Windows 8 Security Vulnerabilities
The issue was addressed with improved checks. This issue is fixed in iTunes 12.13.2 for Windows. Parsing a file may lead to an unexpected app termination or arbitrary code...
7AI Score
0.0004EPSS
A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate...
6.7CVSS
8.5AI Score
0.0004EPSS
A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary...
6.4CVSS
7.6AI Score
0.0004EPSS
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system.....
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
8.4AI Score
0.001EPSS
7.8CVSS
8.4AI Score
0.001EPSS
5.5CVSS
6.3AI Score
0.0005EPSS
7.8CVSS
8.4AI Score
0.001EPSS
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October...
A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of...
5.5CVSS
6.7AI Score
0.001EPSS
Windows 7 is vulnerable to a full blind TCP/IP hijacking attack. The vulnerability exists in Windows 7 (any Windows until Windows 8) and in any implementation of TCP/IP, which is vulnerable to the Idle scan attack (including many IoT devices). NOTE: The vendor considers this a low severity...
6.5CVSS
6.4AI Score
0.003EPSS
A vulnerability, which was classified as problematic, has been found in Twister Antivirus 8. This issue affects the function 0x804f2158/0x804f2154/0x804f2150/0x804f215c/0x804f2160/0x80800040/0x804f214c/0x804f2148/0x804f2144/0x801120e4/0x804f213c/0x804f2140 in the library filppd.sys of the...
5.5CVSS
5.5AI Score
0.0004EPSS
A vulnerability classified as critical was found in Twister Antivirus 8. This vulnerability affects the function 0x804f2143/0x804f217f/0x804f214b/0x80800043 in the library filppd.sys of the component IoControlCode Handler. The manipulation leads to memory corruption. Local access is required to...
7.8CVSS
7.6AI Score
0.0004EPSS
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem...
7.8CVSS
7.5AI Score
0.0004EPSS
An issue was discovered in the rollback feature of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem...
7.8CVSS
7.5AI Score
0.0004EPSS
An issue was discovered in the quarantine feature of Elastic Endpoint Security and Elastic Endgame for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem...
7.8CVSS
7.5AI Score
0.0004EPSS
Path traversal in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local...
7.8CVSS
7.7AI Score
0.0004EPSS
Uncontrolled search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local...
7.3CVSS
7.3AI Score
0.0004EPSS
Unquoted search path in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local...
7.3CVSS
7.3AI Score
0.0004EPSS
Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters...
7AI Score
0.001EPSS
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted...
6.9AI Score
0.295EPSS
F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft Exchange 9 and earlier, and for MIMEsweeper 5.61 and earlier; Internet Gatekeeper for Windows 6.61 and earlier, and for Linux 4.02 and earlier; Anti-Virus 2010 and earlier; Home Server Security 2009; Protection Service for...
6.8AI Score
0.004EPSS
Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote...
5.9AI Score
0.001EPSS
Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest...
6.8AI Score
0.088EPSS
Unspecified vulnerability in Microsoft Windows 8 allows remote attackers to cause a denial of service (reboot) or possibly have unknown other impact via a crafted TrueType Font (TTF) file, as demonstrated by the 120612-69701-01.dmp error...
7.3AI Score
0.007EPSS
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity...
6.8AI Score
0.004EPSS
Microsoft Windows Modern Mail allows remote attackers to spoof link targets via a crafted HTML e-mail...
6.5AI Score
0.019EPSS
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and...
6.9AI Score
0.001EPSS
DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which...
6.2AI Score
0.001EPSS
Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to...
7.8CVSS
7.4AI Score
0.001EPSS
Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to...
7.8CVSS
7.4AI Score
0.001EPSS
Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim...
7.8CVSS
7.7AI Score
0.002EPSS
Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim...
7.8CVSS
7.7AI Score
0.002EPSS
Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...
7.8CVSS
7.7AI Score
0.003EPSS
Adobe FrameMaker versions 2019 Update 8 (and earlier) and 2020 Update 4 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue.....
5.5CVSS
5.1AI Score
0.002EPSS
A local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem...
7.8CVSS
7.7AI Score
0.0004EPSS
A vulnerability was found in Viscosity 1.6.7. It has been classified as critical. This affects an unknown part of the component DLL Handler. The manipulation leads to untrusted search path. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...
8.8CVSS
7.7AI Score
0.001EPSS
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library which has a buffer overflow vulnerability that may allow users able to connect to a named pipe to execute commands on the Windows agent...
8.8CVSS
9.1AI Score
0.001EPSS
Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log...
8.8CVSS
8.7AI Score
0.001EPSS
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code...
7.8CVSS
8.5AI Score
0.001EPSS
This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code...
7.8CVSS
7.9AI Score
0.001EPSS
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of...
3.3CVSS
4.2AI Score
0.003EPSS
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of...
3.3CVSS
4.2AI Score
0.003EPSS
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a use-after-free vulnerability in the processing of a malformed PDF file that could result in disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a....
4.3CVSS
4.9AI Score
0.004EPSS
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim....
7.8CVSS
7.7AI Score
0.002EPSS
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction...
7.8CVSS
7.8AI Score
0.004EPSS
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim....
7.8CVSS
7.7AI Score
0.001EPSS
Adobe Framemaker versions 2019 Update 8 (and earlier) and 2020 Release Update 2 (and earlier) are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction...
7.8CVSS
7.8AI Score
0.004EPSS
Improper access control in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local...
6.7CVSS
6.6AI Score
0.0004EPSS
Improper buffer restrictions in system firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local...
6.7CVSS
6.7AI Score
0.0004EPSS