Export limit exceeded: 35128 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35128 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-8206 | 1 Huawei | 2 Honor 7 Lite, Honor 7 Lite Firmware | 2025-04-20 | N/A |
| HONOR 7 Lite mobile phones with software of versions earlier than NEM-L21C432B352 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone temporarily. | ||||
| CVE-2017-8235 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected. | ||||
| CVE-2017-8510 | 1 Microsoft | 3 Excel, Office, Word | 2025-04-20 | N/A |
| A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8509, CVE-2017-8511, CVE-2017-8512, CVE-2017-0260, and CVE-2017-8506. | ||||
| CVE-2017-8173 | 1 Huawei | 12 Maya-l02, Maya-l02 Firmware, Vicky-al00a and 9 more | 2025-04-20 | N/A |
| Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart phones with software of earlier than Maya-L02C636B126 versions,earlier than VKY-L29C10B151 versions,earlier than VTR-L29C10B151 versions,earlier than Vicky-AL00AC00B162 versions,earlier than Victoria-AL00AC00B167 versions,earlier than Warsaw-AL00C00B200 versions have a Factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the Google account. As a result, the FRP function is bypassed. | ||||
| CVE-2017-8166 | 1 Huawei | 2 Honor V9, Honor V9 Firmware | 2025-04-20 | N/A |
| Huawei mobile phones Honor V9 with the software versions before Duke-AL20C00B195 have an App Lock bypass vulnerability. An attacker could perform specific operations to bypass the App Lock to use apps on a target mobile phone. | ||||
| CVE-2017-5534 | 1 Tibco | 1 Tibbr | 2025-04-20 | N/A |
| The tibbr user profiles components of tibbr Community, and tibbr Enterprise expose a weakness in an improperly sandboxed third-party component. Affected releases are TIBCO Software Inc. tibbr Community 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0, tibbr Enterprise 5.2.1 and below; 6.0.0; 6.0.1; 7.0.0. | ||||
| CVE-2016-8105 | 1 Intel | 8 X710-am2 Controller, X710-bm2 Controller, X710 Series Driver and 5 more | 2025-04-20 | N/A |
| Drivers for the Intel Ethernet Controller X710 and Intel Ethernet Controller XL710 families before version 22.0 are vulnerable to a denial of service in certain layer 2 network configurations. | ||||
| CVE-2017-5533 | 1 Tibco | 3 Jasperreports Server, Jaspersoft, Jaspersoft Reporting And Analytics | 2025-04-20 | N/A |
| A vulnerability in the server content cache of TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, and TIBCO Jaspersoft Reporting and Analytics for AWS contains a vulnerability which fails to prevent remote access to all the contents of the web application, including key configuration files. Affected releases are TIBCO JasperReports Server 6.4.0, TIBCO JasperReports Server Community Edition 6.4.0, TIBCO JasperReports Server for ActiveMatrix BPM 6.4.0, TIBCO Jaspersoft for AWS with Multi-Tenancy 6.4.0, TIBCO Jaspersoft Reporting and Analytics for AWS 6.4.0. | ||||
| CVE-2017-5531 | 1 Tibco | 2 Managed File Transfer Command Center, Managed File Transfer Internet Server | 2025-04-20 | N/A |
| Deployments of TIBCO Managed File Transfer Command Center versions 8.0.0 and 8.0.1 and TIBCO Managed File Transfer Internet Server versions 8.0.0 and 8.0.1 that enable the Administrator Service may be affected by a vulnerability which may allow any authenticated user to gain administrative control of Managed File Transfer web applications. | ||||
| CVE-2016-8677 | 3 Debian, Imagemagick, Opensuse | 3 Debian Linux, Imagemagick, Opensuse | 2025-04-20 | 8.8 High |
| The AcquireQuantumPixels function in MagickCore/quantum.c in ImageMagick before 7.0.3-1 allows remote attackers to have unspecified impact via a crafted image file, which triggers a memory allocation failure. | ||||
| CVE-2016-8711 | 1 Gonitro | 1 Nitro Pdf Pro | 2025-04-20 | 7.8 High |
| A potential remote code execution vulnerability exists in the PDF parsing functionality of Nitro Pro 10. A specially crafted PDF file can cause a vulnerability resulting in potential code execution. An attacker can send the victim a specific PDF file to trigger this vulnerability. | ||||
| CVE-2016-8743 | 4 Apache, Debian, Netapp and 1 more | 13 Http Server, Debian Linux, Clustered Data Ontap and 10 more | 2025-04-20 | 7.5 High |
| Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. | ||||
| CVE-2016-9243 | 3 Canonical, Cryptography.io, Fedoraproject | 3 Ubuntu Linux, Cryptography, Fedora | 2025-04-20 | 7.5 High |
| HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. | ||||
| CVE-2017-0024 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-20 | N/A |
| The kernel-mode drivers in Microsoft Windows 10 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0026, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082. | ||||
| CVE-2017-0025 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-04-20 | N/A |
| The kernel-mode drivers in Microsoft Windows Vista; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005, and CVE-2017-0047. | ||||
| CVE-2017-0026 | 1 Microsoft | 2 Windows 10, Windows Server 2016 | 2025-04-20 | N/A |
| The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0024, CVE-2017-0056, CVE-2017-0078, CVE-2017-0079, CVE-2017-0080, CVE-2017-0081, and CVE-2017-0082. | ||||
| CVE-2017-0029 | 1 Microsoft | 2 Office, Word | 2025-04-20 | N/A |
| Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word 2016 allow remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability." | ||||
| CVE-2017-0039 | 1 Microsoft | 2 Windows Server 2008, Windows Vista | 2025-04-20 | N/A |
| Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link library (DLL) loading, which allows local users to gain privileges via a crafted application, aka "Library Loading Input Validation Remote Code Execution Vulnerability." | ||||
| CVE-2017-0047 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-20 | N/A |
| The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0005 and CVE-2017-0025. | ||||
| CVE-2017-0050 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8 and 5 more | 2025-04-20 | N/A |
| The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7; Windows 8; Windows 10 Gold, 1511, and 1607; Windows RT 8.1; Windows Server 2012 Gold and R2; and Windows Server 2016 does not properly enforce permissions, which allows local users to spoof processes, spoof inter-process communication, or cause a denial of service via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability." | ||||