Skip to main content
CVE-2018-1084 HIGH PATCH This Week

corosync before version 2.4.4 is vulnerable to an integer overflow in exec/totemcrypto.c. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Corosync Debian Linux Enterprise Linux Server +1
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2018-1086 HIGH This Week

pcs before versions 0.9.164 and 0.10 is vulnerable to a debug parameter removal bypass. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Pacemaker Command Line Interface Debian Linux Enterprise Linux Server Eus
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-9860 HIGH This Week

An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Botan
NVD
CVSS 3.0
7.5
EPSS
1.4%
CVE-2018-1023 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Microsoft Edge,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
14.6%
CVE-2018-1020 HIGH PATCH This Week

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
15.6%
CVE-2018-1019 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-1018 HIGH PATCH This Week

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-1001 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
14.7%
CVE-2018-0997 HIGH PATCH This Week

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0996 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
14.7%
CVE-2018-0995 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0994 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0993 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0991 HIGH PATCH This Week

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0990 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0988 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0979 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0956 HIGH PATCH This Week

A denial of service vulnerability exists in the HTTP 2.0 protocol stack (HTTP.sys) when HTTP.sys improperly parses specially crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Denial Of Service Windows 10 Windows Server 2016
NVD
CVSS 3.0
7.5
EPSS
13.8%
CVE-2018-0870 HIGH PATCH This Week

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0966 LOW POC PATCH Monitor

A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD Exploit-DB
CVSS 3.0
3.3
EPSS
2.4%
CVE-2018-1008 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka "OpenType Font Driver Elevation of. Rated high severity (CVSS 7.0).

Microsoft Adobe Information Disclosure Windows 10 Windows 7 +5
NVD
CVSS 3.0
7.0
EPSS
1.2%
CVE-2018-8117 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in the Microsoft Wireless Keyboard 850 which could allow an attacker to reuse an AES encryption key to send keystrokes to other keyboard devices or to. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required.

Authentication Bypass Microsoft Wireless Keyboard 850
NVD
CVSS 3.0
6.8
EPSS
1.2%
CVE-2018-1079 MEDIUM This Month

pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation via authorized user malicious REST call. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Information Disclosure Path Traversal Pacemaker Command Line Interface Enterprise Linux
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-0950 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Office renders Rich Text Format (RTF) email messages containing OLE objects when a message is opened or previewed, aka "Microsoft Office. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Office Office Compatibility Pack Word
NVD
CVSS 3.0
6.5
EPSS
9.0%
CVE-2018-0964 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V. Rated medium severity (CVSS 6.1).

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-10074 MEDIUM PATCH This Month

The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Null Pointer Dereference Denial Of Service Linux Linux Kernel
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2018-8116 MEDIUM PATCH This Month

A denial of service vulnerability exists in the way that Windows handles objects in memory, aka "Microsoft Graphics Component Denial of Service Vulnerability." This affects Windows 7, Windows Server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
1.4%
CVE-2018-0960 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-0887 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
1.9%
CVE-2018-1034 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
5.4
EPSS
2.2%
CVE-2018-1032 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
5.4
EPSS
2.2%
CVE-2018-1014 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
5.4
EPSS
2.2%
CVE-2018-1005 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
5.4
EPSS
2.2%
CVE-2018-1007 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Microsoft Information Disclosure Office
NVD
CVSS 3.0
5.3
EPSS
6.6%
CVE-2018-1000 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Information Disclosure Buffer Overflow Internet Explorer
NVD
CVSS 3.0
5.3
EPSS
7.5%
CVE-2018-0981 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Information Disclosure Buffer Overflow Internet Explorer
NVD
CVSS 3.0
5.3
EPSS
6.5%
CVE-2018-0976 MEDIUM PATCH This Month

A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.3
EPSS
4.7%
CVE-2018-0967 MEDIUM PATCH This Month

A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Microsoft Denial Of Service Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.3
EPSS
18.7%
CVE-2018-0957 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V. Rated medium severity (CVSS 5.3).

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.0
5.3
EPSS
1.6%
CVE-2018-0890 MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
4.3%
CVE-2018-1037 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Microsoft Information Disclosure Visual Studio Visual Studio 2017
NVD
CVSS 3.0
4.3
EPSS
5.9%
CVE-2018-0998 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
5.6%
CVE-2018-0989 MEDIUM PATCH This Month

An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Information Disclosure Buffer Overflow Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
5.4%
CVE-2018-0987 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
6.2%
CVE-2018-0892 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
5.4%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy