Filtered by vendor Microsoft Subscriptions
Filtered by product Windows 8 Subscriptions
Total 324 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2020-7808 2 Microsoft, Raonwiz 4 Windows 10, Windows 7, Windows 8 and 1 more 2024-11-21 8.7 High
In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it.
CVE-2020-7804 2 Handysoft, Microsoft 4 Groupware, Windows 10, Windows 7 and 1 more 2024-11-21 6.4 Medium
ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.
CVE-2019-19165 2 Inogard, Microsoft 4 Activex, Windows 10, Windows 7 and 1 more 2024-11-21 7.2 High
AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. Download of Code Without Integrity Check vulnerability in ActiveX control of Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) allows ATTACKER to cause a file download to Windows user's folder and execute. This issue affects: Inogard Co,,LTD Ebiz4u ActiveX of Inogard Co,,LTD(AxECM.cab) version 1.0.5.0 and later versions on windows 7/8/10.
CVE-2019-19161 2 Cymiinstaller322 Activex Project, Microsoft 4 Cymiinstaller322 Activex, Windows 10, Windows 7 and 1 more 2024-11-21 7.2 High
CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in downloading files by CyMiInstaller322 ActiveX caused by an attacker to download randomly generated DLL files and MIPLATFORM to load those DLLs due to insufficient verification.
CVE-2019-19160 2 Cabsoftware, Microsoft 4 Reportexpress Proplus, Windows 10, Windows 7 and 1 more 2024-11-21 5.7 Medium
Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp).
CVE-2019-14678 6 Hp, Ibm, Linux and 3 more 15 Hp-ux, Aix, Z\/os and 12 more 2024-11-21 10.0 Critical
SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Server Side Request Forgery, and/or Potential Denial of Service attacks. This vulnerability also affects the XMLV2 LIBNAME engine when the AUTOMAP option is used.
CVE-2018-7250 2 Microsoft, Tivo 5 Windows 7, Windows 8, Windows 8.1 and 2 more 2024-11-21 N/A
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. An uninitialized kernel pool allocation in IOCTL 0xCA002813 allows a local unprivileged attacker to leak 16 bits of uninitialized kernel PagedPool data.
CVE-2018-7249 2 Microsoft, Tivo 5 Windows 7, Windows 8, Windows 8.1 and 2 more 2024-11-21 N/A
An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. Two carefully timed calls to IOCTL 0xCA002813 can cause a race condition that leads to a use-after-free. When exploited, an unprivileged attacker can run arbitrary code in the kernel.
CVE-2018-6947 2 Microsoft, Nomachine 4 Windows 10, Windows 7, Windows 8 and 1 more 2024-11-21 N/A
An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 (32 and 64bit), and denial of service for Windows 8 and 10.
CVE-2018-16183 2 Microsoft, Panasonic 6 Windows 10, Windows 7, Windows 8 and 3 more 2024-11-21 N/A
An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges.
CVE-2018-16160 2 Ftsafe, Microsoft 3 Securecore, Windows 8, Windows 8.1 2024-11-21 N/A
SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC.
CVE-2017-3762 2 Lenovo, Microsoft 4 Fingerprint Manager Pro, Windows 7, Windows 8 and 1 more 2024-11-21 N/A
Sensitive data stored by Lenovo Fingerprint Manager Pro, version 8.01.86 and earlier, including users' Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system in which it is installed.
CVE-2017-14010 2 Microsoft, Spidercontrol 6 Windows 10, Windows 7, Windows 8 and 3 more 2024-11-21 N/A
In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. If the malicious DLL is loaded prior to the valid DLL, an attacker could execute arbitrary code on the system.
CVE-2017-0050 1 Microsoft 8 Windows 10, Windows 7, Windows 8 and 5 more 2024-11-21 N/A
The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
CVE-2016-0959 6 Adobe, Apple, Google and 3 more 16 Air, Air Sdk, Air Sdk \& Compiler and 13 more 2024-11-21 N/A
Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233.
CVE-2016-0018 1 Microsoft 5 Windows 10, Windows 7, Windows 8 and 2 more 2024-11-21 N/A
Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
CVE-2016-0016 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2024-11-21 N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
CVE-2016-0015 1 Microsoft 7 Windows 10, Windows 7, Windows 8 and 4 more 2024-11-21 N/A
DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "DirectShow Heap Corruption Remote Code Execution Vulnerability."
CVE-2016-0014 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2024-11-21 N/A
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Elevation of Privilege Vulnerability."
CVE-2016-0008 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2024-11-21 N/A
The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows GDI32.dll ASLR Bypass Vulnerability."