CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Slackware Linux•added 2017/10/24 5:55 a.m.•43 views

[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/curl-7.56.1-i586-1slack14.2.txz: Upgraded. This update fixes a security issue: IMAP FETCH response out of bounds read may...

9.1CVSS8.9AI score0.06224EPSS

Exploits0

Tenable Nessus•added 2017/10/24 12:0 a.m.•12 views

Slackware 14.0 / 14.1 / 14.2 / current : curl (SSA:2017-297-01)

New curl packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2017-297-01. The text itself is copyrig...

9.1CVSS7.3AI score0.06224EPSS

Exploits0References2

Mageia•added 2017/10/19 10:5 p.m.•35 views

Updated db48 and db53 packages fix security vulnerability

It was found that Berkeley DB reads the DBCONFIG configuration file from the current working directory by default. This happens when calling dbcreate with dbenv=NULL; or using the dbmopen function CVE-2017-10140...

7.8CVSS1.7AI score0.00567EPSS

Exploits1References3

BDU FSTEC•added 2017/10/17 12:0 a.m.•4 views

Microsoft Edge browser’s vulnerability, related to improper handling of objects in memory, allows a hacker to execute arbitrary code.

The vulnerability of Microsoft Edge browser on Microsoft Windows operating systems is related to incorrect handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, using specially crafted content that cause...

7.6CVSS7.7AI score0.08891EPSS

7.6CVSS7.7AI score0.08716EPSS

Microsoft Edge browser’s vulnerability, related to improper handling of objects in memory, allows a hacker to execute arbitrary code.

7.6CVSS7.9AI score0.10801EPSS

The vulnerability of the Internet Explorer browser, related to incorrect handling of objects in memory, allows attackers to execute arbitrary code.

The vulnerability of the Internet Explorer browser is related to incorrect handling of objects in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code in the context of the current user...

Exploits0References4Affected Software1

7.6CVSS7.7AI score0.08716EPSS

Microsoft Edge browser’s vulnerability, related to improper handling of objects in memory, allows a hacker to execute arbitrary code.

7.6CVSS7.8AI score0.52537EPSS

Microsoft Edge browser’s vulnerability, related to improper handling of objects in memory, allows a hacker to execute arbitrary code.

Exploits3References6

OSV•added 2017/10/13 1:29 p.m.•1 views

CVE-2017-11804

ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

7.5CVSS6.1AI score0.08761EPSS

Exploits0References3

Prion•added 2017/10/13 1:29 p.m.•17 views

Memory corruption

Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Windows Text Services...

7.6CVSS7.8AI score0.0827EPSS

Exploits0References3Affected Software3

ATTACKERKB•added 2017/10/13 1:29 p.m.•5 views

CVE-2017-11810

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the...

9.3CVSS6AI score0.69163EPSS

Exploits20References5

CNVD•added 2017/10/11 12:0 a.m.•2 views

Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CNVD-2017-30325)

Edge is Microsoft's browser for Windows 10, characterized as fast and secure. A memory corruption vulnerability exists in the way the Microsoft Edge scripting engine handles objects in memory, which can be exploited by an attacker to execute arbitrary code in the context of the current user or to...

7.6CVSS7.8AI score0.08761EPSS

CNVD•added 2017/10/11 12:0 a.m.•2 views

Microsoft Office Remote Code Execution Vulnerability (CNVD-2017-30582)

Microsoft Office is a suite of office software based on the Windows operating system developed by Microsoft. A remote code execution vulnerability exists in the implementation of Microsoft Office when it does not properly handle memory objects, which could allow an attacker to run arbitrary code ...

9.3CVSS7.9AI score0.2207EPSS

CNVD•added 2017/10/11 12:0 a.m.•1 views

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability (CNVD-2017-30543)

Microsoft Edge is the web browser built into the Windows 10 version. Microsoft Edge suffers from a remote memory corruption vulnerability in the scripting engine's handling of in-memory objects, which can be exploited by an attacker to corrupt memory by executing arbitrary code in the current use...

9.3CVSS7.5AI score0.4726EPSS

Zero Day Initiative•added 2017/10/10 12:0 a.m.•29 views

Microsoft Windows XLS File Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the Microsoft...

6.8CVSS8.8AI score0.23119EPSS