Vulnerability & Exploit Database

Displaying entries 51 - 60 of 121406 in total

Microsoft CVE-2017-11836: Scripting Engine Memory Corruption Vulnerability Vulnerability

  • Severity: 4
  • Published: November 13, 2017

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same ...

Microsoft CVE-2017-11872: Microsoft Edge Security Feature Bypass Vulnerability Vulnerability

  • Severity: 4
  • Published: November 13, 2017

A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests. The vulnerability allows Microsoft Edge to bypass Cross-Origin Resource Sharing (CORS) redirect restrictions, and to follow redirect requests that should otherwise be ignored. An attacker who successfully exploited the vulnerability c...

MFSA2017-24 Firefox: Security vulnerabilities fixed in Firefox 57 (CVE-2017-7842) Vulnerability

  • Severity: 4
  • Published: November 13, 2017

If a document’s Referrer Policy attribute is set to "no-referrer" sometimes two network requests are made for <link> elements instead of one. One of these requests includes the referrer instead of respecting the set policy to not include a referrer on requests.

Oracle Linux: CVE-2017-7826: ELSA-2017-3247 - firefox security update Vulnerability

  • Severity: 4
  • Published: November 13, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-F78EAC48-C3D1-4666-8DE5-63CEEA25A578:

Mozilla Foundation reports:

CVE-2017-7828: Use-after-free...

Microsoft CVE-2017-11876: Microsoft Project Server Elevation of Privilege Vulnerability Vulnerability

  • Severity: 4
  • Published: November 13, 2017

An elevation of privilege vulnerability exists in Microsoft Project when Microsoft Project Server does not properly manage user sessions. For this Cross-site Request Forgery(CSRF/XSRF) vulnerability to be exploited, the victim must be authenticated to (logged on) the target site. In a web-based attack scenario an attacker could host a we...

Oracle Linux: CVE-2017-7830: ELSA-2017-3247 - firefox security update Vulnerability

  • Severity: 4
  • Published: November 13, 2017

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From VID-F78EAC48-C3D1-4666-8DE5-63CEEA25A578:

Mozilla Foundation reports:

CVE-2017-7828: Use-after-free...