CVSS: 4.3EPSS: 9%CPEs: 14EXPL: 1CVE-2018-0878 – Microsoft Windows Remote Assistance XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-0878
Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to how XML External Entities (XXE) are processed, aka "Windows Remote Assistance Information Disclosure Vulnerability". Windows Remote Assistance en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1 y RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server en su versión 1709 permite una vulnerabilidad de divulgación de información debido a la forma en la que se procesan los XEE (XML External Entity). Esto también se conoce como "Windows Remote Assistance Information Disclosure Vulnerability". This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of .msrcIncident Remote Assistance invitation files. • https://www.exploit-db.com/exploits/44352 http://www.securityfocus.com/bid/103230 http://www.securitytracker.com/id/1040519 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0878 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 0CVE-2018-0900
https://notcve.org/view.php?id=CVE-2018-0900
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0901 and CVE-2018-0926. El kernel de Windows en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1 y RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server en su versión 1709 permite una vulnerabilidad de divulgación de información debido a la forma en la que se gestionan las direcciones de memoria. Esto también se conoce como "Windows Kernel Information Disclosure Vulnerability". El ID de este CVE es diferente de CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0901 y CVE-2018-0926. • http://www.securityfocus.com/bid/103244 http://www.securitytracker.com/id/1040517 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0900 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 14EXPL: 0CVE-2018-0814
https://notcve.org/view.php?id=CVE-2018-0814
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way objects are initialized in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0901 and CVE-2018-0926. El kernel de Windows en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1 y RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server en su versión 1709 permite una vulnerabilidad de divulgación de información debido a la forma en la que se inicializan los objetos en la memoria. Esto también se conoce como "Windows Kernel Information Disclosure Vulnerability". El ID de este CVE es diferente de CVE-2018-0811, CVE-2018-0813, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, CVE-2018-0901 y CVE-2018-0926. • http://www.securityfocus.com/bid/103251 http://www.securitytracker.com/id/1040517 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0814 • CWE-665: Improper Initialization •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2018-0929 – Microsoft Internet Explorer VML textpath Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-0929
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow information disclosure, due to how Internet Explorer handles objects in memory, aka "Internet Explorer Information Disclosure Vulnerability". Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 SP2 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703, 1709 y Windows Server 2016 permite la divulgación de información por la manera en la que Internet Explorer gestiona los objetos en la memoria. Esto también se conoce como "Internet Explorer Information Disclosure Vulnerability". This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of VML markup that displays text along a path. • http://www.securityfocus.com/bid/103299 http://www.securitytracker.com/id/1040510 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0929 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.7EPSS: 0%CPEs: 14EXPL: 1CVE-2018-0901 – Microsoft Windows Kernel - 'nt!NtWaitForDebugEvent' 64-bit Stack Memory Disclosure
https://notcve.org/view.php?id=CVE-2018-0901
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an information disclosure vulnerability due to the way memory addresses are handled, aka "Windows Kernel Information Disclosure Vulnerability". This CVE is unique from CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900, and CVE-2018-0926. El kernel de Windows en Microsoft Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1 y RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server en su versión 1709 permite una vulnerabilidad de divulgación de información debido a la forma en la que se gestionan las direcciones de memoria. Esto también se conoce como "Windows Kernel Information Disclosure Vulnerability". El ID de este CVE es diferente de CVE-2018-0811, CVE-2018-0813, CVE-2018-0814, CVE-2018-0894, CVE-2018-0895, CVE-2018-0896, CVE-2018-0897, CVE-2018-0898, CVE-2018-0899, CVE-2018-0900 y CVE-2018-0926. • https://www.exploit-db.com/exploits/44311 http://www.securityfocus.com/bid/103245 http://www.securitytracker.com/id/1040517 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0901 • CWE-401: Missing Release of Memory after Effective Lifetime CWE-665: Improper Initialization •