Lucene search

K

Microsoft Corporation Security Vulnerabilities

cve
cve

CVE-2018-0748

The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way memory...

7.8CVSS

5.5AI Score

0.003EPSS

2018-01-04 02:29 PM
108
cve
cve

CVE-2018-0749

The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability.....

7.8CVSS

5.5AI Score

0.004EPSS

2018-01-04 02:29 PM
119
cve
cve

CVE-2016-1203

Improper file verification vulnerability in SaAT Netizen installer ver.1.2.0.424 and earlier, and SaAT Netizen ver.1.2.0.8 (Build427) and earlier allows a remote unauthenticated attacker to conduct a man-in-the-middle attack. A successful exploitation may result in a malicious file being...

8.1CVSS

7.9AI Score

0.001EPSS

2023-10-31 01:15 PM
30
cve
cve

CVE-2019-1387

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. Recursive clones are currently affected by a vulnerability that is caused by too-lax validation of submodule names, allowing very targeted attacks via remote code....

8.8CVSS

8.9AI Score

0.036EPSS

2019-12-18 09:15 PM
347
cve
cve

CVE-2019-1353

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. When running Git in the Windows Subsystem for Linux (also known as "WSL") while accessing a working directory on a regular Windows drive, none of the NTFS...

9.8CVSS

9.2AI Score

0.004EPSS

2020-01-24 10:15 PM
176
cve
cve

CVE-2019-1348

An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v2.20.2, v2.19.3, v2.18.2, v2.17.3, v2.16.6, v2.15.4, and v2.14.6. The --export-marks option of git fast-import is exposed also via the in-stream command feature export-marks=... and it allows overwriting arbitrary...

3.3CVSS

6.7AI Score

0.0005EPSS

2020-01-24 10:15 PM
199
cve
cve

CVE-2017-8625

Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to validate UMCI policies, aka "Internet Explorer Security Feature Bypass...

8.8CVSS

8.5AI Score

0.007EPSS

2017-08-08 09:29 PM
42
cve
cve

CVE-2017-11877

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for.....

5.5CVSS

6.2AI Score

0.004EPSS

2017-11-15 03:29 AM
67
cve
cve

CVE-2017-11878

Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run...

7.8CVSS

7.4AI Score

0.005EPSS

2017-11-15 03:29 AM
76
cve
cve

CVE-2017-8631

A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office...

7.8CVSS

7.6AI Score

0.384EPSS

2017-09-13 01:29 AM
79
cve
cve

CVE-2017-0141

A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An...

7.5CVSS

7.9AI Score

0.923EPSS

2017-03-17 12:59 AM
54
cve
cve

CVE-2018-3170

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS

4.9AI Score

0.001EPSS

2018-10-17 01:31 AM
51
cve
cve

CVE-2018-3186

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS

4.9AI Score

0.001EPSS

2018-10-17 01:31 AM
45
cve
cve

CVE-2018-3195

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

5.5CVSS

5.4AI Score

0.001EPSS

2018-10-17 01:31 AM
51
cve
cve

CVE-2019-2502

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 8.0.13 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks.....

4.9CVSS

4.8AI Score

0.002EPSS

2019-01-16 07:30 PM
72
cve
cve

CVE-2018-3182

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

6.5CVSS

6.1AI Score

0.001EPSS

2018-10-17 01:31 AM
54
cve
cve

CVE-2018-3279

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server....

4.9CVSS

4.9AI Score

0.001EPSS

2018-10-17 01:31 AM
64
cve
cve

CVE-2018-3137

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server....

6.5CVSS

6.2AI Score

0.001EPSS

2018-10-17 01:31 AM
65
cve
cve

CVE-2018-3280

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: JSON). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

4.9CVSS

4.8AI Score

0.001EPSS

2018-10-17 01:31 AM
65
cve
cve

CVE-2018-3286

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL...

4.3CVSS

4AI Score

0.001EPSS

2018-10-17 01:31 AM
61
cve
cve

CVE-2018-3285

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Windows). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful....

4.9CVSS

4.8AI Score

0.001EPSS

2018-10-17 01:31 AM
64
cve
cve

CVE-2018-0842

Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka...

7CVSS

6.8AI Score

0.001EPSS

2018-02-15 02:29 AM
97
cve
cve

CVE-2017-0286

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This...

5CVSS

5.1AI Score

0.011EPSS

2017-06-15 01:29 AM
50
cve
cve

CVE-2017-0287

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Graphics Uniscribe Information Disclosure Vulnerability". This....

5CVSS

5.1AI Score

0.011EPSS

2017-06-15 01:29 AM
53
cve
cve

CVE-2017-0289

Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows improper disclosure of memory contents, aka "Windows Graphics Information Disclosure Vulnerability". This...

5CVSS

5.1AI Score

0.011EPSS

2017-06-15 01:29 AM
67
cve
cve

CVE-2017-0284

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows....

5CVSS

4.9AI Score

0.009EPSS

2017-06-15 01:29 AM
62
cve
cve

CVE-2017-0282

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, and Microsoft Office 2010 SP2 allows improper disclosure of memory contents, aka "Windows....

5CVSS

4.9AI Score

0.009EPSS

2017-06-15 01:29 AM
61
cve
cve

CVE-2017-0285

Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016, Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, and Microsoft Office Word Viewer allows improper disclosure of....

5CVSS

4.9AI Score

0.009EPSS

2017-06-15 01:29 AM
55
cve
cve

CVE-2017-0073

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a....

4.3CVSS

4.3AI Score

0.058EPSS

2017-03-17 12:59 AM
86
cve
cve

CVE-2017-0060

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a....

5.5CVSS

4.3AI Score

0.058EPSS

2017-03-17 12:59 AM
66
cve
cve

CVE-2016-0371

The Tivoli Storage Manager (TSM) password may be displayed in plain text via application trace output while application tracing is...

5.5CVSS

5.4AI Score

0.0004EPSS

2017-02-01 09:59 PM
20
cve
cve

CVE-2017-8516

Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, Microsoft SQL Server 2014, and Microsoft SQL Server 2016 allows an information disclosure vulnerability when it improperly enforces permissions, aka "Microsoft SQL Server Analysis Services Information Disclosure...

7.5CVSS

7.1AI Score

0.005EPSS

2017-08-08 09:29 PM
50290
4
cve
cve

CVE-2017-8529

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka...

6.5CVSS

6AI Score

0.002EPSS

2017-06-15 01:29 AM
133
8
cve
cve

CVE-2021-2018

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 18c and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful...

8.3CVSS

8.3AI Score

0.003EPSS

2021-01-20 03:15 PM
40
cve
cve

CVE-2020-5674

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...

7.8CVSS

7.7AI Score

0.001EPSS

2020-11-24 07:15 AM
43
cve
cve

CVE-2019-0122

Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local...

7.1CVSS

6.7AI Score

0.0004EPSS

2019-03-14 08:29 PM
33
cve
cve

CVE-2018-12224

Buffer leakage in igdkm64.sys in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 may allow an authenticated user to potentially enable...

3.3CVSS

5AI Score

0.0004EPSS

2019-03-14 08:29 PM
43
cve
cve

CVE-2018-12210

Multiple pointer dereferences in User Mode Driver in Intel(R) Graphics Driver for Windows* before versions 10.18.x.5059 (aka 15.33.x.5059), 10.18.x.5057 (aka 15.36.x.5057), 20.19.x.5063 (aka 15.40.x.5063) 21.20.x.5064 (aka 15.45.x.5064) and 24.20.100.6373 potentially enables an unprivileged user...

6.5CVSS

6.5AI Score

0.0004EPSS

2019-03-14 08:29 PM
42
cve
cve

CVE-2019-5670

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of.....

7.8CVSS

7.9AI Score

0.0004EPSS

2019-02-27 11:29 PM
33
cve
cve

CVE-2019-5667

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSetRootPageTable in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to code execution, denial of service or escalation of...

7.8CVSS

7.6AI Score

0.0004EPSS

2019-02-27 11:29 PM
27
cve
cve

CVE-2019-5668

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiSubmitCommandVirtual in which the application dereferences a pointer that it expects to be valid, but is NULL, which may lead to denial of service or escalation of...

7.8CVSS

7.5AI Score

0.0004EPSS

2019-02-27 11:29 PM
29
cve
cve

CVE-2019-5665

NVIDIA Windows GPU Display driver contains a vulnerability in the 3D vision component in which the stereo service software, when opening a file, does not check for hard links. This behavior may lead to code execution, denial of service or escalation of...

7.8CVSS

7.6AI Score

0.0004EPSS

2019-02-27 11:29 PM
23
cve
cve

CVE-2019-5671

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape in which the software does not release a resource after its effective lifetime has ended, which may lead to denial of...

5.5CVSS

5.9AI Score

0.0004EPSS

2019-02-27 11:29 PM
26
cve
cve

CVE-2019-5666

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) create context command DDI DxgkDdiCreateContext in which the product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the...

7.8CVSS

6.9AI Score

0.001EPSS

2019-02-27 11:29 PM
29
cve
cve

CVE-2019-5669

NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape in which the software uses a sequential operation to read from or write to a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of.....

7.8CVSS

7.5AI Score

0.0004EPSS

2019-02-27 11:29 PM
28
cve
cve

CVE-2018-18098

Improper file verification in install routine for Intel(R) SGX SDK and Platform Software for Windows before 2.2.100 may allow an escalation of privilege via local...

7.3CVSS

7.4AI Score

0.0004EPSS

2019-01-10 08:29 PM
26
cve
cve

CVE-2018-3703

Improper directory permissions in the installer for the Intel(R) SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local...

7.8CVSS

7.7AI Score

0.0004EPSS

2019-01-10 08:29 PM
25
cve
cve

CVE-2018-16183

An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse...

7.8CVSS

7.9AI Score

0.001EPSS

2019-01-09 11:29 PM
22
cve
cve

CVE-2018-16177

Untrusted search path vulnerability in The installer of Windows 10 Fall Creators Update Modify module for Security Measures tool allows an attacker to gain privileges via a Trojan horse DLL in an unspecified...

7.8CVSS

7.7AI Score

0.001EPSS

2019-01-09 11:29 PM
19
cve
cve

CVE-2018-6263

NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows in which an attacker who has access to a local user account can plant a malicious dynamic link library (DLL) during application installation, which may lead to escalation of...

7.8CVSS

7.6AI Score

0.0004EPSS

2018-11-27 06:29 PM
26
Total number of security vulnerabilities988