Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26246 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-0098 1 Microsoft 2 Windows 10, Windows Server 2016 2025-04-20 N/A
Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0074, CVE-2017-0076, CVE-2017-0097, and CVE-2017-0099.
CVE-2017-2384 1 Apple 1 Iphone Os 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3 is affected. The issue involves mishandling of deletion within the SQLite subsystem of the "Safari" component. It allows local users to identify the web-site visits that occurred in Private Browsing mode.
CVE-2017-0097 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 N/A
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and 2008 R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 and R2; Windows 10, 1511, and 1607; and Windows Server 2016 allows guest OS users, running as virtual machines, to cause a denial of service via a crafted application, aka "Hyper-V Denial of Service Vulnerability." This vulnerability is different from those described in CVE-2017-0098, CVE-2017-0074, CVE-2017-0076, and CVE-2017-0099.
CVE-2017-0096 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 N/A
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
CVE-2017-1000114 1 Jenkins 1 Datadog 2025-04-20 N/A
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form.
CVE-2017-0095 1 Microsoft 2 Windows 10, Windows Server 2016 2025-04-20 N/A
Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0021.
CVE-2017-15937 1 Artica 1 Pandora Fms 2025-04-20 N/A
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked (e.g., a /var/www pathname typically means Linux or UNIX).
CVE-2017-2385 1 Apple 1 Safari 2025-04-20 N/A
An issue was discovered in certain Apple products. Safari before 10.1 is affected. The issue involves the "Safari Login AutoFill" component. It allows local users to obtain access to locked keychain items via unspecified vectors.
CVE-2017-0092 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2025-04-20 N/A
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.
CVE-2017-0091 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2025-04-20 N/A
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.
CVE-2017-15951 1 Linux 1 Linux Kernel 2025-04-20 7.8 High
The KEYS subsystem in the Linux kernel before 4.13.10 does not correctly synchronize the actions of updating versus finding a key in the "negative" state to avoid a race condition, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls.
CVE-2017-17831 1 Git Large File Storage Project 1 Git Large File Storage 2025-04-20 N/A
GitHub Git LFS before 2.1.1 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, located on a "url =" line in a .lfsconfig file within a repository.
CVE-2017-0011 1 Microsoft 1 Edge 2025-04-20 N/A
Microsoft Edge allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.
CVE-2017-0009 1 Microsoft 1 Internet Explorer 2025-04-20 N/A
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.
CVE-2017-0004 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2025-04-20 N/A
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to cause a denial of service (reboot) via a crafted authentication request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
CVE-2014-8889 1 Dropbox 1 Dropbox Sdk 2025-04-20 N/A
Dropbox SDK for Android before 1.6.2 might allow remote attackers to obtain sensitive information via crafted malware or via a drive-by download attack.
CVE-2017-1000099 1 Haxx 1 Libcurl 2025-04-20 N/A
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.
CVE-2017-8572 1 Microsoft 1 Outlook 2025-04-20 N/A
Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, and Outlook 2016 as packaged in Microsoft Office allows an information disclosure vulnerability due to the way that it discloses the contents of its memory, aka "Microsoft Office Outlook Information Disclosure Vulnerability".
CVE-2017-2424 1 Apple 2 Iphone Os, Safari 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves mishandling of OpenGL shaders in the "WebKit" component. It allows remote attackers to obtain sensitive information from process memory via a crafted web site.
CVE-2017-7235 1 Cloudflare-scrape Project 1 Cloudflare-scrape 2025-04-20 N/A
An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A malicious website owner could craft a page that executes arbitrary Python code against any cfscrape user who scrapes that website. This is fixed in 1.8.0.