() in PHPOffice PhpSpreadsheet through 1.5.0 allows a bypass of protection mechanisms for XXE via UTF-7 encoding in a .xlsx file
- risk 0.00cvss 8.8epss 0.02
Centreon 3.4.x (fixed in Centreon 18.10.0 and Centreon web 2.8.28) allows SQL Injection via the main.php searchH parameter.
- risk 0.58cvss 8.8epss 0.09
A remote code execution vulnerability exists in Microsoft Dynamics 365 (on-premises) version 8 when the server fails to properly sanitize web requests to an affected Dynamics server, aka "Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability." This…
- risk 0.63cvss 7.8epss 0.03
An elevation of privilege vulnerability exists when Windows improperly handles calls to Win32k.sys, aka "Windows Win32k Elevation of Privilege Vulnerability." This affects Windows Server 2008, Windows 7, Windows Server 2008 R2.
- risk 0.43cvss 7.5epss 0.14
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,…
- risk 0.54cvss 7.8epss 0.03
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka "Windows ALPC Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers.
- risk 0.59cvss 8.8epss 0.19
A remote code execution vulnerability exists in the way that Microsoft Outlook parses specially modified rule export files, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique…
- risk 0.68cvss 7.4epss 0.28
An elevation of privilege vulnerability exists in Microsoft Exchange Server, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." This affects Microsoft Exchange Server.
- risk 0.52cvss 7.8epss 0.19
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Office, Office 365 ProPlus, Microsoft Excel, Microsoft Excel…
- risk 0.52cvss 7.8epss 0.19
A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka "Microsoft Outlook Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Outlook. This CVE ID is unique…
- risk 0.52cvss 7.8epss 0.19
A remote code execution vulnerability exists in Microsoft Project software when it fails to properly handle objects in memory, aka "Microsoft Project Remote Code Execution Vulnerability." This affects Microsoft Project, Office 365 ProPlus, Microsoft Project Server.
- risk 0.52cvss 7.8epss 0.19
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Office 365 ProPlus, Microsoft Office, Microsoft Excel. This CVE ID is…
- risk 0.52cvss 7.8epss 0.19
A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka "Microsoft Word Remote Code Execution Vulnerability." This affects Microsoft Word, Office 365 ProPlus, Microsoft Office. This CVE ID is unique from…
- risk 0.50cvss 7.5epss 0.14
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11.
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1,…
- risk 0.43cvss 7.5epss 0.14
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,…
- risk 0.43cvss 7.5epss 0.14
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,…
- risk 0.43cvss 7.5epss 0.14
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,…
- risk 0.51cvss 7.8epss 0.01
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows 10 Servers, Windows 10, Windows Server 2019. This CVE ID is unique from CVE-2018-8485, CVE-2018-8561.
- risk 0.52cvss 7.8epss 0.19
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008,…
- risk 0.56cvss 7.5epss 0.51
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This…
- risk 0.43cvss 7.5epss 0.14
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541,…
- risk 0.54cvss 7.8epss 0.03
An elevation of privilege exists in Windows COM Aggregate Marshaler, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server…