Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8624 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows CLFS Elevation of Privilege Vulnerability". | |||||
| CVE-2017-8628 | 1 Microsoft | 5 Windows 10, Windows 7, Windows 8.1 and 2 more | 2019-10-02 | 4.3 MEDIUM | 6.8 MEDIUM |
| Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability". | |||||
| CVE-2017-8637 | 1 Microsoft | 2 Edge, Windows 10 | 2019-10-02 | 2.6 LOW | 5.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability". | |||||
| CVE-2017-8673 | 1 Microsoft | 1 Windows 10 | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 10 1703 allows an attacker to connect to a target system using RDP and send specially crafted requests, aka "Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability." | |||||
| CVE-2017-8689 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-02 | 6.9 MEDIUM | 7.0 HIGH |
| The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8694. | |||||
| CVE-2017-8694 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-02 | 6.9 MEDIUM | 7.0 HIGH |
| The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8689. | |||||
| CVE-2017-8700 | 1 Microsoft | 1 Asp.net Core | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". | |||||
| CVE-2017-8702 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-02 | 4.4 MEDIUM | 7.0 HIGH |
| Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability". | |||||
| CVE-2017-8720 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2019-10-02 | 7.2 HIGH | 7.8 HIGH |
| The Microsoft Windows graphics component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8675. | |||||
| CVE-2017-8715 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-02 | 4.6 MEDIUM | 5.3 MEDIUM |
| The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Windows Security Feature Bypass". | |||||
| CVE-2017-8716 | 1 Microsoft | 1 Windows 10 | 2019-10-02 | 4.6 MEDIUM | 5.3 MEDIUM |
| Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows an attacker to run a specially crafted application to bypass Control Flow Guard, due to the way that Control Flow Guard handles objects in memory, aka "Windows Security Feature Bypass Vulnerability". | |||||
| CVE-2017-8724 | 1 Microsoft | 2 Edge, Windows 10 | 2019-10-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8735. | |||||
| CVE-2017-8733 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2019-10-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into believing that the user was visiting a legitimate website, due to the way that Internet Explorer handles specific HTML content, aka "Internet Explorer Spoofing Vulnerability". | |||||
| CVE-2017-8735 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2019-10-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from CVE-2017-8724. | |||||
| CVE-2017-8746 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2019-10-02 | 4.6 MEDIUM | 5.3 MEDIUM |
| Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 allows A security feature bypass vulnerability due to how PowerShell exposes functions and processes user supplied code, aka "Device Guard Security Feature Bypass Vulnerability". | |||||
| CVE-2017-8812 | 2 Debian, Mediawiki | 2 Debian Linux, Mediawiki | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 allows remote attackers to inject > (greater than) characters via the id attribute of a headline. | |||||
| CVE-2017-8819 | 2 Debian, Tor Project | 2 Debian Linux, Tor | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, the replay-cache protection mechanism is ineffective for v2 onion services, aka TROVE-2017-009. An attacker can send many INTRODUCE2 cells to trigger this issue. | |||||
| CVE-2017-8855 | 1 Wolfssl | 1 Wolfssl | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a malformed DH key. | |||||
| CVE-2017-8859 | 1 Veritas | 1 Netbackup Appliance | 2019-10-02 | 10.0 HIGH | 9.8 CRITICAL |
| In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users can execute arbitrary commands as root. | |||||
| CVE-2017-8867 | 1 Cognitoys | 2 Stemosaur, Stemosaur Firmware | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Elemental Path's CogniToys Dino smart toys through firmware version 0.0.794 use AES-128 with ECB mode to encrypt voice traffic between the device and remote server, allowing a malicious user to map encrypted traffic to a particular AES key index and gaining further access to eavesdrop on privacy-sensitive voice communication of a child and their Dino device. | |||||