Vulnerabilities > Microsoft > High

DATE CVE VULNERABILITY TITLE RISK
2017-10-13 CVE-2017-11797 Information Exposure vulnerability in Microsoft Chakracore
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".
network
high complexity
microsoft CWE-200
7.6
2017-10-13 CVE-2017-11796 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge
ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
network
high complexity
microsoft CWE-119
7.6
2017-10-13 CVE-2017-11793 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 10/11/9
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
network
high complexity
microsoft CWE-119
7.6
2017-10-13 CVE-2017-11792 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
network
high complexity
microsoft CWE-119
7.6
2017-10-13 CVE-2017-11781 Improper Input Validation vulnerability in Microsoft products
The Microsoft Server Block Message (SMB) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows a denial of service vulnerability when an attacker sends specially crafted requests to the server, aka "Windows SMB Denial of Service Vulnerability".
network
low complexity
microsoft CWE-20
7.8
2017-09-28 CVE-2017-12814 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
network
low complexity
perl microsoft CWE-119
7.5
2017-09-22 CVE-2017-6277 Improper Input Validation vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.
local
low complexity
nvidia microsoft CWE-20
7.2
2017-09-22 CVE-2017-6272 Improper Input Validation vulnerability in Nvidia GPU Driver
NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges.
local
low complexity
nvidia microsoft CWE-20
7.2
2017-09-22 CVE-2017-6269 Improper Input Validation vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a pointer passed from a user to the driver is used without validation which may lead to denial of service or possible escalation of privileges.
local
low complexity
nvidia microsoft CWE-20
7.2
2017-09-22 CVE-2017-6268 Improper Input Validation vulnerability in Nvidia GPU Driver
NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to denial of service or possible escalation of privileges.
local
low complexity
nvidia microsoft CWE-20
7.2