CVSS: 7.8EPSS: 0%CPEs: 151EXPL: 0CVE-2017-3756
https://notcve.org/view.php?id=CVE-2017-3756
A privilege escalation vulnerability was identified in Lenovo Active Protection System for ThinkPad systems versions earlier than 1.82.0.17. An attacker with local privileges could execute code with administrative privileges via an unquoted service path. Se identificó una vulnerabilidad de escalado de privilegios en Lenovo Active Protection System para versiones de sistemas ThinkPad anteriores a la 1.82.0.17. Un atacante con privilegios locales podría ejecutar código con privilegios de administrador a través de una ruta de servicio sin entrecomillar. • http://www.securityfocus.com/bid/100305 https://support.lenovo.com/us/en/product_security/LEN-15765 •
CVSS: 7.6EPSS: 94%CPEs: 4EXPL: 1CVE-2017-8670 – Microsoft Edge Chakra - Uninitialized Arguments
https://notcve.org/view.php?id=CVE-2017-8670
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. Microsoft Edge en Microsoft Windows 10 1607, 1703, y Windows Server 2016 permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript del navegador de Microsoft renderizan contenido cuando gestionan objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674. • https://www.exploit-db.com/exploits/42477 http://www.securityfocus.com/bid/100070 http://www.securitytracker.com/id/1039094 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8670 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 6%CPEs: 6EXPL: 1CVE-2017-8644 – Microsoft Edge 38.14393.1066.0 - 'CInputDateTimeScrollerElement::_SelectValueInternal' Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2017-8644
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to disclose information due to the way that Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8652 and CVE-2017-8662. Microsoft Edge en Microsoft Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permite que un atacante revele información debido a la forma en la que Microsoft Edge gestiona los objetos en la memoria. Esto también se conoce como "Microsoft Edge Information Disclosure Vulnerability". Este ID CVE es exclusivo de CVE-2017-8652 y CVE-2017-8662. • https://www.exploit-db.com/exploits/42459 http://www.securityfocus.com/bid/100044 http://www.securitytracker.com/id/1039101 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8644 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 2%CPEs: 2EXPL: 0CVE-2017-8638
https://notcve.org/view.php?id=CVE-2017-8638
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. Microsoft Edge en Microsoft Windows 10 1703 permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript del navegador de Microsoft renderizan contenido cuando gestionan objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8639, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674. • http://www.securityfocus.com/bid/100049 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8638 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 2%CPEs: 4EXPL: 0CVE-2017-8639
https://notcve.org/view.php?id=CVE-2017-8639
Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, and CVE-2017-8674. Microsoft Edge en Windows 10 1607, 1703, y Windows Server 2016 permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que los motores JavaScript del navegador de Microsoft renderizan contenido cuando gestionan objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-8634, CVE-2017-8635, CVE-2017-8636, CVE-2017-8638, CVE-2017-8640, CVE-2017-8641, CVE-2017-8645, CVE-2017-8646, CVE-2017-8647, CVE-2017-8655, CVE-2017-8656, CVE-2017-8657, CVE-2017-8670, CVE-2017-8671, CVE-2017-8672, y CVE-2017-8674. • http://www.securityfocus.com/bid/100050 http://www.securitytracker.com/id/1039095 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-8639 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •