Export limit exceeded: 349978 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 15606 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23956 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23956 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11816 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | N/A |
| The Microsoft Windows Graphics Device Interface (GDI) on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an information disclosure vulnerability in the way it handles objects in memory, aka "Windows GDI Information Disclosure Vulnerability". | ||||
| CVE-2017-2927 | 6 Adobe, Apple, Google and 3 more | 8 Flash Player, Mac Os X, Chrome Os and 5 more | 2025-04-20 | 8.8 High |
| Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-2946 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | N/A |
| Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing the segment for storing non-graphic information. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2015-7358 | 4 Ciphershed, Idrix, Microsoft and 1 more | 4 Ciphershed, Veracrypt, Windows and 1 more | 2025-04-20 | N/A |
| The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory. | ||||
| CVE-2015-7359 | 4 Ciphershed, Idrix, Microsoft and 1 more | 4 Ciphershed, Veracrypt, Windows and 1 more | 2025-04-20 | N/A |
| The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation level of impersonation tokens, which allows local users to impersonate a user at SecurityIdentify level and gain access to other users' mounted encrypted volumes. | ||||
| CVE-2016-6034 | 2 Ibm, Microsoft | 2 Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Windows | 2025-04-20 | N/A |
| IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges. | ||||
| CVE-2016-8008 | 2 Mcafee, Microsoft | 3 Security Scan Plus, Windows 10, Windows 7 | 2025-04-20 | N/A |
| Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a Windows system. | ||||
| CVE-2016-8977 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 could disclose sensitive information to an unauthorized user using HTTP GET requests. This information could be used to mount further attacks against the system. | ||||
| CVE-2016-8980 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 is vulnerable to a denial of service, caused by an XML External Entity Injection (XXE) error when processing XML data. A remote attacker could exploit this vulnerability to expose highly sensitive information or consume all available memory resources. | ||||
| CVE-2016-8981 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Bigfix Inventory and 4 more | 2025-04-20 | N/A |
| IBM BigFix Inventory v9 allows web pages to be stored locally which can be read by another user on the system. | ||||
| CVE-2016-9312 | 2 Microsoft, Ntp | 2 Windows, Ntp | 2025-04-20 | N/A |
| ntpd in NTP before 4.2.8p9, when running on Windows, allows remote attackers to cause a denial of service via a large UDP packet. | ||||
| CVE-2017-0107 | 1 Microsoft | 1 Sharepoint Foundation | 2025-04-20 | N/A |
| Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability." | ||||
| CVE-2017-0014 | 1 Microsoft | 8 Office, Windows 10, Windows 7 and 5 more | 2025-04-20 | N/A |
| The Windows Graphics Component in Microsoft Office 2010 SP2; Windows Server 2008 R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0108. | ||||
| CVE-2017-0015 | 1 Microsoft | 2 Edge, Windows 10 | 2025-04-20 | N/A |
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| CVE-2017-0016 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2025-04-20 | N/A |
| Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka "SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability." | ||||
| CVE-2017-0017 | 1 Microsoft | 1 Edge | 2025-04-20 | N/A |
| The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0065, and CVE-2017-0068. | ||||
| CVE-2017-0018 | 1 Microsoft | 1 Internet Explorer | 2025-04-20 | N/A |
| Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149. | ||||
| CVE-2017-0019 | 1 Microsoft | 1 Word | 2025-04-20 | N/A |
| Microsoft Word 2016 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0006, CVE-2017-0020, CVE-2017-0030, CVE-2017-0031, CVE-2017-0052, and CVE-2017-0053. | ||||
| CVE-2017-0032 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | N/A |
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0131, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | ||||
| CVE-2017-0033 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-20 | N/A |
| Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069. | ||||