Filtered by vendor Microsoft
Subscribe
Total
17397 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8656 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-08-19 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | |||||
| CVE-2017-8657 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-08-19 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. | |||||
| CVE-2017-8644 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2017-08-18 | 4.3 MEDIUM | 4.3 MEDIUM |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662. | |||||
| CVE-2010-4423 | 2 Microsoft, Oracle | 2 Windows, Database Server | 2017-08-16 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in the Cluster Verify Utility component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-4669 | 1 Microsoft | 5 Windows 2003 Server, Windows 7, Windows Server 2008 and 2 more | 2017-08-16 | 7.8 HIGH | N/A |
| The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package. | |||||
| CVE-2010-4773 | 4 Hitachi, Ibm, Linux and 1 more | 6 Eur Form Client, Eur Form Service, Ucosminexus Eur Form Service and 3 more | 2017-08-16 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D 2010.11.15 and 05-10-CA (* 2) 2010.11.15; Hitachi EUR Form Service before 05-10 -/D 2010.11.15; and uCosminexus EUR Form Service before 07-60 -/D 2010.11.15 on Windows, before 05-10 -/D 2010.11.15 and 07-50 -/D 2010.11.15 on Linux, and before 07-50 -/C 2010.11.15 on AIX; allows remote attackers to execute arbitrary code via unknown attack vectors. | |||||
| CVE-2011-0037 | 1 Microsoft | 7 Forefront Client Security, Forefront Endpoint Protection 2010, Malicious Software Removal Tool and 4 more | 2017-08-16 | 7.2 HIGH | N/A |
| Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key. | |||||
| CVE-2011-0290 | 3 Lotus, Microsoft, Rim | 3 Domino, Exchange Server, Blackberry Enterprise Server | 2017-08-16 | 6.5 MEDIUM | N/A |
| The BlackBerry Collaboration Service in Research In Motion (RIM) BlackBerry Enterprise Server (BES) 5.0.3 through MR4 for Microsoft Exchange and Lotus Domino allows remote authenticated users to log into arbitrary user accounts associated with the same organization, and send messages, read messages, read contact lists, or cause a denial of service (login unavailability), via unspecified vectors. | |||||
| CVE-2011-0890 | 2 Hp, Microsoft | 2 Discovery\&dependency Mapping Inventory, Windows | 2017-08-16 | 5.0 MEDIUM | N/A |
| HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community. | |||||
| CVE-2010-0718 | 1 Microsoft | 1 Windows Media Player | 2017-08-16 | 4.3 MEDIUM | N/A |
| Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted .mpg file. | |||||
| CVE-2010-0719 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2017-08-16 | 4.7 MEDIUM | N/A |
| An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application. | |||||
| CVE-2010-1042 | 1 Microsoft | 1 Windows Media Player | 2017-08-16 | 4.3 MEDIUM | N/A |
| Microsoft Windows Media Player 11 does not properly perform colorspace conversion, which allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .AVI file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-1098 | 1 Microsoft | 2 Windows Vista, Windows Xp | 2017-08-16 | 7.1 HIGH | N/A |
| The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file. | |||||
| CVE-2010-1184 | 1 Microsoft | 1 27mhz Wireless Keyboard | 2017-08-16 | 7.6 HIGH | N/A |
| The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2. | |||||
| CVE-2010-1349 | 2 Microsoft, Opera | 2 Windows, Opera Browser | 2017-08-16 | 10.0 HIGH | N/A |
| Integer overflow in Opera 10.10 through 10.50 allows remote attackers to execute arbitrary code via a large Content-Length value, which triggers a heap overflow. | |||||
| CVE-2010-1458 | 2 Microsoft, Tweakfs | 2 Flight Simulator X, Tweakfs Zip Utility | 2017-08-16 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in Create and Extract Zips TweakFS Zip Utility 1.0 for Flight Simulator X (FSX) allows remote attackers to execute arbitrary code via a long filename in a ZIP archive. | |||||
| CVE-2010-1558 | 2 Hp, Microsoft | 2 Multifunction Peripheral Digital Sending Software, Windows | 2017-08-16 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital Sending Software before 4.18.3 allows local users to bypass intended restrictions on the MFP "Send to e-mail" feature, and obtain sensitive information, via unknown vectors. | |||||
| CVE-2010-1940 | 2 Apple, Microsoft | 2 Safari, Windows | 2017-08-16 | 4.3 MEDIUM | N/A |
| Apple Safari 4.0.5 on Windows sends the "Authorization: Basic" header appropriate for one web site to a different web site named in a Location header received from the first site, which allows remote web servers to obtain sensitive information by logging HTTP requests. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2010-2090 | 2 Ibm, Microsoft | 3 Aix, Communications Server, Windows | 2017-08-16 | 5.0 MEDIUM | N/A |
| The npb_protocol_error function in sna V5router64 in IBM Communications Server for Windows 6.1.3 and Communications Server for AIX (aka CSAIX or CS/AIX) in sna.rte before 6.3.1.2 allows remote attackers to cause a denial of service (daemon crash) via APPC data containing a GDSID variable with a GDS length that is too small. | |||||
| CVE-2010-2428 | 2 Microsoft, Wftpserver | 2 Windows, Wing Ftp Server | 2017-08-16 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin_loginok.html in the Administrator web interface in Wing FTP Server for Windows 3.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted POST request. | |||||