Filtered by vendor Microsoft
Subscribe
Total
20886 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-7249 | 2 Microsoft, Tivo | 5 Windows 7, Windows 8, Windows 8.1 and 2 more | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel. | |||||
| CVE-2018-7212 | 2 Microsoft, Sinatrarb | 2 Windows, Sinatra | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in rack-protection/lib/rack/protection/path_traversal.rb in Sinatra 2.x before 2.0.1 on Windows. Path traversal is possible via backslash characters. | |||||
| CVE-2018-7115 | 2 Hp, Microsoft | 2 Intelligent Management Center, Windows | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HPE Intelligent Management Center (IMC) prior to IMC PLAT 7.3 (E0605P06) is vulnerable to a remote buffer overflow in dbman.exe opcode 10001 on Windows. This problem is resolved in IMC PLAT 7.3 (E0605P06) or subsequent versions. | |||||
| CVE-2018-6947 | 2 Microsoft, Nomachine | 4 Windows 10, Windows 7, Windows 8 and 1 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10. | |||||
| CVE-2018-6757 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
| Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | |||||
| CVE-2018-6756 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware. | |||||
| CVE-2018-6755 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 4.6 MEDIUM | 7.2 HIGH |
| Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware. | |||||
| CVE-2018-6690 | 2 Mcafee, Microsoft | 2 Application Change Control, Windows | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system. | |||||
| CVE-2018-6687 | 2 Mcafee, Microsoft | 2 Getsusp, Windows | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Loop with Unreachable Exit Condition ('Infinite Loop') in McAfee GetSusp (GetSusp) 3.0.0.461 and earlier allows attackers to DoS a manual GetSusp scan via while scanning a specifically crafted file . GetSusp is a free standalone McAfee tool that runs on several versions of Microsoft Windows. | |||||
| CVE-2018-6683 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 4.6 MEDIUM | 7.4 HIGH |
| Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP policy via editing of local policy files when offline. | |||||
| CVE-2018-6674 | 2 Mcafee, Microsoft | 2 Virusscan Enterprise, Windows | 2024-11-21 | 2.1 LOW | 6.8 MEDIUM |
| Privilege Escalation vulnerability in Microsoft Windows client (McTray.exe) in McAfee VirusScan Enterprise (VSE) 8.8 prior to Patch 13 allows local users to spawn unrelated processes with elevated privileges via the system administrator granting McTray.exe elevated privileges (by default it runs with the current user's privileges). | |||||
| CVE-2018-6664 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows | 2024-11-21 | 6.5 MEDIUM | 5.8 MEDIUM |
| Application Protections Bypass vulnerability in Microsoft Windows in McAfee Data Loss Prevention (DLP) Endpoint before 10.0.500 and DLP Endpoint before 11.0.400 allows authenticated users to bypass the product block action via a command-line utility. | |||||
| CVE-2018-6661 | 2 Mcafee, Microsoft | 2 True Key, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee True Key before 4.20.110 allows local users to gain privilege elevation via not verifying a particular DLL file signature. | |||||
| CVE-2018-6634 | 3 Canonical, Microsoft, Parsecgaming | 3 Ubuntu Linux, Windows, Parsec | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in Parsec Windows 142-0 and Parsec 'Linux Ubuntu 16.04 LTS Desktop' Build 142-1 allows unauthorized users to maintain access to an account. | |||||
| CVE-2018-6516 | 2 Microsoft, Puppet | 2 Windows, Puppet Enterprise Client Tools | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation. | |||||
| CVE-2018-6515 | 2 Microsoft, Puppet | 2 Windows, Puppet | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation. | |||||
| CVE-2018-6514 | 2 Microsoft, Puppet | 2 Windows, Puppet | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation. | |||||
| CVE-2018-6461 | 2 March-hare, Microsoft | 2 Wincvs, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 build 6610, contains an Insecure Library Loading vulnerability in the wincvs2.exe or wincvs.exe file, which may allow local users to gain privileges via a Trojan horse Python or TCL DLL file in the current working directory. | |||||
| CVE-2018-6266 | 2 Microsoft, Nvidia | 2 Windows, Geforce Experience | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure. | |||||
| CVE-2018-6265 | 2 Microsoft, Nvidia | 2 Windows 7, Geforce Experience | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 during application installation on Windows 7 in elevated privilege mode, where a local user who initiates a browser session may obtain escalation of privileges on the browser. | |||||