CVSS: 7.6EPSS: 14%CPEs: 16EXPL: 0CVE-2018-8267 – Microsoft Windows JScript Error Object Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-8267
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8243. Existe una vulnerabilidad de ejecución remota de código que se manifiesta en la forma en la que el motor de scripting gestiona los objetos en la memoria en Internet Explorer. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/104404 http://www.securitytracker.com/id/1041099 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8267 • CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 12EXPL: 1CVE-2018-8134 – Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation
https://notcve.org/view.php?id=CVE-2018-8134
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. Existe una vulnerabilidad de elevación de privilegios por la forma en la que la API del kernel de Windows aplica los permisos. Esto también se conoce como "Windows Elevation of Privilege Vulnerability". Esto afecta a Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10 y Windows 10 Servers. • https://www.exploit-db.com/exploits/44630 http://www.securityfocus.com/bid/104041 http://www.securitytracker.com/id/1040849 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8134 •
CVSS: 7.5EPSS: 0%CPEs: 55EXPL: 0CVE-2018-0765
https://notcve.org/view.php?id=CVE-2018-0765
A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents, aka ".NET and .NET Core Denial of Service Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0, Microsoft .NET Framework 4.7.2. Existe una vulnerabilidad de denegación de servicio (DoS) cuando .NET y .NET Core gestionan de manera incorrecta documentos XML. Esta vulnerabilidad también se conoce como ".NET and .NET Core Denial of Service Vulnerability". Esto afecta a Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, .NET Core 2.0 y Microsoft .NET Framework 4.7.2. • http://www.securityfocus.com/bid/104060 http://www.securitytracker.com/id/1040851 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0765 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 0CVE-2018-8164 – Microsoft Windows D3DKMTCreateDCFromMemory Memory Corruption Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-8164
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8166. Existe una vulnerabilidad de elevación de privilegios en Windows cuando el componente Win32k no gestiona adecuadamente los objetos en la memoria. Esto también se conoce como "Win32k Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/104033 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8164 • CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.0EPSS: 0%CPEs: 15EXPL: 0CVE-2018-8166
https://notcve.org/view.php?id=CVE-2018-8166
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8120, CVE-2018-8124, CVE-2018-8164. Existe una vulnerabilidad de elevación de privilegios en Windows cuando el componente Win32k no gestiona adecuadamente los objetos en la memoria. Esto también se conoce como "Win32k Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/104062 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8166 • CWE-404: Improper Resource Shutdown or Release •