Vulnerabilities > Microsoft > Windows 8 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-30 | CVE-2019-19161 | Untrusted Search Path vulnerability in Cymiinstaller322 Activex Project Cymiinstaller322 Activex CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. | 6.5 |
| 2020-06-29 | CVE-2019-19160 | Insufficient Verification of Data Authenticity vulnerability in Cabsoftware Reportexpress Proplus Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp). | 6.5 |
| 2020-04-29 | CVE-2019-19165 | Download of Code Without Integrity Check vulnerability in Inogard Activex AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method. | 6.5 |
| 2019-01-09 | CVE-2018-16183 | Unquoted Search Path or Element vulnerability in Panasonic products An unquoted search path vulnerability in some pre-installed applications on Panasonic PC run on Windows 7 (32bit), Windows 7 (64bit), Windows 8 (64bit), Windows 8.1 (64bit), Windows 10 (64bit) delivered in or later than October 2009 allow local users to gain privileges via a Trojan horse executable file and execute arbitrary code with eleveted privileges. | 6.8 |
| 2018-11-15 | CVE-2018-16160 | Improper Authentication vulnerability in Ftsafe Securecore 2.0 SecureCore Standard Edition Version 2.x allows an attacker to bypass the product 's authentication to log in to a Windows PC. | 4.6 |
| 2018-04-26 | CVE-2017-14010 | Uncontrolled Search Path Element vulnerability in Spidercontrol Scada Microbrowser 1.6.30.144 In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions 1.6.30.144 and prior, an uncontrolled search path element vulnerability has been identified which could be exploited by placing a specially crafted DLL file in the search path. | 6.8 |
| 2018-02-26 | CVE-2018-7249 | Use After Free vulnerability in multiple products An issue was discovered in secdrv.sys as shipped in Microsoft Windows Vista, Windows 7, Windows 8, and Windows 8.1 before KB3086255, and as shipped in Macrovision SafeDisc. | 6.9 |
| 2016-01-13 | CVE-2016-0018 | Untrusted Search Path vulnerability in Microsoft products Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." | 6.9 |
| 2016-01-13 | CVE-2016-0008 | Information Exposure vulnerability in Microsoft products The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows GDI32.dll ASLR Bypass Vulnerability." | 4.3 |
| 2016-01-13 | CVE-2016-0007 | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0006. | 6.9 |