Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-8261 1 Google 1 Android 2025-04-20 N/A
In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur.
CVE-2015-5436 1 Hp 2 Integrated Lights-out 4, Integrated Lights-out Firmware 2025-04-20 7.5 High
A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service (DoS). Note this was originally published in 2015 however the CVE entry was added in 2020.
CVE-2015-5168 1 Apache 1 Traffic Server 2025-04-20 N/A
Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206.
CVE-2017-10230 1 Oracle 1 Hospitality Cruise Dining Room Management 2025-04-20 N/A
Vulnerability in the Oracle Hospitality Cruise Dining Room Management component of Oracle Hospitality Applications (subcomponent: SilverWhere). The supported version that is affected is 8.0.75. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Dining Room Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Dining Room Management accessible data as well as unauthorized read access to a subset of Oracle Hospitality Cruise Dining Room Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
CVE-2017-0387 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32660278.
CVE-2017-0382 1 Google 1 Android 2025-04-20 N/A
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390.
CVE-2016-3149 1 Barco 4 Clickshare Csc-1, Clickshare Csc-1 Firmware, Clickshare Csm-1 and 1 more 2025-04-20 N/A
Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 devices with firmware before 01.06.02 allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2017-9493 2 Cisco, Motorola 2 Mx011anm Firmware, Mx011anm 2025-04-20 N/A
The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows remote attackers to conduct successful forced-pairing attacks (between an RF4CE remote and a set-top box) by repeatedly transmitting the same pairing code.
CVE-2017-9485 1 Cisco 2 Dpc3939, Dpc3939 Firmware 2025-04-20 N/A
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to write arbitrary data to a known /var/tmp/sess_* pathname by leveraging the device's operation in UI dev mode.
CVE-2017-9481 1 Cisco 2 Dpc3939, Dpc3939 Firmware 2025-04-20 N/A
The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to obtain unintended access to the Network Processor (NP) 169.254/16 IP network by adding a routing-table entry that specifies the LAN IP address as the router for that network.
CVE-2017-9473 2 Canonical, Ytnef Project 2 Ubuntu Linux, Ytnef 2025-04-20 N/A
In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-9340 1 Owncloud 1 Owncloud 2025-04-20 6.5 Medium
An attacker is logged in as a normal user and can somehow make admin to delete shared folders in ownCloud Server before 10.0.2.
CVE-2017-9339 1 Owncloud 1 Owncloud 2025-04-20 5.3 Medium
A logical error in ownCloud Server before 10.0.2 caused disclosure of valid share tokens for public calendars. Thus granting an attacker potentially access to publicly shared calendars without knowing the share token.
CVE-2017-9294 1 Hitachi 1 Device Manager 2025-04-20 N/A
RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows remote attackers to execute internal commands without authentication via RMI ports.
CVE-2017-8702 1 Microsoft 2 Windows 10, Windows Server 2016 2025-04-20 N/A
Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows an attacker to gain greater access to sensitive information and system functionality, due to the way that WER handles and executes files, aka "Windows Elevation of Privilege Vulnerability".
CVE-2017-8700 1 Microsoft 1 Asp.net Core 2025-04-20 N/A
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".
CVE-2017-8689 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 N/A
The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation of privilege vulnerability when it fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-8694.
CVE-2017-8628 1 Microsoft 5 Windows 10, Windows 7, Windows 8.1 and 2 more 2025-04-20 N/A
Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703 allows a spoofing vulnerability due to Microsoft's implementation of the Bluetooth stack, aka "Microsoft Bluetooth Driver Spoofing Vulnerability".
CVE-2017-8591 1 Microsoft 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more 2025-04-20 N/A
Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an remote code execution vulnerability when it fails to properly handle objects in memory, aka "Windows IME Remote Code Execution Vulnerability".
CVE-2017-8622 1 Microsoft 1 Windows 10 2025-04-20 N/A
Windows Subsystem for Linux in Windows 10 1703 allows an elevation of privilege vulnerability when it fails to properly handle handles NT pipes, aka "Windows Subsystem for Linux Elevation of Privilege Vulnerability".