| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A remote code execution vulnerability exists in Microsoft PowerPoint when the software fails to properly handle objects in memory, aka "Microsoft PowerPoint Remote Code Execution Vulnerability". |
| ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. |
| Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". |
| ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. |
| A buffer overflow vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an authenticated malicious user to cause a buffer overflow leading to a denial of service. |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to transformation of blocks of pixels. Successful exploitation could lead to arbitrary code execution. |
| The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in libasn1fix.a in asn1c 0.9.28 allows remote attackers to cause a denial of service (segmentation fault) via a crafted .asn1 file. |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager (AGM) module. Successful exploitation could lead to arbitrary code execution. |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. |
| In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header. |
| XnView Classic for Windows Version 2.40 allows user-assisted remote attackers to execute code via a crafted .mov file that is mishandled during the opening of a directory in "Browser" mode, because of a "User Mode Write AV near NULL" in XnView.exe. |
| Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft browsers handle objects in memory, aka "Windows Shell Remote Code Execution Vulnerability". |
| Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors. |
| The fill_buffer_resample function in util.c in libmp3lame.a in LAME 3.98.4, 3.98.2, 3.98, 3.99, 3.99.1, 3.99.2, 3.99.3, 3.99.4 and 3.99.5 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted audio file. |
| IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpResCompareResourceNames+0x0000000000000087." |
| Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. |
| Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka "Internet Explorer Memory Corruption Vulnerability". |
| Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. |
| Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. |
| ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". |
