CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2018-8335
https://notcve.org/view.php?id=CVE-2018-8335
A denial of service vulnerability exists in the Microsoft Server Block Message (SMB) when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. Existe una vulnerabilidad de denegación de servicio (DoS) en Microsoft Server Block Message (SBM) cuando un atacante envía peticiones especialmente manipuladas al servidor. Esto también se conoce como "Windows SMB Denial of Service Vulnerability". Esto afecta a Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10 y Windows 10 Servers. • http://www.securityfocus.com/bid/105224 http://www.securitytracker.com/id/1041634 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8335 •
CVSS: 6.1EPSS: 0%CPEs: 12EXPL: 0CVE-2018-8470
https://notcve.org/view.php?id=CVE-2018-8470
A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11. Existe una vulnerabilidad de omisión de la característica de seguridad en Internet Explorer debido a la forma en la que se gestionan los scripts que permite una condición de Cross-Site Scripting Universal (UXSS). Esto también se conoce como "Internet Explorer Security Feature Bypass Vulnerability". Esto afecta a Internet Explorer 11. • http://www.securityfocus.com/bid/105267 http://www.securitytracker.com/id/1041632 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8470 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 19%CPEs: 67EXPL: 1CVE-2018-8284
https://notcve.org/view.php?id=CVE-2018-8284
A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka ".NET Framework Remote Code Injection Vulnerability." This affects Microsoft .NET Framework 2.0, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2. Existe una vulnerabilidad de ejecución remota de código cuando Microsoft .NET Framework no valida las entradas correctamente. Esto también se conoce como ".NET Framework Remote Code Injection Vulnerability". Esto afecta a Microsoft .NET Framework 2.0; Microsoft .NET Framework 3.0; Microsoft .NET Framework 4.6.2, 4.7, 4.7.1 y 4.7.2; Microsoft .NET Framework 4.5.2; Microsoft .NET Framework 4.6; Microsoft .NET Framework 4.7, 4.7.1 y 4.7.2; Microsoft .NET Framework 4.7.1 y 4.7.2; Microsoft .NET Framework 3.5; Microsoft .NET Framework 3.5.1; Microsoft .NET Framework 4.6, 4.6.1 y 4.6.2; Microsoft .NET Framework 4.6,4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.1 y 4.7.2 y Microsoft .NET Framework 4.7.2. • https://github.com/quantiti/CVE-2018-8284-Sharepoint-RCE http://www.securityfocus.com/bid/104667 http://www.securitytracker.com/id/1041257 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8284 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 94%CPEs: 22EXPL: 1CVE-2018-0986 – Microsoft Windows Defender - 'mpengine.dll' Memory Corruption
https://notcve.org/view.php?id=CVE-2018-0986
A remote code execution vulnerability exists when the Microsoft Malware Protection Engine does not properly scan a specially crafted file, leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability." This affects Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center, Microsoft Forefront Endpoint Protection. Existe una vulnerabilidad de ejecución remota de código cuando Microsoft Malware Protection Engine no escanea correctamente un archivo especialmente manipulado. Esto desemboca en una corrupción de memoria, también conocida como "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". Esto afecta a Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center Endpoint Protection, Microsoft Exchange Server, Microsoft System Center y Microsoft Forefront Endpoint Protection. • https://www.exploit-db.com/exploits/44402 http://www.securityfocus.com/bid/103593 http://www.securitytracker.com/id/1040631 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0986 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 16%CPEs: 15EXPL: 0CVE-2017-11940
https://notcve.org/view.php?id=CVE-2017-11940
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to remote code execution. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". This is different than CVE-2017-11937. Microsoft Malware Protection Engine, tal y como se ejecuta en Microsoft Forefront y Microsoft Defender en Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows 10 Gold, 1511, 1607 y 1703, 1709 y Windows Server 2016; Windows Server versión 1709 y Microsoft Exchange Server 2013 y 2016, no escanea correctamente un archivo especialmente manipulado. Esto conduce a la ejecución remota de código. Esto también se conoce como "Microsoft Malware Protection Engine Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/102104 http://www.securitytracker.com/id/1039972 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11940 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •