The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2017-0254 | Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka Microsoft Office Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265. | HIGH | May 12, 2017 |
| CVE-2017-0252 | A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka Scripting Engine Memory Corruption Vulnerability. This vulnerability is unique from CVE-2017-0223. | HIGH | May 15, 2017 |
| CVE-2017-0250 | Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows a remote code execution vulnerability due to buffer overflow, aka Microsoft JET Database Engine Remote Code Execution Vulnerability. | HIGH | Aug 9, 2017 |
| CVE-2017-0249 | An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests. | HIGH | May 12, 2017 |
| CVE-2017-0248 | Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to bypass Enhanced Security Usage taggings when they present a certificate that is invalid for a specific use, aka .NET Security Feature Bypass Vulnerability. | MEDIUM | May 12, 2017 |
| CVE-2017-0247 | A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. | MEDIUM | May 12, 2017 |
| CVE-2017-0246 | The Graphics Component in the kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application or in Windows 7 for x64-based Systems and later, cause denial of service, aka Win32k Elevation of Privilege Vulnerability. | MEDIUM | May 12, 2017 |
| CVE-2017-0245 | The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka Win32k Information Disclosure Vulnerability. | LOW | May 12, 2017 |
| CVE-2017-0244 | The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows locally authenticated attackers to gain privileges via a crafted application, or in Windows 7 for x64-based systems, cause denial of service, aka Windows Kernel Elevation of Privilege Vulnerability. | MEDIUM | May 12, 2017 |
| CVE-2017-0243 | Microsoft Office allows a remote code execution vulnerability due to the way that it handles objects in memory, aka Microsoft Office Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2017-8570. | HIGH | Jul 11, 2017 |
| CVE-2017-0242 | An information disclosure vulnerability exists in the way some ActiveX objects are instantiated, aka Microsoft ActiveX Information Disclosure Vulnerability. | MEDIUM | May 12, 2017 |
| CVE-2017-0241 | An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka Microsoft Edge Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-0233. | MEDIUM | May 12, 2017 |
| CVE-2017-0240 | A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka Microsoft Edge Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227. | HIGH | May 12, 2017 |
| CVE-2017-0238 | A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka Scripting Engine Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236. | HIGH | May 12, 2017 |
| CVE-2017-0236 | A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka Scripting Engine Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238. | HIGH | May 12, 2017 |
| CVE-2017-0235 | A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka Scripting Engine Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238. | HIGH | May 12, 2017 |
| CVE-2017-0234 | A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka Scripting Engine Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | HIGH | May 12, 2017 |
| CVE-2017-0233 | An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka Microsoft Edge Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-0241. | MEDIUM | May 12, 2017 |
| CVE-2017-0231 | A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka Microsoft Browser Spoofing Vulnerability. | MEDIUM | May 12, 2017 |
| CVE-2017-0230 | A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka Scripting Engine Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | HIGH | May 12, 2017 |
| CVE-2017-0229 | A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka Scripting Engine Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | HIGH | May 12, 2017 |
| CVE-2017-0228 | A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka Scripting Engine Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | HIGH | May 12, 2017 |
| CVE-2017-0227 | A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka Microsoft Edge Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0221 and CVE-2017-0240. | HIGH | May 12, 2017 |
| CVE-2017-0226 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka Internet Explorer Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0222. | HIGH | May 12, 2017 |
| CVE-2017-0224 | A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka Scripting Engine Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238. | HIGH | May 12, 2017 |
| CVE-2017-0223 | A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka Scripting Engine Memory Corruption Vulnerability. This vulnerability is unique from CVE-2017-0252. | HIGH | May 15, 2017 |
| CVE-2017-0222 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka Internet Explorer Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0226. | HIGH | May 12, 2017 |
| CVE-2017-0221 | A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka Microsoft Edge Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240. | HIGH | May 12, 2017 |
| CVE-2017-0220 | The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka Windows Kernel Information Disclosure Vulnerability, a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259. | LOW | May 12, 2017 |
| CVE-2017-0219 | Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka Device Guard Code Integrity Policy Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0218. | Medium | Jun 21, 2017 |
| CVE-2017-0218 | Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka Device Guard Code Integrity Policy Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0216, and CVE-2017-0219. | Medium | Jun 21, 2017 |
| CVE-2017-0216 | Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka Device Guard Code Integrity Policy Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2017-0173, CVE-2017-0215, CVE-2017-0218, and CVE-2017-0219. | Medium | Jun 21, 2017 |
| CVE-2017-0215 | Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to exploit a security feature bypass vulnerability in Device Guard that could allow the attacker to inject malicious code into a Windows PowerShell session, aka Device Guard Code Integrity Policy Security Feature Bypass Vulnerability. This CVE ID is unique from CVE-2017-0173, CVE-2017-0216, CVE-2017-0218, and CVE-2017-0219. | Medium | Jun 21, 2017 |
| CVE-2017-0214 | Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka Windows COM Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-0213. | MEDIUM | May 12, 2017 |
| CVE-2017-0213 | Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when an attacker runs a specially crafted application, aka Windows COM Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2017-0214. | LOW | May 12, 2017 |
| CVE-2017-0212 | Windows Hyper-V allows an elevation of privilege vulnerability when Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 fail to properly validate vSMB packet data, aka Windows Hyper-V vSMB Elevation of Privilege Vulnerability. | MEDIUM | May 12, 2017 |
| CVE-2017-0211 | An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 versions of Microsoft Windows OLE when it fails an integrity-level check, aka Windows OLE Elevation of Privilege Vulnerability. | MEDIUM | Apr 20, 2017 |
| CVE-2017-0210 | An elevation of privilege vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain, aka Internet Explorer Elevation of Privilege Vulnerability. | MEDIUM | Apr 20, 2017 |
| CVE-2017-0208 | An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. Scripting Engine Information Disclosure Vulnerability. | MEDIUM | Apr 20, 2017 |
| CVE-2017-0207 | Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka Microsoft Browser Spoofing Vulnerability. | MEDIUM | Apr 20, 2017 |
| CVE-2017-0205 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka Microsoft Edge Memory Corruption Vulnerability. | HIGH | Apr 20, 2017 |
| CVE-2017-0204 | Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft Outlook 2013 SP1, and Microsoft Outlook 2016 allow remote attackers to bypass the Office Protected View via a specially crafted document, aka Microsoft Office Security Feature Bypass Vulnerability. | MEDIUM | Apr 20, 2017 |
| CVE-2017-0203 | A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka Microsoft Edge Security Feature Bypass Vulnerability. | MEDIUM | Apr 20, 2017 |
| CVE-2017-0202 | A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, a.k.a. Internet Explorer Memory Corruption Vulnerability. | HIGH | Apr 20, 2017 |
| CVE-2017-0201 | A remote code execution vulnerability exists in Internet Explorer in the way that the JScript and VBScript engines render when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka Scripting Engine Memory Corruption Vulnerability. This CVE ID is unique from CVE-2017-0093. | HIGH | Apr 20, 2017 |
| CVE-2017-0200 | A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka Microsoft Edge Memory Corruption Vulnerability. | HIGH | Apr 20, 2017 |
| CVE-2017-0199 | Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote attackers to execute arbitrary code via a crafted document, aka Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API. | HIGH | Apr 20, 2017 |
| CVE-2017-0197 | Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka Microsoft Office DLL Loading Vulnerability. | HIGH | Apr 20, 2017 |
| CVE-2017-0196 | An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka Microsoft Browser Information Disclosure Vulnerability. | Medium | Jul 21, 2017 |
| CVE-2017-0195 | Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka Microsoft Office XSS Elevation of Privilege Vulnerability. | LOW | Apr 20, 2017 |
