Total
31834 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-8464 | 1 Microsoft | 9 Windows 10 1511, Windows 10 1607, Windows 10 1703 and 6 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows local users or remote attackers to execute arbitrary code via a crafted .LNK file, which is not properly handled during icon display in Windows Explorer or any other application that parses the icon of the shortcut. aka "LNK Remote Code Execution Vulnerability." | |||||
| CVE-2017-5936 | 2 Canonical, Openstack | 2 Ubuntu Linux, Nova-lxd | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth pairs when applying Neutron security group rules for instances, which allows remote attackers to bypass intended security restrictions. | |||||
| CVE-2017-3508 | 1 Oracle | 1 Primavera Gateway | 2025-04-20 | 6.5 MEDIUM | 9.1 CRITICAL |
| Vulnerability in the Primavera Gateway component of Oracle Primavera Products Suite (subcomponent: Primavera Desktop Integration). Supported versions that are affected are 1.0, 1.1, 14.2, 15.1, 15.2, 16.1 and 16.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise Primavera Gateway. While the vulnerability is in Primavera Gateway, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Primavera Gateway. CVSS 3.0 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2016-5546 | 1 Oracle | 3 Jdk, Jre, Jrockit | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts). | |||||
| CVE-2017-3595 | 1 Oracle | 1 Webcenter Sites | 2025-04-20 | 7.5 HIGH | 7.1 HIGH |
| Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily "exploitable" vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). | |||||
| CVE-2017-5708 | 1 Intel | 1 Manageability Engine Firmware | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Multiple privilege escalations in kernel in Intel Manageability Engine Firmware 11.0/11.5/11.6/11.7/11.10/11.20 allow unauthorized process to access privileged content via unspecified vector. | |||||
| CVE-2017-3352 | 1 Oracle | 1 Marketing | 2025-04-20 | 5.8 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Marketing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data as well as unauthorized update, insert or delete access to some of Oracle Marketing accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). | |||||
| CVE-2017-3561 | 1 Oracle | 1 Vm Virtualbox | 2025-04-20 | 4.6 MEDIUM | 8.8 HIGH |
| Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are Prior to 5.0.38 and Prior to 5.1.20. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2017-3770 | 1 Lenovo | 1 Xclarity Administrator | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 where an authenticated user may be able to abuse certain web interface functionality to execute privileged commands within the underlying LXCA operating system. | |||||
| CVE-2017-10349 | 4 Debian, Netapp, Oracle and 1 more | 29 Debian Linux, Active Iq Unified Manager, Cloud Backup and 26 more | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: JAXP). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2017-15525 | 1 Symantec | 1 Endpoint Encryption | 2025-04-20 | 5.5 MEDIUM | 4.5 MEDIUM |
| Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be susceptible to a denial of service (DoS) attack, which is a type of attack whereby the perpetrator attempts to make a particular machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a specific host within a network. | |||||
| CVE-2017-9772 | 1 Ocaml | 1 Ocaml | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable. | |||||
| CVE-2017-15190 | 1 Wireshark | 1 Wireshark | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was addressed in epan/dissectors/packet-rtsp.c by correcting the scope of a variable. | |||||
| CVE-2017-0822 | 1 Google | 1 Android | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An elevation of privilege vulnerability in the Android system (camera). Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63787722. | |||||
| CVE-2017-10309 | 3 Netapp, Oracle, Redhat | 26 Active Iq Unified Manager, Cloud Backup, E-series Santricity Management Plug-ins and 23 more | 2025-04-20 | 6.8 MEDIUM | 7.1 HIGH |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). Supported versions that are affected are Java SE: 8u144 and 9. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE accessible data as well as unauthorized read access to a subset of Java SE accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 7.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). | |||||
| CVE-2017-10168 | 1 Oracle | 1 Hospitality Hotel Mobile | 2025-04-20 | 3.3 LOW | 4.6 MEDIUM |
| Vulnerability in the Hospitality Hotel Mobile component of Oracle Hospitality Applications (subcomponent: Suite 8/Windows). The supported version that is affected is 1.1. Difficult to exploit vulnerability allows physical access to compromise Hospitality Hotel Mobile. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Hospitality Hotel Mobile accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Hospitality Hotel Mobile. CVSS 3.0 Base Score 4.6 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:L). | |||||
| CVE-2017-11038 | 1 Google | 1 Android | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing the boot image header, range checks can be bypassed by supplying different versions of the header at the time of check and use. | |||||
| CVE-2017-0773 | 1 Google | 1 Android | 2025-04-20 | 7.1 HIGH | 5.5 MEDIUM |
| A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37615911. | |||||
| CVE-2017-10201 | 1 Oracle | 1 Hospitality E7 | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Vulnerability in the Oracle Hospitality e7 component of Oracle Hospitality Applications (subcomponent: Other). The supported version that is affected is 4.2.1. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Hospitality e7 executes to compromise Oracle Hospitality e7. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality e7 accessible data. CVSS 3.0 Base Score 5.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2017-13674 | 1 Symantec | 1 Proxyclient | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
| Symantec ProxyClient 3.4 for Windows is susceptible to a privilege escalation vulnerability. A malicious local Windows user can, under certain circumstances, exploit this vulnerability to escalate their privileges on the system and execute arbitrary code with LocalSystem privileges. | |||||