|
|
Security Vulnerabilities
(CVSS score between 1 and 1.99)
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
451 |
CVE-2017-11851 |
200 |
|
+Info |
2017-11-15 |
2022-05-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709, allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11849, and CVE-2017-11853. |
|
452 |
CVE-2017-11850 |
200 |
|
+Info |
2017-11-15 |
2022-05-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to log on to an affected system and run a specially crafted application due to improper handling of objects in memory, aka "Microsoft Graphics Component Information Disclosure Vulnerability". |
|
453 |
CVE-2017-11849 |
200 |
|
+Info |
2017-11-15 |
2017-12-01 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11842, CVE-2017-11851, and CVE-2017-11853. |
|
454 |
CVE-2017-11842 |
200 |
|
+Info |
2017-11-15 |
2022-05-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to log in and run a specially crafted application due to the Windows kernel improperly initializing a memory address, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11849, CVE-2017-11851, and CVE-2017-11853. |
|
455 |
CVE-2017-11832 |
200 |
|
+Info |
2017-11-15 |
2017-12-05 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 SP1, Windows Server 2008 SP2 and 2008 R2 SP1, and Windows Server 2012 allows an attacker to potentially read data that was not intended to be disclosed, due to the way that the Microsoft Windows EOT font engine parses specially crafted embedded fonts, aka "Windows EOT Font Engine Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-11835. |
|
456 |
CVE-2017-11817 |
200 |
|
+Info |
2017-10-13 |
2019-05-16 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Microsoft Windows Kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, allows an information disclosure vulnerability when it improperly validates objects in memory, aka "Windows Information Disclosure Vulnerability". |
|
457 |
CVE-2017-11768 |
200 |
|
+Info |
2017-11-15 |
2022-05-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows remote attackers to test for the presence of files on disk via a specially crafted application. due to the way Windows Media Player discloses file information, aka "Windows Media Player Information Disclosure Vulnerability." |
|
458 |
CVE-2017-10294 |
|
|
|
2017-10-19 |
2017-12-14 |
1.7 |
None |
Local |
Low |
??? |
None |
None |
Partial |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.6.37 and earlier and 5.7.19 and earlier. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
|
459 |
CVE-2017-10292 |
269 |
|
|
2017-10-19 |
2019-10-03 |
1.7 |
None |
Local |
Low |
??? |
None |
Partial |
None |
|
Vulnerability in the RDBMS Security component of Oracle Database Server. Supported versions that are affected are 11.2.0.4, 12.1.0.2 and 12.2.0.1. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 2.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). |
|
460 |
CVE-2017-10268 |
200 |
|
+Info |
2017-10-19 |
2019-05-21 |
1.5 |
None |
Local |
Medium |
??? |
Partial |
None |
None |
|
Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication). Supported versions that are affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and earlier. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). |
|
461 |
CVE-2017-10252 |
|
|
|
2017-08-08 |
2019-10-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). |
|
462 |
CVE-2017-10251 |
|
|
|
2017-08-08 |
2019-10-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Test Framework). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). |
|
463 |
CVE-2017-10250 |
|
|
|
2017-08-08 |
2019-10-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Tuxedo). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). |
|
464 |
CVE-2017-10122 |
|
|
|
2017-08-08 |
2019-10-03 |
1.2 |
None |
Local |
High |
Not required |
None |
Partial |
None |
|
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS 3.0 Base Score 1.8 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N). |
|
465 |
CVE-2017-10120 |
|
|
|
2017-08-08 |
2019-10-03 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Vulnerability in the RDBMS Security component of Oracle Database Server. The supported version that is affected is 12.1.0.2. Difficult to exploit vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with logon to the infrastructure where RDBMS Security executes to compromise RDBMS Security. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of RDBMS Security accessible data. CVSS 3.0 Base Score 1.9 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N). |
|
466 |
CVE-2017-10095 |
|
|
|
2017-08-08 |
2019-10-03 |
1.9 |
None |
Local |
Medium |
Not required |
None |
Partial |
None |
|
Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N). |
|
467 |
CVE-2017-10020 |
|
|
|
2017-08-08 |
2019-10-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Updates Change Assistant). Supported versions that are affected are 8.54 and 8.55. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). |
|
468 |
CVE-2017-9691 |
362 |
|
|
2018-03-30 |
2018-04-23 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver. |
|
469 |
CVE-2017-9637 |
522 |
|
|
2018-05-18 |
2019-10-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Schneider Electric Ampla MES 6.4 provides capability to interact with data from third party databases. When connectivity to those databases is configured to use a SQL user name and password, an attacker may be able to sniff details from the connection string. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible. |
|
470 |
CVE-2017-9635 |
326 |
|
|
2018-05-18 |
2019-10-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Schneider Electric Ampla MES 6.4 provides capability to configure users and their privileges. When Ampla MES users are configured to use Simple Security, a weakness in the password hashing algorithm could be exploited to reverse the user's password. Schneider Electric recommends that users of Ampla MES versions 6.4 and prior should upgrade to Ampla MES version 6.5 as soon as possible. |
|
471 |
CVE-2017-9503 |
476 |
|
DoS |
2017-06-16 |
2020-11-10 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, allows local guest OS privileged users to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors involving megasas command processing. |
|
472 |
CVE-2017-9375 |
835 |
|
DoS |
2017-06-16 |
2020-11-10 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
QEMU (aka Quick Emulator), when built with USB xHCI controller emulator support, allows local guest OS privileged users to cause a denial of service (infinite recursive call) via vectors involving control transfer descriptors sequencing. |
|
473 |
CVE-2017-9373 |
401 |
|
DoS |
2017-06-16 |
2020-11-10 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI Emulation support, allows local guest OS privileged users to cause a denial of service (memory consumption) by repeatedly hot-unplugging the AHCI device. |
|
474 |
CVE-2017-9330 |
|
|
DoS |
2017-06-08 |
2020-11-10 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. |
|
475 |
CVE-2017-9310 |
835 |
|
DoS |
2017-06-08 |
2020-11-10 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
QEMU (aka Quick Emulator), when built with the e1000e NIC emulation support, allows local guest OS privileged users to cause a denial of service (infinite loop) via vectors related to setting the initial receive / transmit descriptor head (TDH/RDH) outside the allocated descriptor buffer. |
|
476 |
CVE-2017-8719 |
200 |
|
+Info |
2017-09-13 |
2017-09-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8709, and CVE-2017-8679. |
|
477 |
CVE-2017-8713 |
200 |
|
+Info |
2017-09-13 |
2017-09-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Windows Hyper-V component on Microsoft Windows Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8706. |
|
478 |
CVE-2017-8712 |
200 |
|
+Info |
2017-09-13 |
2017-09-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8706, and CVE-2017-8713. |
|
479 |
CVE-2017-8711 |
200 |
|
+Info |
2017-09-13 |
2017-09-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8706, CVE-2017-8712, and CVE-2017-8713. |
|
480 |
CVE-2017-8709 |
200 |
|
+Info |
2017-09-13 |
2017-09-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8708, CVE-2017-8679, and CVE-2017-8719. |
|
481 |
CVE-2017-8708 |
200 |
|
+Info |
2017-09-13 |
2017-09-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Windows kernel component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it improperly handles objects in memory, aka "Windows Kernel Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8679, CVE-2017-8709, and CVE-2017-8719. |
|
482 |
CVE-2017-8707 |
200 |
|
+Info |
2017-09-13 |
2017-09-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8706, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. |
|
483 |
CVE-2017-8706 |
200 |
|
+Info |
2017-09-13 |
2017-09-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability when it fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8707, CVE-2017-8711, CVE-2017-8712, and CVE-2017-8713. |
|
484 |
CVE-2017-8554 |
200 |
|
+Info |
2017-06-29 |
2017-07-03 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an authenticated attacker to obtain memory contents via a specially crafted application. |
|
485 |
CVE-2017-8553 |
200 |
|
+Info |
2017-06-15 |
2019-03-26 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability exists in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows Server 2016 when the Windows kernel improperly handles objects in memory, aka "GDI Information Disclosure Vulnerability". |
|
486 |
CVE-2017-8492 |
200 |
|
+Info |
2017-06-15 |
2019-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
487 |
CVE-2017-8491 |
200 |
|
+Info |
2017-06-15 |
2019-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
488 |
CVE-2017-8490 |
200 |
|
+Info |
2017-06-15 |
2019-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
489 |
CVE-2017-8489 |
200 |
|
+Info |
2017-06-15 |
2019-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
490 |
CVE-2017-8488 |
200 |
|
+Info |
2017-06-15 |
2019-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
491 |
CVE-2017-8486 |
200 |
|
+Info |
2017-07-11 |
2017-07-17 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure due to the way it handles objects in memory, aka "Win32k Information Disclosure Vulnerability". |
|
492 |
CVE-2017-8485 |
200 |
|
+Info |
2017-06-15 |
2019-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
493 |
CVE-2017-8484 |
200 |
|
+Info |
2017-06-15 |
2019-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8477. |
|
494 |
CVE-2017-8483 |
200 |
|
+Info |
2017-06-15 |
2019-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
495 |
CVE-2017-8482 |
200 |
|
+Info |
2017-06-15 |
2019-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
496 |
CVE-2017-8481 |
200 |
|
+Info |
2017-06-15 |
2019-03-19 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8480, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
497 |
CVE-2017-8480 |
200 |
|
+Info |
2017-06-15 |
2019-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8479, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
498 |
CVE-2017-8479 |
200 |
|
+Info |
2017-06-15 |
2019-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8492, CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8478, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
499 |
CVE-2017-8478 |
200 |
|
+Info |
2017-06-15 |
2019-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to obtain information via a specially crafted application. aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-8491, CVE-2017-8490, CVE-2017-8489, CVE-2017-8488, CVE-2017-8485, CVE-2017-8483, CVE-2017-8482, CVE-2017-8481, CVE-2017-8480, CVE-2017-8479, CVE-2017-8476, CVE-2017-8474, CVE-2017-8469, CVE-2017-8462, CVE-2017-0300, CVE-2017-0299, and CVE-2017-0297. |
|
500 |
CVE-2017-8477 |
200 |
|
+Info |
2017-06-15 |
2019-03-18 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an authenticated attacker to run a specially crafted application when the Windows kernel improperly initializes objects in memory, aka "Win32k Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8470, CVE-2017-8471, CVE-2017-8472, CVE-2017-8473, CVE-2017-8475, and CVE-2017-8484. |
|
|
