Skip to main content
CVE-2017-8597 MEDIUM PATCH This Month

Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that Microsoft Edge handles objects in memory, aka. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 12.8%.

Microsoft Information Disclosure Windows 10
NVD
CVSS 3.0
4.3
EPSS
12.8%
CVE-2017-8688 MEDIUM PATCH This Month

Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
6.2%
CVE-2017-8679 MEDIUM PATCH This Month

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
5.5
EPSS
6.2%
CVE-2017-1508 MEDIUM This Month

IBM Informix Dynamic Server 12.1 could allow a local user logged in with database administrator user to gain root privileges. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Informix Dynamic Server
NVD
CVSS 3.0
6.7
EPSS
0.0%
CVE-2017-6330 MEDIUM This Month

Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote attackers to cause a denial of service (resource consumption) via crafted web requests.". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Encryption Desktop
NVD
CVSS 3.0
6.5
EPSS
0.6%
CVE-2017-1556 MEDIUM This Month

IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular expression attack that could allow an authenticated attacker to use a regex and cause the system to slow or hang. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Api Connect
NVD
CVSS 3.0
6.5
EPSS
0.5%
CVE-2017-8643 MEDIUM PATCH This Month

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.4%.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
11.4%
CVE-2017-14124 MEDIUM This Month

In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when classic desktop mode is used, it is possible to start applications other than defined, even if the user does not have permissions to. Rated medium severity (CVSS 6.3). No vendor patch available.

Privilege Escalation Rp
NVD
CVSS 3.0
6.3
EPSS
0.0%
CVE-2017-8758 MEDIUM PATCH This Month

Microsoft Exchange Server 2016 allows an elevation of privilege vulnerability when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka "Microsoft Exchange. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Exchange Server
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2015-2750 MEDIUM PATCH This Month

Open redirect vulnerability in URL-related API functions in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Drupal Debian Linux
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2015-2749 MEDIUM PATCH This Month

Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before 7.35 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Drupal Debian Linux
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2017-8713 MEDIUM PATCH This Month

The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure. Rated medium severity (CVSS 5.3). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Server 2012 +1
NVD
CVSS 3.0
5.3
EPSS
3.2%
CVE-2017-8712 MEDIUM PATCH This Month

The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated. Rated medium severity (CVSS 5.3). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
3.2%
CVE-2017-8711 MEDIUM PATCH This Month

The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user. Rated medium severity (CVSS 5.3). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
3.2%
CVE-2017-8707 MEDIUM PATCH This Month

The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an. Rated medium severity (CVSS 5.3). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 8 1 Windows Server 2008 +1
NVD
CVSS 3.0
5.3
EPSS
3.2%
CVE-2017-8706 MEDIUM PATCH This Month

The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from. Rated medium severity (CVSS 5.3). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
3.2%
CVE-2017-8716 MEDIUM PATCH This Month

Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10
NVD
CVSS 3.0
5.3
EPSS
2.3%
CVE-2017-8745 MEDIUM PATCH This Month

An elevation of privilege vulnerability exists in Microsoft SharePoint Foundation 2013 Service Pack 1 when it does not properly sanitize a specially crafted web request to an affected SharePoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Foundation
NVD
CVSS 3.0
5.4
EPSS
1.3%
CVE-2017-8746 MEDIUM PATCH This Month

Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity.

Microsoft Authentication Bypass Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
1.7%
CVE-2017-14407 MEDIUM This Month

A stack-based buffer over-read was discovered in filterYule in gain_analysis.c in MP3Gain version 1.5.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Mp3Gain
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2017-14408 MEDIUM This Month

A stack-based buffer over-read was discovered in dct36 in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Mp3Gain
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2017-8629 MEDIUM PATCH This Month

Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of privilege vulnerability when it fails to properly sanitize a specially crafted web request to an affected SharePoint server, aka. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Microsoft Sharepoint Server
NVD
CVSS 3.0
5.4
EPSS
0.9%
CVE-2017-14410 MEDIUM This Month

A buffer over-read was discovered in III_i_stereo in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Mp3Gain
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-14406 MEDIUM This Month

A NULL pointer dereference was discovered in sync_buffer in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Mp3Gain
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2017-14431 MEDIUM PATCH This Month

Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a denial of service (ARM or x86 AMD host OS memory consumption) by continually rebooting, because certain cleanup is skipped if no. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Amd Xen
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-7560 MEDIUM This Month

It was found that rhnsd PID files are created as world-writable that allows local attackers to fill the disks or to kill selected processes. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Rhnsd
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8723 MEDIUM PATCH This Month

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Authentication Bypass Edge
NVD
CVSS 3.0
4.3
EPSS
5.8%
CVE-2017-8719 MEDIUM PATCH This Month

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
4.7
EPSS
3.5%
CVE-2017-8709 MEDIUM PATCH This Month

The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and. Rated medium severity (CVSS 4.7). This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
4.7
EPSS
3.5%
CVE-2017-8704 MEDIUM PATCH This Month

The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows a denial of service vulnerability when it fails to properly validate input from an authenticated user on a. Rated medium severity (CVSS 5.3).

Denial Of Service Microsoft Windows 10 Windows Server 2016
NVD
CVSS 3.0
5.3
EPSS
0.2%
CVE-2017-8754 MEDIUM PATCH This Month

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Edge
NVD
CVSS 3.0
4.2
EPSS
5.1%
CVE-2017-8733 MEDIUM PATCH This Month

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Internet Explorer
NVD
CVSS 3.0
4.3
EPSS
3.6%
CVE-2017-8735 MEDIUM PATCH This Month

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
2.8%
CVE-2017-8724 MEDIUM PATCH This Month

Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
4.3
EPSS
2.8%
CVE-2017-8676 LOW PATCH Monitor

The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, 1607,. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Live Meeting Lync Office +11
NVD
CVSS 3.0
3.3
EPSS
7.6%
CVE-2015-7880 MEDIUM This Month

The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Drupal
NVD
CVSS 3.0
4.3
EPSS
0.2%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy