Vulnerabilities (CVE)

Filtered by CWE-20
Total 10709 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-0181 1 Microsoft 5 Windows 10, Windows 8.1, Windows Server 2008 and 2 more 2025-04-20 7.4 HIGH 7.6 HIGH
A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180.
CVE-2017-5086 4 Apple, Google, Microsoft and 1 more 6 Macos, Chrome, Windows and 3 more 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Windows and Mac allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-0109 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-20 7.4 HIGH 7.6 HIGH
Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows guest OS users to execute arbitrary code on the host OS via a crafted application, aka "Hyper-V Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0075.
CVE-2017-2461 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to cause a denial of service (resource consumption) via a crafted text message.
CVE-2017-8120 1 Huawei 1 Uma 2025-04-20 7.5 HIGH 9.8 CRITICAL
The UMA product with software V200R001 and V300R001 has a privilege elevation vulnerability due to insufficient validation or improper processing of parameters. An attacker could craft specific packets to exploit these vulnerabilities to gain elevated privileges.
CVE-2017-9741 1 Projectsend 1 Projectsend 2025-04-20 7.5 HIGH 9.8 CRITICAL
install/make-config.php in ProjectSend r754 allows remote attackers to execute arbitrary PHP code via the dbprefix parameter, related to replacing TABLES_PREFIX in the configuration file.
CVE-2017-0247 1 Microsoft 18 Asp.net Model View Controller, Microsoft.aspnetcore.mvc.abstractions, Microsoft.aspnetcore.mvc.apiexplorer and 15 more 2025-04-20 5.0 MEDIUM 7.5 HIGH
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc before 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to cause a denial of service by leveraging failure to properly calculate the length of 4-byte characters in the Unicode Non-Character range.
CVE-2017-15121 1 Redhat 7 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more 2025-04-20 4.9 MEDIUM 5.5 MEDIUM
A non-privileged user is able to mount a fuse filesystem on RHEL 6 or 7 and crash a system if an application punches a hole in a file that does not end aligned to a page boundary.
CVE-2015-4556 1 Call-cc 1 Chicken 2025-04-20 5.0 MEDIUM 7.5 HIGH
The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash).
CVE-2017-7721 1 Irfanview 2 Fpx, Irfanview 2025-04-20 6.8 MEDIUM 7.8 HIGH
IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an Access Violation and crash in processing a FlashPix (.FPX) file.
CVE-2017-0095 1 Microsoft 2 Windows 10, Windows Server 2016 2025-04-20 7.9 HIGH 7.6 HIGH
Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly validate vSMB packet data, which allows attackers to execute arbitrary code on a target OS, aka "Hyper-V vSMB Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0021.
CVE-2017-2100 1 Ipa 1 Appgoat 2025-04-20 6.8 MEDIUM 6.3 MEDIUM
Hands-on Vulnerability Learning Tool "AppGoat" for Web Application V3.0.1 and earlier allows remote attackers to conduct DNS rebinding attacks via unspecified vectors.
CVE-2016-9436 3 Opensuse, Opensuse Project, Tats 3 Leap, Leap, W3m 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
parsetagx.c in w3m before 0.5.3+git20161009 does not properly initialize values, which allows remote attackers to crash the application via a crafted html file, related to a <i> tag.
CVE-2015-5179 1 Freeipa 1 Freeipa 2025-04-20 5.0 MEDIUM 7.5 HIGH
FreeIPA might display user data improperly via vectors involving non-printable characters.
CVE-2017-6498 2 Debian, Imagemagick 2 Debian Linux, Imagemagick 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could trigger assertion failures, thus leading to DoS.
CVE-2017-5093 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Android and 6 more 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.
CVE-2016-5222 1 Google 1 Chrome 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2017-15103 2 Heketi Project, Redhat 2 Heketi, Enterprise Linux 2025-04-20 9.0 HIGH 8.8 HIGH
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
CVE-2015-5146 3 Debian, Fedoraproject, Ntp 3 Debian Linux, Fedora, Ntp 2025-04-20 3.5 LOW 5.3 MEDIUM
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.
CVE-2017-7218 1 Paloaltonetworks 1 Pan-os 2025-04-20 4.6 MEDIUM 7.8 HIGH
The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 allows remote authenticated users to gain privileges via unspecified request parameters.