CVSS: 6.5EPSS: 64%CPEs: 16EXPL: 0CVE-2018-8424 – Microsoft Internet Explorer EMF Graphic Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-8424
An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka "Windows GDI Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8422. Existe una vulnerabilidad de divulgación de información cuando el componente Windows GDI no muestra correctamente los contenidos de su memoria. Esto también se conoce como "Windows GDI Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/105261 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8424 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 18%CPEs: 15EXPL: 0CVE-2018-8393 – Microsoft Windows Jet Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8393
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8392. Existe una vulnerabilidad de desbordamiento de búfer en el motor de base de datos de Microsoft JET que podría permitir la ejecución remota de código en un sistema afectado. Esto también se conoce como "Microsoft JET Database Engine Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/105214 http://www.securitytracker.com/id/1041625 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8393 •
CVSS: 9.3EPSS: 18%CPEs: 15EXPL: 0CVE-2018-8392 – Microsoft Windows Excel Database Driver Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8392
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393. Existe una vulnerabilidad de desbordamiento de búfer en el motor de base de datos de Microsoft JET que podría permitir la ejecución remota de código en un sistema afectado. Esto también se conoce como "Microsoft JET Database Engine Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/105213 http://www.securitytracker.com/id/1041625 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8392 •
CVSS: 5.6EPSS: 0%CPEs: 665EXPL: 5CVE-2018-3639 – AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
https://notcve.org/view.php?id=CVE-2018-3639
Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. Los sistemas con microprocesadores que emplean la ejecución especulativa y que realizan la ejecución especulativa de lecturas de memoria antes de que se conozcan las direcciones de todas las anteriores escrituras de memoria podrían permitir la divulgación no autorizada de información a un atacante con acceso de usuario local mediante un análisis de canal lateral. Esto también se conoce como Speculative Store Bypass (SSB), Variant 4. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). • https://www.exploit-db.com/exploits/44695 https://github.com/mmxsrup/CVE-2018-3639 https://github.com/Shuiliusheng/CVE-2018-3639-specter-v4- https://github.com/malindarathnayake/Intel-CVE-2018-3639-Mitigation_RegistryUpdate http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00058.html http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00007.html http://support.lenovo.com/us/en/solutions/LEN-2213 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 9.3EPSS: 97%CPEs: 42EXPL: 13CVE-2017-8759 – Microsoft .NET Framework Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2017-8759
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 y 4.7 permite que un atacante ejecute código remotamente mediante un documento o aplicación maliciosos. Esto también se conoce como ".NET Framework Remote Code Execution Vulnerability." Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system. • https://www.exploit-db.com/exploits/42711 https://github.com/bhdresh/CVE-2017-8759 https://github.com/Voulnet/CVE-2017-8759-Exploit-sample https://github.com/vysecurity/CVE-2017-8759 https://github.com/nccgroup/CVE-2017-8759 https://github.com/sythass/CVE-2017-8759 https://github.com/JonasUliana/CVE-2017-8759 https://github.com/ashr/CVE-2017-8759-exploits https://github.com/BasuCert/CVE-2017-8759 https://github.com/ChaitanyaHaritash/CVE-2017-8759 https://github.com& •