Skip to main content
CVE-2018-1000130 HIGH POC PATCH THREAT This Week

A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 in the proxy mode that allows a remote attacker to run arbitrary Java code on the server. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Java RCE Webarchive Agent
NVD
CVSS 3.0
8.1
EPSS
73.6%
CVE-2018-0877 HIGH POC PATCH This Week

The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows Server Windows Server 2016
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
3.5%
CVE-2018-0935 HIGH POC PATCH THREAT This Week

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Buffer Overflow Microsoft RCE Use After Free Memory Corruption +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
55.9%
CVE-2018-0934 HIGH POC PATCH THREAT This Week

ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Microsoft RCE Buffer Overflow Edge Chakracore
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
66.5%
CVE-2018-0933 HIGH POC PATCH THREAT This Week

ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Memory Corruption Microsoft RCE Buffer Overflow Edge +1
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
66.6%
CVE-2018-0886 HIGH POC PATCH THREAT This Week

The Credential Security Support Provider protocol (CredSSP) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511,. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. Public exploit code available.

Authentication Bypass Microsoft RCE Windows 10 Windows 7 +5
NVD GitHub Exploit-DB
CVSS 3.0
7.0
EPSS
82.3%
CVE-2018-0882 HIGH POC PATCH This Week

The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed,. Rated high severity (CVSS 7.0). Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows Server Windows Server 2016
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
2.9%
CVE-2018-0880 HIGH POC PATCH This Week

The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed,. Rated high severity (CVSS 7.0). Public exploit code available.

Microsoft Information Disclosure Windows 10 Windows Server Windows Server 2016
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
3.2%
CVE-2018-2401 HIGH This Week

SAP Business Process Automation (BPA) By Redwood does not sufficiently validate an XML document accepted from an untrusted source resulting in an XML External Entity (XXE) vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XXE SAP Sap Business Process Automation
NVD
CVSS 3.0
8.8
EPSS
1.7%
CVE-2018-0947 HIGH PATCH This Week

Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0944 HIGH PATCH This Week

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Project Server Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0923 HIGH PATCH This Week

Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0921 HIGH PATCH This Week

Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0917 HIGH PATCH This Week

Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0916 HIGH PATCH This Week

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Project Server Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0915 HIGH PATCH This Week

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Project Server Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0914 HIGH PATCH This Week

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Project Server Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0913 HIGH PATCH This Week

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Project Server Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0912 HIGH PATCH This Week

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Project Server Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0911 HIGH PATCH This Week

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Project Server Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0910 HIGH PATCH This Week

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Project Server Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0909 HIGH PATCH This Week

Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Project Server Sharepoint Enterprise Server
NVD
CVSS 3.0
8.8
EPSS
4.7%
CVE-2018-0787 HIGH PATCH This Week

ASP.NET Core 1.0. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Asp Net Core
NVD GitHub
CVSS 3.0
8.8
EPSS
9.9%
CVE-2018-7677 HIGH This Week

A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity Server component. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Access Manager
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-2402 HIGH This Week

In systems using the optional capture & replay functionality of SAP HANA, 1.00 and 2.00, (see SAP Note 2362820 for more information about capture & replay), user credentials may be stored in clear. Rated high severity (CVSS 8.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure SAP Hana
NVD
CVSS 3.0
8.4
EPSS
1.6%
CVE-2018-7533 HIGH This Week

An Incorrect Default Permissions issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Pi Data Archive
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-0922 HIGH PATCH This Week

Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 Click-to-Run Microsoft Office 2016 for Mac, Microsoft Office Compatibility Pack SP2, Microsoft Office Web Apps 2010 SP2, Microsoft. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Office +7
NVD
CVSS 3.0
7.8
EPSS
18.1%
CVE-2018-0907 HIGH PATCH This Week

Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Authentication Bypass Microsoft Excel Office
NVD
CVSS 3.0
7.8
EPSS
6.1%
CVE-2018-0903 HIGH PATCH This Week

Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access 2016, and Microsoft Office 2016 Click-to-Run allow a remote code execution vulnerability due to how objects are handled in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Microsoft RCE Access Office
NVD
CVSS 3.0
7.8
EPSS
16.6%
CVE-2018-0902 HIGH PATCH This Week

The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in Windows 10 Gold, 1511, 1607, 1703, and 1709. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-0884 HIGH PATCH This Week

Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to how objects are. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Authentication Bypass Microsoft Windows 10 Windows Server Windows Server 2016
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2018-8100 HIGH This Week

The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Denial Of Service Buffer Overflow Xpdf
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2018-1437 HIGH PATCH This Week

IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary code on the system, caused by an error related to multiple untrusted search path. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM RCE Notes
NVD
CVSS 3.0
7.8
EPSS
2.3%
CVE-2018-1435 HIGH PATCH This Week

IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

IBM RCE Notes
NVD
CVSS 3.0
7.8
EPSS
2.6%
CVE-2018-1386 HIGH This Week

IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, 9.1, 9.2, 9.3, and 9.4) contains directories with improper permissions that could allow a local user to with special access to gain. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

IBM Information Disclosure Tivoli Workload Scheduler
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2018-2400 HIGH This Week

Under certain conditions SAP Business Process Automation (BPA) By Redwood, 9.00, 9.10, allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Sap Business Process Automation
NVD
CVSS 3.0
7.5
EPSS
1.7%
CVE-2018-2398 HIGH This Week

Under certain conditions SAP Business Client 6.5 allows an attacker to access information which would otherwise be restricted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure SAP Business Client
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2018-7529 HIGH This Week

A Deserialization of Untrusted Data issue was discovered in OSIsoft PI Data Archive versions 2017 and prior. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Deserialization Pi Data Archive
NVD
CVSS 3.0
7.5
EPSS
2.1%
CVE-2018-1077 HIGH This Week

Spacewalk 2.6 contains an API which has an XXE flaw allowing for the disclosure of potentially sensitive information from the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Spacewalk Satellite
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-1000121 HIGH PATCH This Week

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Null Pointer Dereference Denial Of Service Debian Linux Ubuntu Linux Curl +6
NVD
CVSS 3.0
7.5
EPSS
9.6%
CVE-2018-0937 HIGH PATCH This Week

ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
15.6%
CVE-2018-0936 HIGH PATCH This Week

ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
15.6%
CVE-2018-0931 HIGH PATCH This Week

ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
11.7%
CVE-2018-0930 HIGH PATCH This Week

ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
11.8%
CVE-2018-0925 HIGH PATCH This Week

ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Buffer Overflow Chakracore
NVD
CVSS 3.0
7.5
EPSS
11.7%
CVE-2018-0893 HIGH PATCH This Week

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
26.8%
CVE-2018-0889 HIGH PATCH This Week

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Internet Explorer
NVD
CVSS 3.0
7.5
EPSS
15.9%
CVE-2018-0883 HIGH PATCH This Week

Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, Windows Server 2016 and Windows. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Microsoft RCE Windows 10 Windows 7 Windows 8 1 +5
NVD
CVSS 3.0
7.5
EPSS
15.1%
CVE-2018-0879 HIGH PATCH This Week

Microsoft Edge in Windows 10 1709 allows information disclosure, due to how Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Microsoft Information Disclosure Edge
NVD
CVSS 3.0
7.5
EPSS
8.6%
CVE-2018-0876 HIGH PATCH This Week

Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption Microsoft RCE Buffer Overflow Edge
NVD
CVSS 3.0
7.5
EPSS
15.9%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy