Search
Total
21119 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-0789 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2019-10-03 | 9.0 HIGH | 8.8 HIGH |
| Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0790. | |||||
| CVE-2018-0790 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2019-10-03 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 and Microsoft SharePoint Server 2016 allow an elevation of privilege vulnerability due to the way web requests are handled, aka "Microsoft SharePoint Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0789. | |||||
| CVE-2018-0791 | 1 Microsoft | 2 Office, Outlook | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, and Microsoft Outlook 2016 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0793. | |||||
| CVE-2018-0793 | 1 Microsoft | 3 Office, Office Compatibility Pack, Word | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook 2013 allow a remote code execution vulnerability due to the way email messages are parsed, aka "Microsoft Outlook Remote Code Execution Vulnerability". This CVE is unique from CVE-2018-0791. | |||||
| CVE-2018-0808 | 1 Microsoft | 1 Asp.net Core | 2019-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784. | |||||
| CVE-2018-0809 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| The Windows kernel in Windows 10, versions 1703 and 1709, and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0820 and CVE-2018-0843. | |||||
| CVE-2018-0815 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows 7 SP1 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0816, and CVE-2018-0817. | |||||
| CVE-2018-0816 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0817. | |||||
| CVE-2018-0817 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| The Windows Graphics Device Interface (GDI) in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows GDI Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0815 and CVE-2018-0816. | |||||
| CVE-2018-0818 | 1 Microsoft | 1 Chakracore | 2019-10-03 | 8.5 HIGH | 7.5 HIGH |
| Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting Engine Security Feature Bypass". | |||||
| CVE-2018-0819 | 1 Microsoft | 1 Office | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Office 2016 for Mac allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses, aka "Spoofing Vulnerability in Microsoft Office for Mac." | |||||
| CVE-2018-0820 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Kernel Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0742, CVE-2018-0756, CVE-2018-0809 and CVE-2018-0843. | |||||
| CVE-2018-0822 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.4 MEDIUM | 7.0 HIGH |
| NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0823 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.4 MEDIUM | 7.0 HIGH |
| The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0826 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.4 MEDIUM | 7.0 HIGH |
| Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0827 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.6 MEDIUM | 5.3 MEDIUM |
| Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and Windows Server, version 1709 allows a Device Guard security feature bypass vulnerability due to the way objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability". | |||||
| CVE-2018-0831 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0854 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.6 MEDIUM | 5.3 MEDIUM |
| A security feature bypass vulnerability exists in Windows Scripting Host which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0958, CVE-2018-8129, CVE-2018-8132. | |||||
| CVE-2018-0841 | 1 Microsoft | 1 Office | 2019-10-03 | 9.3 HIGH | 8.8 HIGH |
| Microsoft Office 2016 Click-to-Run allows a remote code execution vulnerability due to how objects are handled in memory, aka "Office Remote Code Execution Vulnerability" | |||||
| CVE-2018-0842 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 6.9 MEDIUM | 7.0 HIGH |
| Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Kernel Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0844 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0846. | |||||
| CVE-2018-0846 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| The Windows Common Log File System (CLFS) driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how objects in memory are handled, aka "Windows Common Log File System Driver Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0844. | |||||
| CVE-2018-0850 | 1 Microsoft | 2 Office, Outlook | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook 2013, Microsoft Outlook 2016, and Microsoft Office 2016 Click-to-Run allow an elevation of privilege vulnerability due to how the format of incoming message is validated, aka "Microsoft Outlook Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0890 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 3.5 LOW | 5.3 MEDIUM |
| A security feature bypass vulnerability exists when Active Directory incorrectly applies Network Isolation settings, aka "Active Directory Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-0907 | 1 Microsoft | 2 Excel, Office | 2019-10-03 | 6.8 MEDIUM | 7.8 HIGH |
| Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel 2013 SP1, Microsoft Excel 2016, Microsoft Office 2016 Click-to-Run and Microsoft Office 2016 for Mac allow a security feature bypass vulnerability due to how macro settings are enforced, aka "Microsoft Office Excel Security Feature Bypass". | |||||
| CVE-2018-0942 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2019-10-03 | 2.1 LOW | 2.6 LOW |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow elevation of privilege, due to how Internet Explorer handles zone and integrity settings, aka "Internet Explorer Elevation of Privilege Vulnerability". | |||||
| CVE-2018-0949 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. | |||||
| CVE-2018-0952 | 1 Microsoft | 4 Visual Studio 2015, Visual Studio 2017, Windows 10 and 1 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| An Elevation of Privilege vulnerability exists when Diagnostics Hub Standard Collector allows file creation in arbitrary locations, aka "Diagnostic Hub Standard Collector Elevation Of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Microsoft Visual Studio, Windows 10 Servers. | |||||
| CVE-2018-0958 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.6 MEDIUM | 5.3 MEDIUM |
| A security feature bypass vulnerability exists in Windows which could allow an attacker to bypass Device Guard, aka "Windows Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-0854, CVE-2018-8129, CVE-2018-8132. | |||||
| CVE-2018-0963 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-0967 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 6.3 MEDIUM | 5.3 MEDIUM |
| A denial of service vulnerability exists in the way that Windows SNMP Service handles malformed SNMP traps, aka "Windows SNMP Service Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2018-2967 | 1 Oracle | 1 Primavera Unifier | 2019-10-03 | 2.1 LOW | 5.3 MEDIUM |
| Vulnerability in the Primavera Unifier component of Oracle Construction and Engineering Suite (subcomponent: Core). Supported versions that are affected are 16.x, 17.x and 18.x. Easily exploitable vulnerability allows physical access to compromise Primavera Unifier. While the vulnerability is in Primavera Unifier, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera Unifier accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2017-0159 | 1 Microsoft | 3 Windows 10, Windows Server 2012, Windows Server 2016 | 2019-10-03 | 4.3 MEDIUM | 3.7 LOW |
| A security feature bypass vulnerability exists in Windows 10 1607, Windows Server 2012 R2, and Windows 2016 when ADFS incorrectly treats requests coming from Extranet clients as Intranet requests, aka "ADFS Security Feature Bypass Vulnerability." | |||||
| CVE-2017-0001 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0005, CVE-2017-0025, and CVE-2017-0047. | |||||
| CVE-2017-0002 | 1 Microsoft | 1 Edge | 2019-10-03 | 6.8 MEDIUM | 8.8 HIGH |
| Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability." | |||||
| CVE-2017-0010 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2019-10-03 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | |||||
| CVE-2017-0014 | 1 Microsoft | 8 Office, Windows 10, Windows 7 and 5 more | 2019-10-03 | 7.6 HIGH | 7.5 HIGH |
| The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108. | |||||
| CVE-2017-0021 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 7.7 HIGH | 9.0 CRITICAL |
| Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V System Data Structure Vulnerability." This vulnerability is different from that described in CVE-2017-0095. | |||||
| CVE-2017-0024 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082. | |||||
| CVE-2017-0025 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005, and CVE-2017-0047. | |||||
| CVE-2017-0026 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082. | |||||
| CVE-2017-0029 | 1 Microsoft | 2 Office, Word | 2019-10-03 | 4.3 MEDIUM | 5.5 MEDIUM |
| Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability." | |||||
| CVE-2017-0039 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link library (DLL) loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Execution Vulnerability." | |||||
| CVE-2017-0047 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005 and CVE-2017-0025. | |||||
| CVE-2017-0050 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8 and 5 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | |||||
| CVE-2017-0051 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 2.9 LOW | 5.4 MEDIUM |
| Microsoft Windows 10 1607 and Windows Server 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Hyper-V Network Switch Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, CVE-2017-0098, and CVE-2017-0099. | |||||
| CVE-2017-0056 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, CVE-2017-0082. | |||||
| CVE-2017-0080 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-03 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0081, and CVE-2017-0082. | |||||
| CVE-2017-0064 | 1 Microsoft | 1 Internet Explorer | 2019-10-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| A security feature bypass vulnerability exists in Internet Explorer that allows for bypassing Mixed Content warnings, aka "Internet Explorer Security Feature Bypass Vulnerability." | |||||
| CVE-2017-0066 | 1 Microsoft | 1 Edge | 2019-10-03 | 4.0 MEDIUM | 4.2 MEDIUM |
| Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140. | |||||