CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7680 matches found

CNVD•added 2017/05/18 12:0 a.m.•0 views

Microsoft Chakra Core Remote Code Execution Vulnerability

Chakra is a JavaScript engine developed by Microsoft for its web browsers. A security vulnerability in the way the JavaScript engine is rendered when handling in-memory objects in Microsoft Chakra Core could be exploited by remote attackers to construct malicious web pages that could be parsed by...

9.8CVSS7.3AI score0.36015EPSS

Exploits0References1

Zero Day Initiative•added 2017/05/18 12:0 a.m.•38 views

(Pwn2Own) Apple Safari WebGLRenderingContextBase drawElements Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

4.3CVSS0.9AI score0.0042EPSS

Exploits0References1

OSV•added 2017/05/15 5:29 p.m.•1 views

CVE-2017-0223

A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0252...

9.8CVSS6.3AI score0.36015EPSS

Exploits0References2

Zero Day Initiative•added 2017/05/15 12:0 a.m.•37 views

Apple Safari RenderLayer Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

6.8CVSS1.9AI score0.00877EPSS

Exploits0References1

OSV•added 2017/05/12 2:29 p.m.•1 views

CVE-2017-0242

An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka "Microsoft ActiveX Information Disclosure Vulnerability."...

5.5CVSS5.8AI score0.07627EPSS

Exploits0References2

CNVD•added 2017/05/12 12:0 a.m.•2 views

Microsoft Windows Kernel 'Win32k.sys' local elevation of privilege vulnerability (CNVD-2017-06619)

Microsoft Windows is the popular computer operating system. A local elevation of privilege vulnerability in the Windows Kernel's handling of memory objects exists in some versions of Windows, which when successfully exploited allows an attacker to run arbitrary code in kernel mode...

7.8CVSS7.3AI score0.20292EPSS

Exploits4References1

CNVD•added 2017/05/12 12:0 a.m.•1 views

Microsoft Edge Remote Code Execution Vulnerability

Microsoft Edge is the web browser built into the Windows 10 version. A remote code execution vulnerability exists in the scripting engine presentation when Microsoft Edge handles in-memory objects, where an attacker could execute arbitrary code in the current user context...

7.6CVSS7.9AI score0.36638EPSS

Exploits0References1

CNVD•added 2017/05/11 12:0 a.m.•3 views

Microsoft Windows Kernel Local Elevation of Privilege Vulnerability (CNVD-2017-06616)

Microsoft Windows is the popular computer operating system. A local elevation of privilege vulnerability in the Windows Kernel's handling of memory objects exists in some versions of Windows, which when successfully exploited, could allow an attacker to execute arbitrary code and denial of servic...

6.9CVSS7.7AI score0.01477EPSS

Exploits0References1

CNVD•added 2017/05/11 12:0 a.m.•1 views

Microsoft DirectX Graphics Kernel Local Elevation of Privilege Vulnerability

Microsoft Windows is the popular computer operating system. A local elevation of privilege vulnerability exists in the implementation of Microsoft Windows when memory objects are not handled correctly, which could allow a local attacker to take control of the affected system via a constructed...

7.8CVSS6.8AI score0.04643EPSS

Exploits0References1

CNVD•added 2017/05/11 12:0 a.m.•2 views

Microsoft Windows Kernel Local Information Disclosure Vulnerability (CNVD-2017-06610)

Microsoft Windows is the popular computer operating system. The Windows kernel does not properly handle memory objects and is implemented with a local information disclosure vulnerability that, when successfully exploited, allows an attacker to obtain sensitive information...

4.7CVSS5.8AI score0.02541EPSS

Exploits3References1

OpenVAS•added 2017/05/10 12:0 a.m.•56 views

Microsoft Windows 'Tcpip.sys' Information Disclosure Vulnerability (KB4018885)

This host is missing an important security update according to Microsoft KB4018885. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

4.7CVSS5.4AI score0.02541EPSS

Exploits3References3

Zero Day Initiative•added 2017/05/10 12:0 a.m.•73 views

(Pwn2Own) Microsoft Chakra Array Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

6.8CVSS2.3AI score0.38059EPSS

Exploits2References1

OpenVAS•added 2017/05/10 12:0 a.m.•19 views

Microsoft ActiveX 'Msadcf.dll' Information Disclosure Vulnerability (KB4018927)

This host is missing an important security update according to Microsoft KB4018927. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescripti...

5.5CVSS6.1AI score0.07627EPSS

Exploits0References3