# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
19701 |
CVE-2018-1067 |
113 |
|
Http R.Spl. |
2018-05-21 |
2019-10-09 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
In Undertow before versions 7.1.2.CR1, 7.1.2.GA it was found that the fix for CVE-2016-4993 was incomplete and Undertow web server is vulnerable to the injection of arbitrary HTTP headers, and also response splitting, due to insufficient sanitization and validation of user input before the input is used as part of an HTTP header value. |
19702 |
CVE-2018-1066 |
476 |
|
|
2018-03-02 |
2019-04-23 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. |
19703 |
CVE-2018-1065 |
476 |
|
DoS |
2018-03-02 |
2018-10-31 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
The netfilter subsystem in the Linux kernel through 4.15.7 mishandles the case of a rule blob that contains a jump but lacks a user-defined chain, which allows local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c. |
19704 |
CVE-2018-1064 |
400 |
|
|
2018-03-28 |
2018-06-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
libvirt version before 4.2.0-rc1 is vulnerable to a resource exhaustion as a result of an incomplete fix for CVE-2018-5748 that affects QEMU monitor but now also triggered via QEMU guest agent. |
19705 |
CVE-2018-1061 |
|
|
DoS |
2018-06-19 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in the difflib.IS_LINE_JUNK method. An attacker could use this flaw to cause denial of service. |
19706 |
CVE-2018-1060 |
|
|
DoS |
2018-06-18 |
2019-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
python before versions 2.7.15, 3.4.9, 3.5.6rc1, 3.6.5rc1 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service. |
19707 |
CVE-2018-1058 |
|
|
Exec Code |
2018-03-02 |
2019-10-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
A flaw was found in the way Postgresql allowed a user to modify the behavior of a query for other users. An attacker with a user account could use this flaw to execute code with the permissions of superuser in the database. Versions 9.3 through 10 are affected. |
19708 |
CVE-2018-1057 |
732 |
|
|
2018-03-13 |
2019-10-02 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 onwards incorrectly validates permissions to modify passwords over LDAP allowing authenticated users to change any other users' passwords, including administrative users and privileged service accounts (eg Domain Controllers). |
19709 |
CVE-2018-1056 |
125 |
|
|
2018-07-27 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
An out-of-bounds heap buffer read flaw was found in the way advancecomp before 2.1-2018/02 handled processing of ZIP files. An attacker could potentially use this flaw to crash the advzip utility by tricking it into processing crafted ZIP files. |
19710 |
CVE-2018-1054 |
125 |
|
DoS |
2018-03-07 |
2018-07-16 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An out-of-bounds memory read flaw was found in the way 389-ds-base handled certain LDAP search filters, affecting all versions including 1.4.x. A remote, unauthenticated attacker could potentially use this flaw to make ns-slapd crash via a specially crafted LDAP request, thus resulting in denial of service. |
19711 |
CVE-2018-1052 |
200 |
|
+Info |
2018-02-09 |
2019-10-09 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Memory disclosure vulnerability in table partitioning was found in postgresql 10.x before 10.2, allowing an authenticated attacker to read arbitrary bytes of server memory via purpose-crafted insert to a partitioned table. |
19712 |
CVE-2018-1051 |
502 |
|
|
2018-01-25 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. |
19713 |
CVE-2018-1049 |
362 |
|
DoS |
2018-02-16 |
2019-10-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
In systemd prior to 234 a race condition exists between .mount and .automount units such that automount requests from kernel may not be serviced by systemd resulting in kernel holding the mountpoint and any processes that try to use said mount will hang. A race condition like this may lead to denial of service, until mount points are unmounted. |
19714 |
CVE-2018-1048 |
22 |
|
Dir. Trav. |
2018-01-24 |
2018-03-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
It was found that the AJP connector in undertow, as shipped in Jboss EAP 7.1.0.GA, does not use the ALLOW_ENCODED_SLASH option and thus allow the the slash / anti-slash characters encoded in the url which may lead to path traversal and result in the information disclosure of arbitrary local files. |
19715 |
CVE-2018-1046 |
119 |
|
Exec Code Overflow |
2018-07-16 |
2019-10-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used. |
19716 |
CVE-2018-1044 |
200 |
|
+Info |
2018-01-22 |
2018-02-05 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
In Moodle 3.x, quiz web services allow students to see quiz results when it is prohibited in the settings. |
19717 |
CVE-2018-1043 |
|
|
Bypass |
2018-01-22 |
2019-10-02 |
4.0 |
None |
Remote |
Low |
Single system |
None |
Partial |
None |
In Moodle 3.x, the setting for blocked hosts list can be bypassed with multiple A record hostnames. |
19718 |
CVE-2018-1042 |
918 |
|
|
2018-01-22 |
2019-07-27 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Moodle 3.x has Server Side Request Forgery in the filepicker. |
19719 |
CVE-2018-1041 |
835 |
|
DoS |
2018-02-15 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop. |
19720 |
CVE-2018-1040 |
|
|
DoS |
2018-06-14 |
2019-10-02 |
5.4 |
None |
Remote |
High |
Not required |
None |
None |
Complete |
A denial of service vulnerability exists in the way that the Windows Code Integrity Module performs hashing, aka "Windows Code Integrity Module Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
19721 |
CVE-2018-1039 |
|
|
Bypass |
2018-05-09 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2. |
19722 |
CVE-2018-1038 |
|
|
|
2018-04-02 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." |
19723 |
CVE-2018-1037 |
200 |
|
+Info |
2018-04-11 |
2018-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio. |
19724 |
CVE-2018-1036 |
732 |
|
|
2018-06-14 |
2019-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability exists when NTFS improperly checks access, aka "NTFS Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
19725 |
CVE-2018-1035 |
|
|
Bypass |
2018-04-18 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows 10, Windows 10 Servers. |
19726 |
CVE-2018-1030 |
|
|
Exec Code |
2018-04-11 |
2019-10-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1026. |
19727 |
CVE-2018-1029 |
119 |
|
Exec Code Overflow |
2018-04-11 |
2018-05-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027. |
19728 |
CVE-2018-1028 |
94 |
|
Exec Code |
2018-04-11 |
2018-05-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists when the Office graphics component improperly handles specially crafted embedded fonts, aka "Microsoft Office Graphics Remote Code Execution Vulnerability." This affects Word, Microsoft Office, Microsoft SharePoint, Excel, Microsoft SharePoint Server. |
19729 |
CVE-2018-1027 |
119 |
|
Exec Code Overflow |
2018-04-11 |
2018-05-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029. |
19730 |
CVE-2018-1026 |
|
|
Exec Code |
2018-04-11 |
2019-10-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka "Microsoft Office Remote Code Execution Vulnerability." This affects Microsoft Office. This CVE ID is unique from CVE-2018-1030. |
19731 |
CVE-2018-1025 |
200 |
|
+Info |
2018-05-09 |
2018-06-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge. |
19732 |
CVE-2018-1023 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-04-11 |
2018-05-15 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. |
19733 |
CVE-2018-1022 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-05-09 |
2018-06-05 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. |
19734 |
CVE-2018-1021 |
200 |
|
+Info |
2018-05-09 |
2018-06-05 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists when Microsoft Edge improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8123. |
19735 |
CVE-2018-1020 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-04-11 |
2018-05-15 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1018. |
19736 |
CVE-2018-1019 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-04-11 |
2018-05-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995. |
19737 |
CVE-2018-1018 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-04-11 |
2018-05-15 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-0870, CVE-2018-0991, CVE-2018-0997, CVE-2018-1020. |
19738 |
CVE-2018-1016 |
20 |
|
Exec Code |
2018-04-11 |
2019-10-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1015. |
19739 |
CVE-2018-1015 |
20 |
|
Exec Code |
2018-04-11 |
2019-10-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1013, CVE-2018-1016. |
19740 |
CVE-2018-1014 |
79 |
|
XSS |
2018-04-11 |
2019-10-02 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-1005, CVE-2018-1032, CVE-2018-1034. |
19741 |
CVE-2018-1013 |
20 |
|
Exec Code |
2018-04-11 |
2019-10-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1012, CVE-2018-1015, CVE-2018-1016. |
19742 |
CVE-2018-1012 |
20 |
|
Exec Code |
2018-04-11 |
2019-10-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1010, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016. |
19743 |
CVE-2018-1011 |
119 |
|
Exec Code Overflow |
2018-04-11 |
2018-05-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1027, CVE-2018-1029. |
19744 |
CVE-2018-1010 |
20 |
|
Exec Code |
2018-04-11 |
2019-10-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka "Microsoft Graphics Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-1012, CVE-2018-1013, CVE-2018-1015, CVE-2018-1016. |
19745 |
CVE-2018-1009 |
|
|
|
2018-04-11 |
2019-10-02 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability exists when Windows improperly handles objects in memory and incorrectly maps kernel memory, aka "Microsoft DirectX Graphics Kernel Subsystem Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. |
19746 |
CVE-2018-1008 |
|
|
|
2018-04-11 |
2019-10-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
An elevation of privilege vulnerability exists in Windows Adobe Type Manager Font Driver (ATMFD.dll) when it fails to properly handle objects in memory, aka "OpenType Font Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. |
19747 |
CVE-2018-1004 |
119 |
|
Exec Code Overflow |
2018-04-11 |
2018-05-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Internet Explorer 9, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. |
19748 |
CVE-2018-1003 |
119 |
|
Exec Code Overflow |
2018-04-11 |
2018-05-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka "Microsoft JET Database Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10. |
19749 |
CVE-2018-1001 |
119 |
|
Exec Code Overflow Mem. Corr. |
2018-04-11 |
2018-05-15 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-0988, CVE-2018-0996. |
19750 |
CVE-2018-0998 |
200 |
|
+Info |
2018-04-11 |
2018-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-0892. |