Vulnerabilities (CVE)

Vendor filter

Microsoft Subscribe

Filter

6038 total CVE
CVE Vendors Products Updated CVSS
CVE-2018-8479 1 Microsoft 2 C Software Development Kit, Java Software Development Kit 2018-12-12 6.8
A spoofing vulnerability exists for the Azure IoT Device Provisioning for the C SDK library using the HTTP protocol on Windows platform, aka "Azure IoT SDK Spoofing Vulnerability." This affects C SDK.
CVE-2018-8292 1 Microsoft 2 Asp.net Core, Powershell Core 2018-12-06 5.0
An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1,...
CVE-2018-8530 1 Microsoft 1 Edge 2018-12-06 4.3
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8512.
CVE-2018-8512 1 Microsoft 1 Edge 2018-12-06 5.8
A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects...
CVE-2018-8509 1 Microsoft 1 Edge 2018-12-06 7.6
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8473.
CVE-2018-8506 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2018-12-06 1.9
An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka "Microsoft Windows Codecs Library Information Disclosure Vulnerability." This affects Windows 10 Servers, Windows 10,...
CVE-2018-8474 1 Microsoft 1 Lync For Mac 2018-12-05 5.0
A security feature bypass vulnerability exists when Lync for Mac 2011 fails to properly sanitize specially crafted messages, aka "Lync for Mac 2011 Security Feature Bypass Vulnerability." This affects Microsoft Lync.
CVE-2018-8570 1 Microsoft 1 Internet Explorer 2018-12-04 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11.
CVE-2018-8413 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2018-12-03 9.3
A remote code execution vulnerability exists when "Windows Theme API" does not properly decompress files, aka "Windows Theme API Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server...
CVE-2018-8432 1 Microsoft 10 Excel Viewer, Office, Office 365 Proplus and 7 more 2018-12-03 9.3
A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka "Microsoft Graphics Components Remote Code Execution Vulnerability." This affects Windows 7, Microsoft Office, Microsoft...
CVE-2018-8453 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2018-12-03 7.2
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,...
CVE-2018-8472 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2018-12-03 2.1
An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka "Windows GDI Information Disclosure...
CVE-2018-8481 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2018-12-03 2.6
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,...
CVE-2018-8482 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2018-12-03 2.6
An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1,...
CVE-2018-8489 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2018-12-03 7.7
A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Remote Code Execution Vulnerability." This affects...
CVE-2017-0135 1 Microsoft 1 Edge 2018-12-03 4.0
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066...
CVE-2015-4000 12 Google, Openssl, Apple and 9 more 25 Safari, Network Security Services, Ie and 22 more 2018-11-30 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a...
CVE-2018-8434 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2018-11-30 5.2
An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Windows Hyper-V Information Disclosure Vulnerability."...
CVE-2018-8492 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2018-11-30 4.6
A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka "Device Guard Code Integrity Policy Security Feature Bypass Vulnerability." This affects...
CVE-2018-8498 1 Microsoft 1 Sharepoint Enterprise Server 2018-11-30 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This...