Vulnerabilities > Microsoft > Windows
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-22 | CVE-2018-1000201 | Untrusted Search Path vulnerability in Ruby-Ffi Project Ruby-Ffi ruby-ffi version 1.9.23 and earlier has a DLL loading issue which can be hijacked on Windows OS, when a Symbol is used as DLL name instead of a String This vulnerability appears to have been fixed in v1.9.24 and later. | 6.8 |
2018-06-21 | CVE-2018-0373 | Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client A vulnerability in vpnva-6.sys for 32-bit Windows and vpnva64-6.sys for 64-bit Windows of Cisco AnyConnect Secure Mobility Client for Windows Desktop could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected system. | 4.9 |
2018-06-14 | CVE-2018-6516 | Unspecified vulnerability in Puppet Enterprise Client Tools On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation. | 6.8 |
2018-06-11 | CVE-2017-7845 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird A buffer overflow occurs when drawing and validating elements using Direct 3D 9 with the ANGLE graphics library, used for WebGL content. | 9.3 |
2018-06-11 | CVE-2017-7804 | Improper Input Validation vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. | 5.0 |
2018-06-11 | CVE-2017-7796 | Improper Input Validation vulnerability in Mozilla Firefox On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. | 3.3 |
2018-06-11 | CVE-2017-7790 | Unspecified vulnerability in Mozilla Firefox On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. | 5.0 |
2018-06-11 | CVE-2017-7782 | Improper Privilege Management vulnerability in Mozilla Firefox, Firefox ESR and Thunderbird An error in the "WindowsDllDetourPatcher" where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections. | 5.0 |
2018-06-11 | CVE-2017-7768 | Information Exposure vulnerability in Mozilla Firefox and Firefox ESR The Mozilla Maintenance Service can be invoked by an unprivileged user to read 32 bytes of any arbitrary file on the local system by convincing the service that it is reading a status file provided by the Mozilla Windows Updater. | 2.1 |
2018-06-11 | CVE-2017-7767 | Improper Privilege Management vulnerability in Mozilla Firefox and Firefox ESR The Mozilla Maintenance Service can be invoked by an unprivileged user to overwrite arbitrary files with junk data using the Mozilla Windows Updater, which runs with the Maintenance Service's privileged access. | 2.1 |