Filtered by vendor Microsoft
Subscriptions
Total
21946 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-8014 | 6 Apache, Canonical, Debian and 3 more | 12 Tomcat, Ubuntu Linux, Debian Linux and 9 more | 2024-11-21 | N/A |
| The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue. | ||||
| CVE-2018-7824 | 2 Microsoft, Schneider-electric | 3 Windows, Driver Suite, Modbus Serial Driver | 2024-11-21 | 4.9 Medium |
| An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files. | ||||
| CVE-2018-7719 | 2 Acrolinx, Microsoft | 2 Acrolinx Server, Windows | 2024-11-21 | N/A |
| Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. | ||||
| CVE-2018-7449 | 2 Microsoft, Segger | 2 Windows, Embos\/ip Ftp Server | 2024-11-21 | N/A |
| SEGGER FTP Server for Windows before 3.22a allows remote attackers to cause a denial of service (daemon crash) via an invalid LIST, STOR, or RETR command. | ||||
| CVE-2018-7250 | 2 Microsoft, Tivo | 5 Windows 7, Windows 8, Windows 8.1 and 2 more | 2024-11-21 | N/A |
| An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data. | ||||
| CVE-2018-7249 | 2 Microsoft, Tivo | 5 Windows 7, Windows 8, Windows 8.1 and 2 more | 2024-11-21 | N/A |
| An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel. | ||||
| CVE-2018-7212 | 2 Microsoft, Sinatrarb | 2 Windows, Sinatra | 2024-11-21 | 5.3 Medium |
| An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters. | ||||
| CVE-2018-7115 | 2 Hp, Microsoft | 2 Intelligent Management Center, Windows | 2024-11-21 | N/A |
| HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions. | ||||
| CVE-2018-6947 | 2 Microsoft, Nomachine | 4 Windows 10, Windows 7, Windows 8 and 1 more | 2024-11-21 | N/A |
| An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10. | ||||
| CVE-2018-6757 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | N/A |
| Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | ||||
| CVE-2018-6756 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | N/A |
| Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware. | ||||
| CVE-2018-6755 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | N/A |
| Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | ||||
| CVE-2018-6690 | 2 Mcafee, Microsoft | 2 Application Change Control, Windows | 2024-11-21 | 7.1 High |
| Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system. | ||||
| CVE-2018-6687 | 2 Mcafee, Microsoft | 2 Getsusp, Windows | 2024-11-21 | 5.5 Medium |
| Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows. | ||||
| CVE-2018-6683 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 7.4 High |
| Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | ||||
| CVE-2018-6674 | 2 Mcafee, Microsoft | 2 Virusscan Enterprise, Windows | 2024-11-21 | N/A |
| Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | ||||
| CVE-2018-6664 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | N/A |
| Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. | ||||
| CVE-2018-6661 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 7.8 High |
| DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature. | ||||
| CVE-2018-6634 | 3 Canonical, Microsoft, Parsecgaming | 3 Ubuntu Linux, Windows, Parsec | 2024-11-21 | N/A |
| A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account. | ||||
| CVE-2018-6516 | 2 Microsoft, Puppet | 2 Windows, Puppet Enterprise Client Tools | 2024-11-21 | N/A |
| On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation. | ||||