Search Results (26294 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-0162 1 Microsoft 4 Windows 10, Windows 8.1, Windows Server 2012 and 1 more 2025-04-20 N/A
A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0163, CVE-2017-0180, and CVE-2017-0181.
CVE-2017-0163 1 Microsoft 5 Windows 10, Windows 8.1, Windows Server 2008 and 2 more 2025-04-20 N/A
A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0180, and CVE-2017-0181.
CVE-2017-0164 1 Microsoft 2 Windows 10, Windows Server 2016 2025-04-20 N/A
A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability."
CVE-2017-0167 1 Microsoft 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more 2025-04-20 N/A
An information disclosure vulnerability exists in Windows 8.1, Windows RT 8.1, Windows Server 2012 R2, Windows 10, and Windows Server 2016 when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system, a.k.a. "Windows Kernel Information Disclosure Vulnerability."
CVE-2017-0168 1 Microsoft 3 Windows 8.1, Windows Server 2008, Windows Server 2012 2025-04-20 N/A
An information disclosure vulnerability exists when the Windows Hyper-V Network Switch running on a Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0169.
CVE-2017-15121 1 Redhat 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 5 more 2025-04-20 N/A
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
CVE-2017-0169 1 Microsoft 2 Windows 8.1, Windows Server 2012 2025-04-20 N/A
An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0168.
CVE-2017-7892 1 Capnproto 1 Capnproto 2025-04-20 N/A
Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a compiler optimization. A remote attacker can trigger a segfault in a 32-bit libcapnp application because Cap'n Proto relies on pointer arithmetic calculations that overflow. An example compiler with optimization that elides a bounds check in such calculations is Apple LLVM version 8.1.0 (clang-802.0.41). The attack vector is a crafted far pointer within a message.
CVE-2017-8018 2 Emc, Microsoft 2 Appsync, Windows 2025-04-20 N/A
EMC AppSync host plug-in versions 3.5 and below (Windows platform only) includes a denial of service (DoS) vulnerability that could potentially be exploited by malicious users to compromise the affected system.
CVE-2017-0245 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Server 2012 2025-04-20 N/A
The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1 and Windows Server 2012 Gold allow a local authenticated attacker to execute a specially crafted application to obtain kernel information, aka "Win32k Information Disclosure Vulnerability."
CVE-2017-0247 1 Microsoft 18 Asp.net Model View Controller, Microsoft.aspnetcore.mvc.abstractions, Microsoft.aspnetcore.mvc.apiexplorer and 15 more 2025-04-20 N/A
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.
CVE-2017-0249 1 Microsoft 18 Asp.net Model View Controller, Microsoft.aspnetcore.mvc.abstractions, Microsoft.aspnetcore.mvc.apiexplorer and 15 more 2025-04-20 N/A
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
CVE-2017-0256 1 Microsoft 18 Asp.net Model View Controller, Microsoft.aspnetcore.mvc.abstractions, Microsoft.aspnetcore.mvc.apiexplorer and 15 more 2025-04-20 N/A
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
CVE-2017-0258 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 N/A
The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0259.
CVE-2017-0259 1 Microsoft 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more 2025-04-20 N/A
The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0220, and CVE-2017-0258.
CVE-2017-0312 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2025-04-20 N/A
All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit for a loop may lead to denial of service or potential escalation of privileges
CVE-2017-0318 4 Freebsd, Microsoft, Nvidia and 1 more 4 Freebsd, Windows, Gpu Driver and 1 more 2025-04-20 N/A
All versions of NVIDIA Linux GPU Display Driver contain a vulnerability in the kernel mode layer handler where improper validation of an input parameter may cause a denial of service on the system.
CVE-2017-0355 2 Microsoft, Nvidia 2 Windows, Gpu Driver 2025-04-20 N/A
All versions of the NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgkDdiEscape where it may access paged memory while holding a spinlock, leading to a denial of service.
CVE-2017-0529 1 Google 1 Android 2025-04-20 N/A
An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-28449427. References: M-ALPS02710042.
CVE-2017-0537 1 Linux 1 Linux Kernel 2025-04-20 N/A
An information disclosure vulnerability in the kernel USB gadget driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-31614969.