Skip to main content
CVE-2017-0059 MEDIUM POC KEV PATCH THREAT Act Now

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD Exploit-DB
CVSS 3.1
4.3
EPSS
83.9%
Threat
6.4
CVE-2017-0022 MEDIUM POC KEV PATCH THREAT Act Now

Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and 1607; Windows 7 SP1; Windows 8.1; Windows RT 8.1; Windows Server 2008 SP2 and R2 SP1; Windows Server 2012 Gold and R2; Windows Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Buffer Overflow Information Disclosure Microsoft
NVD
CVSS 3.1
6.5
EPSS
44.1%
Threat
5.6
CVE-2017-0016 MEDIUM PATCH This Month

Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 49.2%.

Null Pointer Dereference Denial Of Service Microsoft RCE Windows 10 +4
NVD
CVSS 3.0
5.9
EPSS
49.2%
CVE-2017-0105 MEDIUM PATCH This Month

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 43.2%.

Microsoft Information Disclosure Office Office Compatibility Pack Office Web Apps +4
NVD
CVSS 3.0
5.5
EPSS
43.2%
CVE-2017-0063 MEDIUM POC PATCH THREAT This Month

The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 16.3%.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
16.3%
CVE-2017-0061 MEDIUM POC PATCH THREAT This Month

The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 18.5%.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
18.5%
CVE-2017-0121 MEDIUM POC PATCH THREAT This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.0%.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
13.0%
CVE-2017-0118 MEDIUM POC PATCH THREAT This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +5
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
12.4%
CVE-2017-0027 MEDIUM PATCH This Month

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. Epss exploitation probability 29.7%.

Microsoft Information Disclosure Excel Office Compatibility Pack Sharepoint Server
NVD
CVSS 3.0
4.7
EPSS
29.7%
CVE-2017-0057 MEDIUM PATCH This Month

DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 fails to properly process DNS queries, which allows remote. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.1%.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Rt 8 1 +2
NVD
CVSS 3.0
4.3
EPSS
31.1%
CVE-2017-0128 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0127 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0126 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0125 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0123 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0122 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0120 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0119 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0117 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0116 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0114 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0113 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0112 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0111 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0092 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0091 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0085 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
9.7%
CVE-2017-0045 MEDIUM POC PATCH This Month

Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Microsoft CSRF Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.6%
CVE-2017-0060 MEDIUM POC PATCH This Month

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Live Meeting Lync Office +11
NVD Exploit-DB
CVSS 3.1
5.5
EPSS
3.3%
CVE-2015-3883 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Qdpm
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2014-8703 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Wondercms
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2017-0029 MEDIUM PATCH This Month

Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 22.6%.

Denial Of Service Microsoft Office Word
NVD
CVSS 3.0
5.5
EPSS
22.6%
CVE-2017-0065 MEDIUM PATCH This Month

Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." This vulnerability is. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.2%.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
27.2%
CVE-2017-0124 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
6.4%
CVE-2017-0115 MEDIUM POC PATCH This Month

Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 7 Windows Server 2008 Windows Vista
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
6.4%
CVE-2017-6965 MEDIUM POC This Month

readelf in GNU Binutils 2.28 writes to illegal addresses while processing corrupt input files containing symbol-difference relocations, leading to a heap-based buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-6966 MEDIUM POC This Month

readelf in GNU Binutils 2.28 has a use-after-free (specifically read-after-free) error while processing multiple, relocated sections in an MSP430 binary. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Use After Free Information Disclosure Binutils
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2014-8707 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pluck
NVD
CVSS 3.0
5.4
EPSS
0.2%
CVE-2014-8702 MEDIUM POC This Month

Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Wondercms
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2015-3882 MEDIUM POC This Month

qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Qdpm
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2014-8723 MEDIUM POC This Month

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to (1) plugins/anonymous_data.php or (2) plugins/InnovationPlugin.php, which reveals the installation. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Getsimple Cms
NVD
CVSS 3.0
5.3
EPSS
0.3%
CVE-2014-8706 MEDIUM POC This Month

Pluck CMS 4.7.2 allows remote attackers to obtain sensitive information by (1) changing "PHPSESSID" to an array; (2) adding non-alphanumeric chars to "PHPSESSID"; (3) changing the image parameter to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Pluck
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-6370 MEDIUM POC This Month

TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in cases with an https Referer, which allows remote attackers to obtain sensitive cleartext information by sniffing the network. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Typo3
NVD GitHub
CVSS 3.0
5.3
EPSS
0.1%
CVE-2017-0062 MEDIUM POC PATCH This Month

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10. Rated medium severity (CVSS 4.7). Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
4.7
EPSS
2.8%
CVE-2017-0066 MEDIUM PATCH This Month

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 23.8%.

Microsoft Authentication Bypass Edge
NVD
CVSS 3.0
4.2
EPSS
23.8%
CVE-2017-0068 MEDIUM PATCH This Month

Browsers in Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.1%.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
23.1%
CVE-2017-0049 MEDIUM PATCH This Month

The VBScript engine in Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.0%.

Microsoft Information Disclosure Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
22.0%
CVE-2017-0135 MEDIUM PATCH This Month

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.5%.

Microsoft Authentication Bypass Edge
NVD
CVSS 3.0
4.2
EPSS
22.5%
CVE-2017-0140 MEDIUM PATCH This Month

Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 14.9%.

Microsoft Authentication Bypass Edge
NVD
CVSS 3.0
4.2
EPSS
14.9%
CVE-2017-0008 MEDIUM PATCH This Month

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.4%.

Microsoft Information Disclosure Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
11.4%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy