Vulnerabilities (CVE)

Filtered by vendor Microsoft Subscribe
Total 21092 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-11269 3 Adobe, Apple, Microsoft 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more 2025-04-20 9.3 HIGH 8.8 HIGH
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) image stream data. Successful exploitation could lead to arbitrary code execution.
CVE-2016-5725 2 Jcraft, Microsoft 2 Jsch, Windows 2025-04-20 4.3 MEDIUM 5.9 MEDIUM
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
CVE-2017-8591 1 Microsoft 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more 2025-04-20 7.2 HIGH 7.8 HIGH
Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulnerability when it fails to properly handle objects in memory, aka "Windows IME Remote Code Execution Vulnerability".
CVE-2017-8537 1 Microsoft 13 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 10 more 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.
CVE-2017-2218 2 Apple, Microsoft 2 Quicktime, Windows 2025-04-20 6.8 MEDIUM 7.8 HIGH
Untrusted search path vulnerability in Installer of QuickTime for Windows allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2017-2996 5 Adobe, Apple, Google and 2 more 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more 2025-04-20 9.3 HIGH 8.8 HIGH
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in Primetime SDK. Successful exploitation could lead to arbitrary code execution.
CVE-2017-8561 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 6.9 MEDIUM 7.0 HIGH
Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability due to the way it handles objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability".
CVE-2017-7061 2 Apple, Microsoft 7 Icloud, Iphone Os, Itunes and 4 more 2025-04-20 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-1297 3 Ibm, Linux, Microsoft 8 Data Server Client, Data Server Driver For Odbc And Cli, Data Server Driver Package and 5 more 2025-04-20 4.4 MEDIUM 7.3 HIGH
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
CVE-2017-0028 1 Microsoft 1 Edge 2025-04-20 10.0 HIGH 9.8 CRITICAL
A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."
CVE-2017-8750 1 Microsoft 9 Edge, Internet Explorer, Windows 10 and 6 more 2025-04-20 7.6 HIGH 7.5 HIGH
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability".
CVE-2017-11905 1 Microsoft 4 Chakracore, Edge, Windows 10 and 1 more 2025-04-20 7.6 HIGH 7.5 HIGH
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
CVE-2017-5078 5 Apple, Google, Linux and 2 more 7 Macos, Chrome, Linux Kernel and 4 more 2025-04-20 6.8 MEDIUM 8.8 HIGH
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument.
CVE-2017-8496 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2025-04-20 7.6 HIGH 7.5 HIGH
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497.
CVE-2017-8485 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 1.9 LOW 5.0 MEDIUM
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297.
CVE-2017-0009 1 Microsoft 1 Internet Explorer 2025-04-20 4.3 MEDIUM 4.3 MEDIUM
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.
CVE-2017-6252 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2025-04-20 7.2 HIGH 7.8 HIGH
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a NULL pointer dereference may lead to a denial of service or potential escalation of privileges.
CVE-2017-8739 1 Microsoft 2 Edge, Windows 10 2025-04-20 4.3 MEDIUM 4.3 MEDIUM
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".
CVE-2017-7095 2 Apple, Microsoft 6 Icloud, Iphone Os, Itunes and 3 more 2025-04-20 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 11 is affected. Safari before 11 is affected. iCloud before 7.0 on Windows is affected. iTunes before 12.7 on Windows is affected. tvOS before 11 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2017-5109 6 Apple, Debian, Google and 3 more 8 Macos, Debian Linux, Chrome and 5 more 2025-04-20 4.3 MEDIUM 4.3 MEDIUM
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.