# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
16651 |
CVE-2018-1063 |
59 |
|
|
2018-03-02 |
2018-04-11 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11. |
16652 |
CVE-2018-1062 |
200 |
|
+Info |
2018-03-06 |
2019-10-09 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM. |
16653 |
CVE-2018-1061 |
|
|
DoS |
2018-06-19 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. |
16654 |
CVE-2018-1060 |
|
|
DoS |
2018-06-18 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. |
16655 |
CVE-2018-1059 |
200 |
|
+Info |
2018-04-24 |
2018-08-21 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
The DPDK vhost-user interface does not check to verify that all the requested guest physical range is mapped and contiguous when performing Guest Physical Addresses to Host Virtual Addresses translations. This may lead to a malicious guest exposing vhost-user backend process memory. All versions before 18.02.1 are vulnerable. |
16656 |
CVE-2018-1058 |
|
|
Exec Code |
2018-03-02 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. |
16657 |
CVE-2018-1057 |
732 |
|
|
2018-03-13 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). |
16658 |
CVE-2018-1056 |
125 |
|
|
2018-07-27 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files. |
16659 |
CVE-2018-1054 |
125 |
|
DoS |
2018-03-07 |
2018-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. |
16660 |
CVE-2018-1053 |
732 |
|
|
2018-02-09 |
2019-10-09 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before 9.5.11, 9.6.x before 9.6.7 and 10.x before 10.2, pg_upgrade creates file in current working directory containing the output of `pg_dumpall -g` under umask which was in effect when the user invoked pg_upgrade, and not under 0077 which is normally used for other temporary files. This can allow an authenticated attacker to read or modify the one file, which may contain encrypted or unencrypted database passwords. The attack is infeasible if a directory mode blocks the attacker searching the current working directory or if the prevailing umask blocks the attacker opening the file. |
16661 |
CVE-2018-1052 |
200 |
|
+Info |
2018-02-09 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table. |
16662 |
CVE-2018-1051 |
502 |
|
|
2018-01-25 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. |
16663 |
CVE-2018-1050 |
20 |
|
DoS |
2018-03-13 |
2019-04-09 |
2.9 |
None |
Local Network |
Medium |
Not required |
None |
None |
Partial |
All versions of Samba from 4.0.0 onwards are vulnerable to a denial of service attack when the RPC spoolss service is configured to be run as an external daemon. Missing input sanitization checks on some of the input parameters to spoolss RPC calls could cause the print spooler service to crash. |
16664 |
CVE-2018-1049 |
362 |
|
DoS |
2018-02-16 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. |
16665 |
CVE-2018-1048 |
22 |
|
Dir. Trav. |
2018-01-24 |
2018-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. |
16666 |
CVE-2018-1047 |
22 |
|
Dir. Trav. |
2018-01-24 |
2019-10-09 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A flaw was found in Wildfly 9.x. A path traversal vulnerability through the org.wildfly.extension.undertow.deployment.ServletResourceManager.getResource method could lead to information disclosure of arbitrary local files. |
16667 |
CVE-2018-1045 |
79 |
|
XSS |
2018-01-22 |
2018-02-05 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
In Moodle 3.x, there is XSS via a calendar event name. |
16668 |
CVE-2018-1044 |
200 |
|
+Info |
2018-01-22 |
2018-02-05 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. |
16669 |
CVE-2018-1043 |
|
|
Bypass |
2018-01-22 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. |
16670 |
CVE-2018-1042 |
918 |
|
|
2018-01-22 |
2019-07-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Moodle 3.x has Server Side Request Forgery in the filepicker. |
16671 |
CVE-2018-1041 |
835 |
|
DoS |
2018-02-15 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. |
16672 |
CVE-2018-1040 |
|
|
DoS |
2018-06-14 |
2019-10-02 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka "Windows Code Integrity Module Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
16673 |
CVE-2018-1039 |
|
|
Bypass |
2018-05-09 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. |
16674 |
CVE-2018-1037 |
200 |
|
+Info |
2018-04-11 |
2018-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio. |
16675 |
CVE-2018-1036 |
732 |
|
|
2018-06-14 |
2019-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
16676 |
CVE-2018-1035 |
|
|
Bypass |
2018-04-18 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers. |
16677 |
CVE-2018-1034 |
79 |
|
XSS |
2018-04-11 |
2019-10-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1032. |
16678 |
CVE-2018-1032 |
79 |
|
XSS |
2018-04-11 |
2019-10-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1014, CVE-2018-1034. |
16679 |
CVE-2018-1025 |
200 |
|
+Info |
2018-05-09 |
2018-06-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge. |
16680 |
CVE-2018-1021 |
200 |
|
+Info |
2018-05-09 |
2018-06-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123. |
16681 |
CVE-2018-1014 |
79 |
|
XSS |
2018-04-11 |
2019-10-02 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1032, CVE-2018-1034. |
16682 |
CVE-2018-1008 |
|
|
|
2018-04-11 |
2019-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
16683 |
CVE-2018-1007 |
200 |
|
+Info |
2018-04-11 |
2018-05-16 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka "Microsoft Office Information Disclosure Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-0950. |
16684 |
CVE-2018-1005 |
79 |
|
XSS |
2018-04-11 |
2019-10-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1014, CVE-2018-1032, CVE-2018-1034. |
16685 |
CVE-2018-1000 |
200 |
|
+Info |
2018-04-11 |
2018-05-16 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-0989. |
16686 |
CVE-2018-0998 |
200 |
|
+Info |
2018-04-11 |
2018-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892. |
16687 |
CVE-2018-0989 |
200 |
|
+Info |
2018-04-11 |
2018-05-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0987, CVE-2018-1000. |
16688 |
CVE-2018-0987 |
200 |
|
+Info |
2018-04-11 |
2018-05-16 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0981, CVE-2018-0989, CVE-2018-1000. |
16689 |
CVE-2018-0983 |
|
|
|
2018-03-14 |
2019-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability". |
16690 |
CVE-2018-0982 |
732 |
|
|
2018-06-14 |
2019-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka "Windows Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. |
16691 |
CVE-2018-0981 |
200 |
|
+Info |
2018-04-11 |
2018-05-16 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0987, CVE-2018-0989, CVE-2018-1000. |
16692 |
CVE-2018-0977 |
|
|
|
2018-03-14 |
2019-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects are handled in memory, aka "Win32k Elevation of Privilege Vulnerability". |
16693 |
CVE-2018-0976 |
|
|
DoS |
2018-04-11 |
2019-10-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
A denial of service vulnerability exists in Remote Desktop Protocol (RDP) when an attacker connects to the target system using RDP and sends specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
16694 |
CVE-2018-0975 |
200 |
|
Bypass +Info |
2018-04-11 |
2018-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974. |
16695 |
CVE-2018-0974 |
200 |
|
Bypass +Info |
2018-04-11 |
2018-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0975. |
16696 |
CVE-2018-0973 |
200 |
|
Bypass +Info |
2018-04-11 |
2018-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0974, CVE-2018-0975. |
16697 |
CVE-2018-0972 |
200 |
|
Bypass +Info |
2018-04-11 |
2018-05-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0971, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. |
16698 |
CVE-2018-0971 |
200 |
|
Bypass +Info |
2018-04-11 |
2018-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0970, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. |
16699 |
CVE-2018-0970 |
200 |
|
Bypass +Info |
2018-04-11 |
2018-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0969, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. |
16700 |
CVE-2018-0969 |
200 |
|
Bypass +Info |
2018-04-11 |
2018-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka "Windows Kernel Information Disclosure Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0887, CVE-2018-0960, CVE-2018-0968, CVE-2018-0970, CVE-2018-0971, CVE-2018-0972, CVE-2018-0973, CVE-2018-0974, CVE-2018-0975. |