Latest CVE Feed
-
5.3
MEDIUMCVE-2017-11887
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to ... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_server_2008 windows_server_2012 windows_server_2016 internet_explorer- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2017-11901
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the c... Read more
- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2017-11909
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption V... Read more
- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2017-11886
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current... Read more
- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
5.3
MEDIUMCVE-2017-11906
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to obtain information to furt... Read more
- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
8.5
HIGHCVE-2017-11885
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow a remote code execution vulnerability due to the ... Read more
Affected Products : windows_10 windows_7 windows_8.1 windows_rt_8.1 windows_server_2008 windows_server_2012 windows_server_2016- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2017-11911
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption V... Read more
- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
7.5
HIGHCVE-2017-11883
.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".... Read more
Affected Products : aspnetcore- Published: Nov. 15, 2017
- Modified: Apr. 20, 2025
-
5.4
MEDIUMCVE-2017-12158
It was found that Keycloak would accept a HOST header URL in the admin console and use it to determine web resource locations. An attacker could use this flaw against an authenticated user to attain reflected XSS via a malicious server.... Read more
- Published: Oct. 26, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2017-11903
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as t... Read more
- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-11927
Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allow an information vulnerability due to the way the W... Read more
- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2017-11889
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting En... Read more
- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
9.3
HIGHCVE-2017-11937
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, 1709 and Windows Server 2016, Windows Server, version 1709, Microsoft Excha... Read more
- Published: Dec. 07, 2017
- Modified: Apr. 20, 2025
-
6.5
MEDIUMCVE-2017-12071
Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the url parameter.... Read more
Affected Products : photo_station- Published: Sep. 08, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2017-11888
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory C... Read more
- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2017-11907
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as t... Read more
- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
4.9
MEDIUMCVE-2017-12076
Uncontrolled Resource Consumption vulnerability in SYNO.Core.PortForwarding.Rules in Synology DiskStation (DSM) before 6.1.1-15088 allows remote authenticated attacker to exhaust the memory resources of the machine, causing a denial of service attack.... Read more
- Published: Aug. 28, 2017
- Modified: Apr. 20, 2025
-
8.1
HIGHCVE-2017-11932
Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 CU5 allow a spoofing vulnerability due to the way Outlook Web Access (OWA) validates web requests, aka "Microsoft Exchange Spoofing Vulnerability".... Read more
Affected Products : exchange_server- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025
-
6.1
MEDIUMCVE-2017-12068
The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin.php in an el_admin_categories delete_bulk action.... Read more
Affected Products : event_list- Published: Aug. 01, 2017
- Modified: Apr. 20, 2025
-
7.6
HIGHCVE-2017-11930
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code... Read more
- Published: Dec. 12, 2017
- Modified: Apr. 20, 2025