Skip to main content
CVE-2018-10512 HIGH PATCH This Week

A vulnerability in Trend Micro Control Manager (versions 6.0 and 7.0) could allow an attacker to manipulate a reverse proxy .dll on vulnerable installations, which may lead to a denial of server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Trend Micro Information Disclosure Control Manager
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-8403 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Internet Explorer 11,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Internet Explorer +1
NVD
CVSS 3.0
7.5
EPSS
12.6%
CVE-2018-8390 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
14.4%
CVE-2018-8389 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
28.6%
CVE-2018-8387 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
9.5%
CVE-2018-8385 HIGH PATCH This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Internet Explorer +2
NVD
CVSS 3.0
7.5
EPSS
14.2%
CVE-2018-8381 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
14.4%
CVE-2018-8380 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
14.4%
CVE-2018-8377 HIGH PATCH This Week

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
9.5%
CVE-2018-8373 HIGH KEV PATCH THREAT This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.1
7.5
EPSS
61.9%
CVE-2018-8372 HIGH PATCH This Week

A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Internet Explorer +2
NVD
CVSS 3.0
7.5
EPSS
24.8%
CVE-2018-8371 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
14.4%
CVE-2018-8360 HIGH PATCH This Week

An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Net Framework
NVD
CVSS 3.0
7.5
EPSS
9.0%
CVE-2018-8359 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Chakracore
NVD
CVSS 3.0
7.5
EPSS
14.5%
CVE-2018-8345 HIGH This Week

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed, aka "LNK Remote Code Execution Vulnerability." This affects. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Code Injection Microsoft RCE Windows 10 Windows 7 +5
NVD
CVSS 3.0
7.5
EPSS
13.6%
CVE-2018-8316 HIGH PATCH This Week

A remote code execution vulnerability exists when Internet Explorer improperly validates hyperlinks before loading executable libraries, aka "Internet Explorer Remote Code Execution Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

RCE Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
13.6%
CVE-2018-8266 HIGH PATCH This Week

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Chakracore +1
NVD
CVSS 3.0
7.5
EPSS
27.1%
CVE-2018-12056 HIGH This Week

The maxRandom function of a smart contract implementation for All For One, an Ethereum gambling game, generates a random value with publicly readable variables because the _seed value can be. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure All For One
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-11687 HIGH This Week

An integer overflow in the distributeBTR function of a smart contract implementation for Bitcoin Red (BTCR), an Ethereum ERC20 token, allows the owner to accomplish an unauthorized increase of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Bitcoin Red
NVD
CVSS 3.0
7.5
EPSS
1.3%
CVE-2018-8404 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +3
NVD
CVSS 3.0
7.0
EPSS
1.1%
CVE-2018-8399 HIGH PATCH This Week

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows. Rated high severity (CVSS 7.0).

Microsoft Information Disclosure Windows 10 Windows Server
NVD
CVSS 3.0
7.0
EPSS
1.1%
CVE-2018-8339 HIGH This Week

An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior, aka "Windows. Rated high severity (CVSS 7.0). No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.0
EPSS
1.1%
CVE-2018-0415 MEDIUM This Month

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Cisco Wap121 Firmware Wap125 Firmware Wap131 Firmware +5
NVD
CVSS 3.0
6.8
EPSS
0.6%
CVE-2018-14779 MEDIUM This Month

A buffer overflow issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Piv Manager Piv Tool Smart Card Minidriver
NVD
CVSS 3.0
6.8
EPSS
0.5%
CVE-2018-0428 MEDIUM This Month

A vulnerability in the account management subsystem of Cisco Web Security Appliance (WSA) could allow an authenticated, local attacker to elevate privileges to root. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Cisco Web Security Appliance
NVD
CVSS 3.0
6.7
EPSS
0.4%
CVE-2018-8398 MEDIUM This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
6.5
EPSS
8.0%
CVE-2018-8394 MEDIUM This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
6.5
EPSS
8.0%
CVE-2018-8351 MEDIUM PATCH This Month

An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Internet Explorer Edge
NVD
CVSS 3.0
6.5
EPSS
7.9%
CVE-2018-8340 MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Active Directory Federation Services (AD FS) improperly handles multi-factor authentication requests, aka "AD FS Security Feature Bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Microsoft Windows Server 2012 Windows Server 2016
NVD
CVSS 3.0
6.5
EPSS
7.6%
CVE-2018-10917 MEDIUM This Month

pulp 2.16.x and possibly older is vulnerable to an improper path parsing. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Path Traversal Pulp
NVD
CVSS 3.0
6.5
EPSS
1.1%
CVE-2018-13394 MEDIUM This Month

The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian Questions For Confluence
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-13393 MEDIUM This Month

The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atlassian Questions For Confluence
NVD
CVSS 3.0
6.5
EPSS
0.8%
CVE-2018-0386 MEDIUM This Month

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Cisco Hosted Collaboration Solution Unified Communications Domain Manager
NVD
CVSS 3.0
6.1
EPSS
1.8%
CVE-2018-9129 MEDIUM PATCH This Month

ZyXEL ZyWALL/USG series devices have a Bleichenbacher vulnerability in their Internet Key Exchange (IKE) handshake implementation used for IPsec based VPN connections. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Microsoft Zyxel Information Disclosure Zywall 110 Firmware Zywall 1100 Firmware +15
NVD
CVSS 3.0
5.9
EPSS
1.0%
CVE-2018-8753 MEDIUM This Month

The IKEv1 implementation in Clavister cOS Core before 11.00.11, 11.20.xx before 11.20.06, and 12.00.xx before 12.00.09 allows remote attackers to decrypt RSA-encrypted nonces by leveraging a. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Cos Core
NVD
CVSS 3.0
5.9
EPSS
1.6%
CVE-2018-8382 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka "Microsoft Excel Information Disclosure Vulnerability." This affects Microsoft. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Excel Excel 2013 Rt Excel Viewer +2
NVD
CVSS 3.0
5.5
EPSS
12.3%
CVE-2018-8378 MEDIUM PATCH This Month

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka "Microsoft. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Microsoft Information Disclosure Buffer Overflow Excel Viewer Office +7
NVD
CVSS 3.0
5.5
EPSS
8.2%
CVE-2018-0367 MEDIUM This Month

A vulnerability in the web-based management interface of the Cisco Registered Envelope Service could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Cisco Registered Envelope Service
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2018-0412 MEDIUM This Month

A vulnerability in the implementation of Extensible Authentication Protocol over LAN (EAPOL) functionality in Cisco Small Business 100 Series Wireless Access Points and Cisco Small Business 300. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Microsoft Information Disclosure Cisco Wap121 Firmware Wap125 Firmware +6
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2018-8204 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
1.4%
CVE-2018-8200 MEDIUM PATCH This Month

A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
1.4%
CVE-2018-8396 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 7 Windows Server 2008
NVD
CVSS 3.0
4.7
EPSS
2.4%
CVE-2018-8348 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
4.7
EPSS
2.6%
CVE-2018-8341 MEDIUM PATCH This Month

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
4.7
EPSS
2.6%
CVE-2018-14780 MEDIUM This Month

An out-of-bounds read issue was discovered in the Yubico-Piv 1.5.0 smartcard driver. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Piv Manager Piv Tool Smart Card Minidriver
NVD
CVSS 3.0
4.6
EPSS
0.4%
CVE-2018-8253 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists when Microsoft Cortana allows arbitrary website browsing on the lockscreen, aka "Microsoft Cortana Elevation of Privilege Vulnerability." This affects. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
4.6
EPSS
1.8%
CVE-2018-8388 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Edge
NVD
CVSS 3.0
4.3
EPSS
3.6%
CVE-2018-8383 MEDIUM PATCH This Month

A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka "Microsoft Edge Spoofing Vulnerability." This affects Microsoft Edge. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Edge
NVD
CVSS 3.0
4.3
EPSS
6.2%
CVE-2018-8374 MEDIUM PATCH This Month

A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Information Disclosure Exchange Server
NVD
CVSS 3.0
4.3
EPSS
3.0%
CVE-2018-8358 MEDIUM PATCH This Month

A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Microsoft Edge
NVD
CVSS 3.0
4.3
EPSS
5.4%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy