Filtered by vendor Microsoft
Subscribe
Total
19339 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8555 | 1 Microsoft | 2 Edge, Windows 10 | 2017-06-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530. | |||||
| CVE-2017-8521 | 1 Microsoft | 2 Edge, Windows 10 | 2017-06-21 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user when the Edge JavaScript scripting engine fails to handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8499, CVE-2017-8520, CVE-2017-8548, and CVE-2017-8549. | |||||
| CVE-2017-8504 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-06-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8498. | |||||
| CVE-2017-8498 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-06-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8504. | |||||
| CVE-2017-8513 | 1 Microsoft | 2 Powerpoint, Sharepoint Server | 2017-06-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability". | |||||
| CVE-2017-8474 | 1 Microsoft | 6 Windows 10, Windows 7, Windows 8.1 and 3 more | 2017-06-20 | 1.9 LOW | 5.0 MEDIUM |
| The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8478, CVE-2017-8479, CVE-2017-8476, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. | |||||
| CVE-2017-9428 | 2 Bigtreecms, Microsoft | 2 Bigtree Cms, Windows | 2017-06-06 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in core\admin\ajax\developer\extensions\file-browser.php in BigTree CMS through 4.2.18 on Windows, allowing attackers to read arbitrary files via ..\ sequences in the directory parameter. | |||||
| CVE-2017-0351 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-06-05 | 7.2 HIGH | 7.8 HIGH |
| All versions of the NVIDIA GPU Display Driver contain a vulnerability in the kernel mode layer handler where a NULL pointer dereference caused by invalid user input may lead to denial of service or potential escalation of privileges. | |||||
| CVE-2017-0171 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2017-05-25 | 4.3 MEDIUM | 5.9 MEDIUM |
| Windows DNS Server allows a denial of service vulnerability when Microsoft Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 are configured to answer version queries, aka "Windows DNS Server Denial of Service Vulnerability". | |||||
| CVE-2017-0355 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-05-25 | 4.9 MEDIUM | 5.5 MEDIUM |
| All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service. | |||||
| CVE-2017-0349 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-05-25 | 7.2 HIGH | 7.8 HIGH |
| All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is not correctly validated before it is dereferenced for a write operation, may lead to denial of service or potential escalation of privileges. | |||||
| CVE-2017-0346 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2017-05-25 | 7.2 HIGH | 7.8 HIGH |
| All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. | |||||
| CVE-2016-6110 | 3 Ibm, Linux, Microsoft | 4 Tivoli Storage Manager, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Kernel and 1 more | 2017-05-25 | 2.1 LOW | 6.5 MEDIUM |
| IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. | |||||
| CVE-2017-0252 | 1 Microsoft | 1 Edge | 2017-05-24 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0223. | |||||
| CVE-2017-0255 | 1 Microsoft | 1 Sharepoint Foundation | 2017-05-23 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability". | |||||
| CVE-2017-0264 | 1 Microsoft | 1 Powerpoint For Mac | 2017-05-23 | 9.3 HIGH | 7.8 HIGH |
| Microsoft PowerPoint for Mac 2011 allows a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0254 and CVE-2017-0265. | |||||
| CVE-2017-0221 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240. | |||||
| CVE-2017-0266 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability." | |||||
| CVE-2017-0238 | 1 Microsoft | 2 Edge, Internet Explorer | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236. | |||||
| CVE-2017-0235 | 1 Microsoft | 1 Edge | 2017-05-23 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238. | |||||