CVSS: 9.0EPSS: 7%CPEs: 14EXPL: 0CVE-2018-8450
https://notcve.org/view.php?id=CVE-2018-8450
A remote code execution vulnerability exists when Windows Search handles objects in memory, aka "Windows Search Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. Existe una vulnerabilidad de ejecución remota de código cuando Windows Search gestiona los objetos en la memoria. Esto también se conoce como "Windows Search Remote Code Execution Vulnerability". Esto afecta a Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 y Windows 10 Servers. • http://www.securityfocus.com/bid/105797 http://www.securitytracker.com/id/1042117 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8450 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2018-8485
https://notcve.org/view.php?id=CVE-2018-8485
An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka "DirectX Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8554, CVE-2018-8561. Existe una vulnerabilidad de elevación de privilegios cuando DirectX gestiona incorrectamente los objetos en la memoria. Esto también se conoce como "DirectX Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/105770 http://www.securitytracker.com/id/1042124 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8485 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.3EPSS: 94%CPEs: 17EXPL: 1CVE-2018-8544 – Microsoft Windows VBScript Class_Terminate Scripting.Dictionary Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8544
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. Existe una vulnerabilidad de ejecución remota de código debido a la forma en la que el motor VBScript gestiona los objetos en la memoria. Esto también se conoce como "Windows VBScript Engine Remote Code Execution Vulnerability". Esto afecta a Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10 y Windows 10 Servers. • https://www.exploit-db.com/exploits/45923 http://www.securityfocus.com/bid/105787 http://www.securitytracker.com/id/1042118 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8544 • CWE-416: Use After Free •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2018-8547
https://notcve.org/view.php?id=CVE-2018-8547
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Active Directory Federation Services XSS Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. Existe una vulnerabilidad Cross-Site Scripting (XSS) cuando una personalización de origen abierta para Microsoft Active Directory Federation Services (AD FS) no sanea correctamente una petición web especialmente manipulada a un servidor AD FS. Esto también se conoce como "Active Directory Federation Services XSS Vulnerability". Esto afecta a Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10 y Windows 10 Servers. • http://www.securityfocus.com/bid/105801 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8547 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-8549
https://notcve.org/view.php?id=CVE-2018-8549
A security feature bypass exists when Windows incorrectly validates kernel driver signatures, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. Existe una omisión de la característica de seguridad cuando Windows valida incorrectamente las firmas del controlador del kernel. Esto también se conoce como "Windows Security Feature Bypass Vulnerability". Esto afecta a Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10 y Windows 10 Servers. • http://www.securityfocus.com/bid/105803 http://www.securitytracker.com/id/1042138 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8549 •