CVSS: 7.6EPSS: 86%CPEs: 16EXPL: 2CVE-2018-8353 – Microsoft Windows - JScript RegExp.lastIndex Use-After-Free
https://notcve.org/view.php?id=CVE-2018-8353
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. Existe una vulnerabilidad de ejecución remota de código que se manifiesta en la forma en la que el motor de scripting gestiona los objetos en la memoria en Internet Explorer. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". • https://www.exploit-db.com/exploits/45279 https://github.com/whereisr0da/CVE-2018-8353-POC http://www.securityfocus.com/bid/105034 http://www.securitytracker.com/id/1041483 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8353 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2018-8343
https://notcve.org/view.php?id=CVE-2018-8343
An elevation of privilege vulnerability exists in the Network Driver Interface Specification (NDIS) when ndis.sys fails to check the length of a buffer prior to copying memory to it, aka "Windows NDIS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8342. Existe una vulnerabilidad de elevación de privilegios en Network Driver Interface Specification (NDIS) cuando ndis.sys no comprueba correctamente la longitud de un búfer antes de copiar memoria en él. Esto también se conoce como "Windows NDIS Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/104982 http://www.securitytracker.com/id/1041466 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8343 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.6EPSS: 6%CPEs: 16EXPL: 0CVE-2018-8389
https://notcve.org/view.php?id=CVE-2018-8389
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8390. Existe una vulnerabilidad de ejecución remota de código que se manifiesta en la forma en la que el motor de scripting gestiona los objetos en la memoria en Internet Explorer. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/105036 http://www.securitytracker.com/id/1041483 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8389 • CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 15EXPL: 0CVE-2018-8348
https://notcve.org/view.php?id=CVE-2018-8348
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8341. Existe una vulnerabilidad de divulgación de información cuando el kernel de Windows gestiona incorrectamente los objetos en la memoria. Esto también se conoce como "Windows Kernel Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/104992 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8348 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 53EXPL: 0CVE-2018-8360
https://notcve.org/view.php?id=CVE-2018-8360
An information disclosure vulnerability exists in Microsoft .NET Framework that could allow an attacker to access information in multi-tenant environments, aka ".NET Framework Information Disclosure Vulnerability." This affects Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. Existe una vulnerabilidad de divulgación de información en Microsoft .NET Framework que podría permitir que un atacante acceda a información en entornos multitenant. Esto también se conoce como ".NET Framework Information Disclosure Vulnerability". Esto afecta Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 2.0 y Microsoft .NET Framework 4.6/4.6.1/4.6.2. • http://www.securityfocus.com/bid/104986 http://www.securitytracker.com/id/1041462 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8360 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •