Vulnerabilities (CVE)

Filtered by NVD-CWE-noinfo
Total 35900 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-11877 1 Microsoft 3 Excel, Excel Viewer, Office Compatibility Pack 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability".
CVE-2017-11874 1 Microsoft 4 Chakracore, Edge, Windows 10 and 1 more 2026-06-17 2.6 LOW 3.1 LOW
Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872.
CVE-2017-11872 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874.
CVE-2017-11847 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2026-06-17 9.3 HIGH 7.8 HIGH
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to run arbitrary code in kernel mode, install programs, view, change or delete data, and create new accounts with full user rights due to improperly handing objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".
CVE-2017-11824 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2026-06-17 6.9 MEDIUM 7.0 HIGH
The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles objects in memory, aka "Windows Graphics Component Elevation of Privilege Vulnerability".
CVE-2017-11788 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows server, version 1709 allows an unauthenticated attacker to remotely send specially crafted messages that could cause a denial of service against the system due to improperly handing objects in memory, aka "Windows Search Denial of Service Vulnerability".
CVE-2017-11783 1 Microsoft 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more 2026-06-17 6.9 MEDIUM 7.0 HIGH
Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability in the way it handles calls to Advanced Local Procedure Call (ALPC), aka "Windows Elevation of Privilege Vulnerability".
CVE-2017-11780 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2026-06-17 6.8 MEDIUM 7.0 HIGH
The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a remote code execution vulnerability when it fails to properly handle certain requests, aka "Windows SMB Remote Code Execution Vulnerability".
CVE-2017-11779 1 Microsoft 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more 2026-06-17 9.3 HIGH 8.1 HIGH
The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability when it fails to properly handle DNS responses, aka "Windows DNSAPI Remote Code Execution Vulnerability".
CVE-2017-11769 1 Microsoft 2 Windows 10, Windows Server 2016 2026-06-17 9.3 HIGH 7.8 HIGH
The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way it handles loading dll files, aka "TRIE Remote Code Execution Vulnerability".
CVE-2017-11684 1 Libav 1 Libav 2026-06-17 5.0 MEDIUM 7.5 HIGH
There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input.
CVE-2017-11633 1 - 1 Wireless Ip Camera 360 2026-06-17 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Wireless IP Camera 360 devices. Remote attackers can discover RTSP credentials by connecting to TCP port 9527 and reading the InsertConnect field.
CVE-2017-11615 1 Factorio 1 Factorio 2026-06-17 6.8 MEDIUM 8.6 HIGH
A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 allows remote game servers or user-assisted attackers to execute arbitrary C code by including and loading a C library.
CVE-2017-11591 3 Canonical, Debian, Exiv2 3 Ubuntu Linux, Debian Linux, Exiv2 2026-06-17 5.0 MEDIUM 7.5 HIGH
There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input.
CVE-2017-11565 1 Debian 1 Tor 2026-06-17 5.0 MEDIUM 7.5 HIGH
debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorrectly (with a wrong assumption that the specific pathname would remain the same forever), which allows attackers to bypass intended AppArmor restrictions by leveraging the silent loss of this protection mechanism. NOTE: this does not affect systems, such as default Debian stretch installations, on which Tor startup relies on a systemd unit file (instead of this tor.init script).
CVE-2017-11480 1 Elasticsearch 1 Packetbeat 2026-06-17 5.0 MEDIUM 7.5 HIGH
Packetbeat versions prior to 5.6.4 are affected by a denial of service flaw in the PostgreSQL protocol handler. If Packetbeat is listening for PostgreSQL traffic and a user is able to send arbitrary network traffic to the monitored port, the attacker could prevent Packetbeat from properly logging other PostgreSQL traffic.
CVE-2017-11450 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2026-06-17 6.8 MEDIUM 8.8 HIGH
coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via JPEG data that is too short.
CVE-2017-11449 1 Imagemagick 1 Imagemagick 2026-06-17 6.8 MEDIUM 8.8 HIGH
coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable streams and thus cannot validate blob sizes, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via an image received from stdin.
CVE-2017-11424 2 Debian, Pyjwt Project 2 Debian Linux, Pyjwt 2026-06-17 5.0 MEDIUM 7.5 HIGH
In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.
CVE-2017-11401 1 Belden 2 Tofino Xenon Security Appliance, Tofino Xenon Security Appliance Firmware 2026-06-17 7.5 HIGH 9.8 CRITICAL
An issue has been discovered on the Belden Hirschmann Tofino Xenon Security Appliance before 03.2.00. Improper handling of the mbap.length field of ModBus packets in the ModBus DPI filter allows an attacker to send malformed/crafted packets to a protected asset, bypassing function code filtering.