CVEs from 2017
Total
11,662
critical
critical 1,647
high
high 5,041
medium
medium 4,168
low
low 159
% Critical
14.1%
% with KEV
0.7%
% with exploit
9.8%
Top vendors
Top products
- imagemagick 1,426
- joomla\! 932
- kanboard 848
- ntp 762
- tomcat 676
- mahara 572
- postgresql 492
- asterisk 435
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-9485 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to write arbitrary data to a known /var/tmp/sess_* pathname by leve… | |||
| CVE-2017-9484 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote att… | |||
| CVE-2017-9481 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain unintended access to the Network Processor (NP) 169.254/1… | |||
| CVE-2017-9478 | high | 7.5 | 7.5 | 9y ago | The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices sets the CM MAC a… | |||
| CVE-2017-11692 | high | 7.5 | 7.5 | 9y ago | The function "Token& Scanner::peek" in scanner.cpp in yaml-cpp 0.5.3 and earlier allows remote attackers to cause a denial of service (assertion failure and application exit) via a '!2' string. | |||
| CVE-2017-11746 | high | 7.5 | 7.5 | 9y ago | Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tens… | |||
| CVE-2017-11723 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in plugins/ImageManager/backend.php in Xinha 0.96, as used in Jojo 4.4.0, allows remote attackers to delete any folder via directory traversal sequences in the deld … | |||
| CVE-2017-11717 | high | 7.5 | 7.5 | 9y ago | MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 seconds, which makes it easier for remote attackers to bypass intended challenge requirements by modifying the client-server data stre… | |||
| CVE-2017-11706 | high | 7.5 | 7.5 | 9y ago | The Boozt Fashion application before 2.3.4 for Android allows remote attackers to read login credentials by sniffing the network and leveraging the lack of SSL. NOTE: the vendor response, before the … | |||
| CVE-2017-11665 | high | 7.5 | 7.5 | 9y ago | The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg 3.3.2 allows remote RTMP servers to cause a denial of service (Segmentation Violation and application crash) via a crafted strea… | |||
| CVE-2017-11684 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in the build_table function in libavcodec/bitstream.c of Libav 12.1 that will lead to remote denial of service via crafted input. | |||
| CVE-2017-7659 | high | 7.5 | 7.5 | 9y ago | A maliciously constructed HTTP/2 request could cause mod_http2 in Apache HTTP Server 2.4.24, 2.4.25 to dereference a NULL pointer and crash the server process. | |||
| CVE-2017-11658 | high | 7.5 | 7.5 | 9y ago | In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion mitigation technique is to trim traversal characters (..) -- however, this is insufficient to stop remote attacks and can be bypa… | |||
| CVE-2017-11655 | high | 7.5 | 7.5 | 9y ago | A memory leak was found in the way SIPcrack 0.2 handled processing of SIP traffic, because a lines array was mismanaged. A remote attacker could potentially use this flaw to crash long-running sipdum… | |||
| CVE-2017-11630 | high | 7.5 | 7.5 | 9y ago | dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter in a type=database request, a… | |||
| CVE-2017-9233 | high | 7.5 | 7.5 | 9y ago | XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an … | |||
| CVE-2017-6751 | high | 7.5 | 7.5 | 9y ago | A vulnerability in the web proxy functionality of the Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to forward traffic from the web proxy interface of an affected… | |||
| CVE-2017-6750 | high | 7.5 | 7.5 | 9y ago | A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) could allow an unauthenticated, local attacker to log in to the device with the privileges of a limited user or an unauthenticate… | |||
| CVE-2017-6672 | high | 7.5 | 7.5 | 9y ago | A vulnerability in certain filtering mechanisms of access control lists (ACLs) for Cisco ASR 5000 Series Aggregation Services Routers through 21.x could allow an unauthenticated, remote attacker to b… | |||
| CVE-2017-11499 | high | 7.5 | 7.5 | 9y ago | Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through v6.11.0, v7.0 through v7.10.0, and v8.0 through v8.1.3 was susceptible to hash flooding remote DoS attacks as the HashTable seed was co… | |||
| CVE-2017-8035 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in the Cloud Controller API in Cloud Foundry Foundation CAPI-release versions after v1.6.0 and prior to v1.35.0 and cf-release versions after v244 and prior to v268. A careful… | |||
| CVE-2017-9553 | high | 7.5 | 7.5 | 9y ago | A design flaw in SYNO.API.Encryption in Synology DiskStation Manager (DSM) before 6.1.3-15152 allows remote attackers to bypass the encryption protection mechanism via the crafted version parameter. | |||
| CVE-2017-11326 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass the implemented restrictions on arbitrary file upload via a filename.+php manipulation. | |||
| CVE-2017-11325 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read via a file=../ attack on actionphp/download.File.php. | |||
| CVE-2017-11592 | high | 7.5 | 7.5 | 9y ago | There is a Mismatched Memory Management Routines vulnerability in the Exiv2::FileIo::seek function of Exiv2 0.26 that will lead to a remote denial of service attack (heap memory corruption) via craft… | |||
| CVE-2017-11591 | high | 7.5 | 7.5 | 9y ago | There is a Floating point exception in the Exiv2::ValueType function in Exiv2 0.26 that will lead to a remote denial of service attack via crafted input. | |||
| CVE-2017-11590 | high | 7.5 | 7.5 | 9y ago | There is a NULL pointer dereference in the caseless_hash function in gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11587 | high | 7.5 | 7.5 | 9y ago | On Cisco DDR2200 ADSL2+ Residential Gateway DDR2200B-NA-AnnexA-FCC-V00.00.03.45.4E and DDR2201v1 ADSL2+ Residential Gateway DDR2201v1-NA-AnnexA-FCC-V00.00.03.28.3 devices, there is directory traversa… | |||
| CVE-2017-11565 | high | 7.5 | 7.5 | 9y ago | debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was designed to execute aa-exec from the standard system pathname if the apparmor package is installed, but implements this incorre… | |||
| CVE-2017-11556 | high | 7.5 | 7.5 | 9y ago | There is a stack consumption vulnerability in the Parser::advanceToNextToken function in parser.cpp in LibSass 3.4.5. A crafted input may lead to remote denial of service. | |||
| CVE-2017-11555 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in the Eval::operator function in eval.cpp in LibSass 3.4.5. A crafted input will lead to a remote denial of service. | |||
| CVE-2017-11554 | high | 7.5 | 7.5 | 9y ago | There is a stack consumption vulnerability in the lex function in parser.hpp (as used in sassc) in LibSass 3.4.5. A crafted input will lead to a remote denial of service. | |||
| CVE-2017-11553 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in the extend_alias_table function in localealias.c of Exiv2 0.26. A crafted input will lead to remote denial of service. | |||
| CVE-2017-11521 | high | 7.5 | 7.5 | 9y ago | The SdpContents::Session::Medium::parse function in resip/stack/SdpContents.cxx in reSIProcate 1.10.2 allows remote attackers to cause a denial of service (memory consumption) by triggering many medi… | |||
| CVE-2017-7523 | high | 7.5 | 7.5 | 9y ago | Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hi… | |||
| CVE-2017-1267 | high | 7.5 | 7.5 | 9y ago | IBM Security Guardium 10.0 and 10.1 processes patches, image backups and other updates without sufficiently verifying the origin and integrity of the code. IBM X-Force ID: 124742. | |||
| CVE-2017-11468 | high | 7.5 | 7.5 | 9y ago | Uncontrolled resource allocation in github.com/docker/distribution | |||
| CVE-2017-11500 | high | 7.5 | 7.5 | 9y ago | A directory traversal vulnerability exists in MetInfo 5.3.17. A remote attacker can use ..\ to delete any .zip file via the filenames parameter to /admin/system/database/filedown.php. | |||
| CVE-2017-7063 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. watchOS before 3.2.3 is affected. The issue involves the "Messages" component. It allows remote attackers to cause a … | |||
| CVE-2017-7007 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. The issue involves the "EventKitUI" component. It allows remote attackers to cause a denial of service (resource cons… | |||
| CVE-2017-1224 | high | 7.5 | 7.5 | 9y ago | IBM Tivoli Endpoint Manager uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 123903. | |||
| CVE-2017-9245 | high | 7.5 | 7.5 | 9y ago | The Google News and Weather application before 3.3.1 for Android allows remote attackers to read OAuth tokens by sniffing the network and leveraging the lack of SSL. | |||
| CVE-2017-11411 | high | 7.5 | 7.5 | 9y ago | In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY dissector could crash or exhaust system memory. This was addressed in epan/dissectors/packet-opensafety.c by adding length validati… | |||
| CVE-2017-11410 | high | 7.5 | 7.5 | 9y ago | In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML dissector could go into an infinite loop, triggered by packet injection or a malformed capture file. This was addressed in epan/dissecto… | |||
| CVE-2017-11409 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type. | |||
| CVE-2017-11408 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector could crash. This was addressed in epan/dissectors/packet-amqp.c by checking for successful list dissection. | |||
| CVE-2017-11407 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could crash. This was addressed in epan/dissectors/packet-mq.c by validating the fragment length before a reassembly attempt. | |||
| CVE-2017-11406 | high | 7.5 | 7.5 | 9y ago | In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector could go into an infinite loop. This was addressed in plugins/docsis/packet-docsis.c by rejecting invalid Frame Control parameter… | |||
| CVE-2017-9933 | high | 7.5 | 7.5 | 9y ago | Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads to disclosure of form contents. | |||
| CVE-2017-10987 | high | 7.5 | 7.5 | 9y ago | An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Buffer over-read in fr_dhcp_decode_suboptions()" and a denial of service. | |||
| CVE-2017-10986 | high | 7.5 | 7.5 | 9y ago | An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows "DHCP - Infinite read in dhcp_attr2vp()" and a denial of service. | |||
| CVE-2017-10985 | high | 7.5 | 7.5 | 9y ago | An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows "Infinite loop and memory exhaustion with 'concat' attributes" and a denial of service. | |||
| CVE-2017-10983 | high | 7.5 | 7.5 | 9y ago | An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "DHCP - Read overflow when decoding option 63" and a denial of service. | |||
| CVE-2017-10982 | high | 7.5 | 7.5 | 9y ago | An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Buffer over-read in fr_dhcp_decode_options()" and a denial of service. | |||
| CVE-2017-10981 | high | 7.5 | 7.5 | 9y ago | An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in fr_dhcp_decode()" and a denial of service. | |||
| CVE-2017-10980 | high | 7.5 | 7.5 | 9y ago | An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows "DHCP - Memory leak in decode_tlv()" and a denial of service. | |||
| CVE-2017-10978 | high | 7.5 | 7.5 | 9y ago | An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before 3.0.15 allows "Read / write overflow in make_secret()" and a denial of service. | |||
| CVE-2017-11367 | high | 7.5 | 7.5 | 9y ago | The shoco_decompress function in the API in shoco through 2017-07-17 allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data. | |||
| CVE-2017-9951 | high | 7.5 | 7.5 | 9y ago | The try_read_command function in memcached.c in memcached before 1.4.39 allows remote attackers to cause a denial of service (segmentation fault) via a request to add/set a key, which makes a compari… | |||
| CVE-2017-9814 | high | 7.5 | 7.5 | 9y ago | cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) because of mishandling of an unexpected malloc(0) call. | |||
| CVE-2017-7688 | high | 7.5 | 7.5 | 9y ago | Apache OpenMeetings updates user password in insecure manner | |||
| CVE-2017-7684 | high | 7.5 | 7.5 | 9y ago | Apache OpenMeetings vulnerable to Uncontrolled Resource Consumption | |||
| CVE-2017-7683 | high | 7.5 | 7.5 | 9y ago | Apache OpenMeetings displays Tomcat version and detailed error stack trace | |||
| CVE-2017-7680 | high | 7.5 | 7.5 | 9y ago | Apache OpenMeetings allows flash content to be loaded from untrusted domains | |||
| CVE-2017-3101 | high | 7.5 | 7.5 | 9y ago | Adobe Connect versions 9.6.1 and earlier have a clickjacking vulnerability. Successful exploitation could lead to a clickjacking attack. | |||
| CVE-2017-2348 | high | 7.5 | 7.5 | 9y ago | The Juniper Enhanced jdhcpd daemon may experience high CPU utilization, or crash and restart upon receipt of an invalid IPv6 UDP packet. Both high CPU utilization and repeated crashes of the jdhcpd d… | |||
| CVE-2017-2347 | high | 7.5 | 7.5 | 9y ago | A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured. Repeated crashes of the rpd daemon … | |||
| CVE-2017-2314 | high | 7.5 | 7.5 | 9y ago | Receipt of a malformed BGP OPEN message may cause the routing protocol daemon (rpd) process to crash and restart. By continuously sending specially crafted BGP OPEN messages, an attacker can repeated… | |||
| CVE-2017-1183 | high | 7.5 | 7.5 | 9y ago | IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to modify SQL commands to the Portal Server, when default client-server communications, HTTP, are being used. IBM X-For… | |||
| CVE-2017-1182 | high | 7.5 | 7.5 | 9y ago | IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) attacker to execute arbitrary commands on the system, when default client-server default communications, HTTP, are being used. I… | |||
| CVE-2017-11343 | high | 7.5 | 7.5 | 9y ago | Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, … | |||
| CVE-2017-11342 | high | 7.5 | 7.5 | 9y ago | There is an illegal address access in ast.cpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-11341 | high | 7.5 | 7.5 | 9y ago | There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A crafted input will lead to a remote denial of service attack. | |||
| CVE-2017-10605 | high | 7.5 | 7.5 | 9y ago | On all vSRX and SRX Series devices, when the DHCP or DHCP relay is configured, specially crafted packet might cause the flowd process to crash, halting or interrupting traffic from flowing through th… | |||
| CVE-2017-1000080 | high | 7.5 | 7.5 | 9y ago | Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. | |||
| CVE-2017-1000079 | high | 7.5 | 7.5 | 9y ago | Linux foundation ONOS 1.9.0 is vulnerable to a DoS. | |||
| CVE-2017-1000068 | high | 7.5 | 7.5 | 9y ago | TestTrack Server versions 1.0 and earlier are vulnerable to an authentication flaw in the split disablement feature resulting in the ability to disable arbitrary running splits and cause denial of se… | |||
| CVE-2017-1000066 | high | 7.5 | 7.5 | 9y ago | The entry details view function in KeePass version 1.32 inadvertently decrypts certain database entries into memory, which may result in the disclosure of sensitive information. | |||
| CVE-2017-1000064 | high | 7.5 | 7.5 | 9y ago | kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion in the router resulting in DoS | |||
| CVE-2017-1000062 | high | 7.5 | 7.5 | 9y ago | kittoframework kitto 0.5.1 is vulnerable to directory traversal in the router resulting in remote code execution | |||
| CVE-2017-1000050 | high | 7.5 | 7.5 | 9y ago | JasPer 2.0.12 is vulnerable to a NULL pointer exception in the function jp2_encode which failed to check to see if the image contained at least one component resulting in a denial-of-service. | |||
| CVE-2017-1000048 | high | 7.5 | 7.5 | 9y ago | Prototype Pollution Protection Bypass in qs | |||
| CVE-2017-1000046 | high | 7.5 | 7.5 | 9y ago | Sensitive Cookie Without HttpOnly and Secure Flag | |||
| CVE-2017-1000029 | high | 7.5 | 7.5 | 9y ago | Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is vulnerable to Local File Inclusion vulnerability, that makes it possible to include arbitrary files on the server, this vulnerability … | |||
| CVE-2017-1000025 | high | 7.5 | 7.5 | 9y ago | GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 before 3.20.7, 3.18 before 3.18.11, and prior versions, is vulnerable to a password manager sweep attack resulting in the remote exfi… | |||
| CVE-2017-1000024 | high | 7.5 | 7.5 | 9y ago | Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable to an information disclosure in the web publishing plugins resulting in potential password and oauth token plaintext transmission | |||
| CVE-2017-1000018 | high | 7.5 | 7.5 | 9y ago | phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the replication status by using a specially crafted table name | |||
| CVE-2017-1000016 | high | 7.5 | 7.5 | 9y ago | A weakness was discovered where an attacker can inject arbitrary values in to the browser cookies. This is a re-issue of an incomplete fix from PMASA-2016-18. | |||
| CVE-2017-1000014 | high | 7.5 | 7.5 | 9y ago | phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table editing functionality | |||
| CVE-2017-1000001 | high | 7.5 | 7.5 | 9y ago | FedMsg 0.18.1 and older is vulnerable to a message validation flaw resulting in message validation not being enabled if configured to be on. | |||
| CVE-2017-9789 | high | 7.5 | 7.5 | 9y ago | When under stress, closing many connections, the HTTP/2 handling code in Apache httpd 2.4.26 would sometimes access memory after it has been freed, resulting in potentially erratic behaviour. | |||
| CVE-2017-9787 | high | 7.5 | 7.5 | 9y ago | Spring AOP functionality (Struts) vulnerable to DoS attack | |||
| CVE-2017-7529 | high | 7.5 | 7.5 | 9y ago | Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable to integer overflow vulnerability in nginx range filter module resulting into leak of potentially sensitive information triggered … | |||
| CVE-2017-9977 | high | 7.5 | 7.5 | 9y ago | AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. | |||
| CVE-2017-9845 | high | 7.5 | 7.5 | 9y ago | disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote attackers to cause a denial of service (resource consumption) via a crafted DIAG request, aka SAP Security Note 2405918. | |||
| CVE-2017-4055 | high | 7.5 | 7.5 | 9y ago | Exploitation of Authentication vulnerability in the web interface in McAfee Advanced Threat Defense (ATD) 3.10, 3.8, 3.6, 3.4 allows remote unauthenticated users / remote attackers to bypass ATD dete… | |||
| CVE-2017-11188 | high | 7.5 | 7.5 | 9y ago | The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a large loop vulnerability that can cause CPU exhaustion via a crafted DPX file, related to lack of an EOF check. | |||
| CVE-2017-11178 | high | 7.5 | 7.5 | 9y ago | In FineCMS through 2017-07-11, application/core/controller/style.php allows remote attackers to write to arbitrary files via the contents and filename parameters in a route=style action. For example,… | |||
| CVE-2017-8619 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling obje… | |||
| CVE-2017-8617 | high | 7.5 | 7.5 | 9y ago | Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code execution vulnerability in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Ed… |