Skip to main content
CVE-2017-10075 HIGH POC PATCH THREAT Act Now

Vulnerability in the Oracle WebCenter Content component of Oracle Fusion Middleware (subcomponent: Content Server). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 86.3%.

Authentication Bypass Oracle Webcenter Content
NVD
CVSS 3.0
8.2
EPSS
86.3%
Threat
5.7
CVE-2017-8636 HIGH POC PATCH THREAT Act Now

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 82.7%.

Buffer Overflow RCE Microsoft Internet Explorer Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
82.7%
Threat
5.5
CVE-2017-8671 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 81.9%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
81.9%
Threat
5.5
CVE-2017-8656 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 81.9%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
81.9%
Threat
5.5
CVE-2017-8646 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 81.9%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
81.9%
Threat
5.5
CVE-2017-8645 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 81.9%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
81.9%
Threat
5.5
CVE-2017-8640 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 81.9%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
81.9%
Threat
5.5
CVE-2017-8670 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 79.0%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
79.0%
Threat
5.4
CVE-2017-8625 HIGH POC PATCH THREAT Act Now

Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to bypass Device Guard User Mode Code Integrity (UMCI) policies due to Internet Explorer failing to. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 69.8%.

Microsoft Privilege Escalation Internet Explorer
NVD
CVSS 3.0
8.8
EPSS
69.8%
Threat
5.4
CVE-2017-8641 HIGH POC PATCH THREAT Act Now

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 75.6%.

Buffer Overflow RCE Microsoft Edge Internet Explorer
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
75.6%
Threat
5.3
CVE-2017-8634 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 74.4%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
74.4%
Threat
5.2
CVE-2017-8635 HIGH POC PATCH THREAT Act Now

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 58.0%.

Buffer Overflow RCE Microsoft Internet Explorer Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
58.0%
Threat
4.7
CVE-2017-8657 HIGH POC PATCH THREAT Act Now

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 57.7%.

Buffer Overflow RCE Microsoft Edge
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
57.7%
Threat
4.7
CVE-2017-8620 HIGH PATCH Act Now

Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 54.6%.

Buffer Overflow RCE Microsoft Windows 10 Windows 7 +5
NVD
CVSS 3.0
8.1
EPSS
54.6%
CVE-2017-11155 HIGH POC THREAT Act Now

An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 29.5%.

Synology PHP Information Disclosure Photo Station
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
29.5%
CVE-2017-8691 HIGH PATCH Act Now

Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an attacker to execute code remotely on a target system when the Windows font library fails to properly handle specially crafted embedded. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 41.6%.

Buffer Overflow RCE Microsoft Windows 7 Windows Server 2008
NVD
CVSS 3.0
8.8
EPSS
41.6%
CVE-2017-10246 HIGH POC PATCH THREAT Act Now

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: iHelp). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.9%.

Authentication Bypass Oracle Application Object Library
NVD Exploit-DB
CVSS 3.0
8.2
EPSS
12.9%
CVE-2017-11152 HIGH POC THREAT Act Now

Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.1%.

Path Traversal Synology PHP Photo Station
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
14.1%
CVE-2017-11741 HIGH POC This Week

HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

RCE Hashicorp VMware Privilege Escalation Vagrant Vmware Fusion
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-10129 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.3%
CVE-2017-10204 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Oracle Vm Virtualbox
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.1%
CVE-2017-11154 HIGH POC This Week

Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Synology PHP File Upload Photo Station
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
6.9%
CVE-2017-0250 HIGH PATCH Act Now

Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 23.5%.

Buffer Overflow RCE Microsoft Windows 10 Windows 7 +5
NVD
CVSS 3.0
7.8
EPSS
23.5%
CVE-2017-8653 HIGH PATCH Act Now

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 24.3%.

Buffer Overflow RCE Microsoft Edge Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
24.3%
CVE-2017-0293 HIGH PATCH Act Now

Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.5%.

Buffer Overflow RCE Microsoft Windows 10 Windows 8 1 +4
NVD
CVSS 3.0
7.5
EPSS
22.5%
CVE-2017-8669 HIGH PATCH Act Now

Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.0%.

Buffer Overflow RCE Microsoft Edge Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
22.0%
CVE-2017-8674 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.6%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
17.6%
CVE-2017-8672 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.6%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
17.6%
CVE-2017-8655 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.6%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
17.6%
CVE-2017-8647 HIGH PATCH Act Now

Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.6%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
17.6%
CVE-2017-8639 HIGH PATCH Act Now

Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.6%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
17.6%
CVE-2017-8638 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.6%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
17.6%
CVE-2017-8661 HIGH PATCH Act Now

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way affected Microsoft scripting. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.3%.

Buffer Overflow RCE Microsoft Edge
NVD
CVSS 3.0
7.5
EPSS
17.3%
CVE-2017-8651 HIGH PATCH Act Now

Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.3%.

Buffer Overflow RCE Microsoft Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
17.3%
CVE-2017-10147 HIGH PATCH This Week

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components). Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Weblogic Server
NVD GitHub
CVSS 3.0
8.6
EPSS
8.6%
CVE-2017-8633 HIGH PATCH Act Now

Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. Epss exploitation probability 14.0%.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.5
EPSS
14.0%
CVE-2017-8503 HIGH PATCH This Week

Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to escape from the AppContainer sandbox, aka "Microsoft Edge Elevation of Privilege Vulnerability". Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2017-8664 HIGH PATCH This Week

Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 8 1 Windows Server 2012 +1
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2017-12678 HIGH PATCH This Week

In TagLib 1.11.1, the rebuildAggregateFrames function in id3v2framefactory.cpp has a pointer to cast vulnerability, which allows remote attackers to cause a denial of service or possibly have. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

Denial Of Service File Upload Taglib Debian Linux
NVD GitHub
CVSS 3.1
8.8
EPSS
0.6%
CVE-2017-10141 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.0
8.2
EPSS
3.3%
CVE-2017-10196 HIGH PATCH This Week

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Outside In Technology
NVD
CVSS 3.0
8.2
EPSS
3.1%
CVE-2017-10013 HIGH PATCH This Week

Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: User Interface). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle Sun Zfs Storage Appliance Kit Software
NVD
CVSS 3.0
8.3
EPSS
1.9%
CVE-2017-10116 HIGH PATCH This Week

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Security). Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Java Oracle Jdk Jre +26
NVD
CVSS 3.1
8.3
EPSS
1.7%
CVE-2017-10042 HIGH PATCH This Week

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: IKE). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Solaris
NVD
CVSS 3.0
7.5
EPSS
5.6%
CVE-2017-10036 HIGH PATCH This Week

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: NFSv4). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Oracle Solaris
NVD
CVSS 3.0
7.5
EPSS
5.6%
CVE-2017-10025 HIGH PATCH This Week

Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: BI Publisher Security). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Business Intelligence Publisher
NVD
CVSS 3.0
8.2
EPSS
1.7%
CVE-2017-10199 HIGH PATCH This Week

Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Pages). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Ilearning
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10185 HIGH PATCH This Week

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Management). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Customer Relationship Management Technical Foundation
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10180 HIGH PATCH This Week

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: CMRO). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Customer Relationship Management Technical Foundation
NVD
CVSS 3.0
8.2
EPSS
1.6%
CVE-2017-10174 HIGH PATCH This Week

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: Service Request). Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Oracle Isupport
NVD
CVSS 3.0
8.2
EPSS
1.6%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy