Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2012-1301 |
The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. Published: April 13, 2017; 1:59:00 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2016-2567 |
secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. Published: April 13, 2017; 12:59:01 PM -0400 |
V4.0:(not available) V3.0: 3.3 LOW V2.0: 2.1 LOW |
CVE-2010-1821 |
Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through 10.6.3 allows local users to obtain system privileges. Published: April 13, 2017; 12:59:00 PM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2015-7740 |
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. Published: April 13, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2017-7747 |
In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector could crash, triggered by packet injection or a malformed capture file. This was addressed in epan/dissectors/packet-packetbb.c by restricting additions to the protocol tree. Published: April 12, 2017; 7:59:00 PM -0400 |
V4.0:(not available) V3.0: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-7280 |
An issue was discovered in api/includes/systems.php in Unitrends Enterprise Backup before 9.0.0. User input is not properly filtered before being sent to a popen function. This allows for remote code execution by sending a specially crafted user variable. Published: April 12, 2017; 6:59:00 PM -0400 |
V4.0:(not available) V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-6059 |
Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication module for Apache (aka mod_auth_openidc) before 2.14 allows remote attackers to spoof page content via a malicious URL provided to the user, which triggers an invalid request. Published: April 12, 2017; 4:59:00 PM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2017-2989 |
Adobe Campaign versions Build 8770 and earlier have an input validation bypass that could be exploited to read, write, or delete data from the Campaign database. Published: April 12, 2017; 10:59:01 AM -0400 |
V4.0:(not available) V3.0: 9.1 CRITICAL V2.0: 7.5 HIGH |
CVE-2017-0197 |
Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office DLL Loading Vulnerability." Published: April 12, 2017; 10:59:01 AM -0400 |
V4.0:(not available) V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
CVE-2017-0186 |
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0185. Published: April 12, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 5.8 MEDIUM V2.0: 6.3 MEDIUM |
CVE-2017-0185 |
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows 8.1, Windows Server 2012, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, and CVE-2017-0186. Published: April 12, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 5.8 MEDIUM V2.0: 6.3 MEDIUM |
CVE-2017-0184 |
A denial of service vulnerability exists when Microsoft Hyper-V running on a host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0185, and CVE-2017-0186. Published: April 12, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 5.2 MEDIUM |
CVE-2017-0183 |
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0182, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. Published: April 12, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 5.8 MEDIUM V2.0: 6.3 MEDIUM |
CVE-2017-0182 |
A denial of service vulnerability exists when Microsoft Hyper-V Network Switch running on a Windows 10, Windows Server 2008 R2, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0179, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. Published: April 12, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 5.8 MEDIUM V2.0: 6.3 MEDIUM |
CVE-2017-0181 |
A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a Windows 10 or Windows Server 2016 host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0180. Published: April 12, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 7.6 HIGH V2.0: 7.4 HIGH |
CVE-2017-0180 |
A remote code execution vulnerability exists when Windows Hyper-V Network Switch running on a host server fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Remote Code Execution Vulnerability." This CVE ID is unique from CVE-2017-0162, CVE-2017-0163, and CVE-2017-0181. Published: April 12, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 7.6 HIGH V2.0: 7.4 HIGH |
CVE-2017-0179 |
A denial of service vulnerability exists when Microsoft Hyper-V running on a Windows 10, Windows 8.1, Windows Server 2012 R2, or Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0178, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. Published: April 12, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 5.8 MEDIUM V2.0: 6.3 MEDIUM |
CVE-2017-0178 |
A denial of service vulnerability exists when Microsoft Hyper-V running on Windows 10, Windows 10 1511, Windows 10 1607, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 host server fails to properly validate input from a privileged user on a guest operating system, aka "Hyper-V Denial of Service Vulnerability." This CVE ID is unique from CVE-2017-0179, CVE-2017-0182, CVE-2017-0183, CVE-2017-0184, CVE-2017-0185, and CVE-2017-0186. Published: April 12, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 5.2 MEDIUM |
CVE-2017-0169 |
An information disclosure vulnerability exists when Windows Hyper-V running on a Windows 8.1, Windows Server 2012. or Windows Server 2012 R2 host operating system fails to properly validate input from an authenticated user on a guest operating system, aka "Hyper-V Information Disclosure Vulnerability." This CVE ID is unique from CVE-2017-0168. Published: April 12, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 5.2 MEDIUM |
CVE-2017-0164 |
A denial of service vulnerability exists in Windows 10 1607 and Windows Server 2016 Active Directory when an authenticated attacker sends malicious search queries, aka "Active Directory Denial of Service Vulnerability." Published: April 12, 2017; 10:59:00 AM -0400 |
V4.0:(not available) V3.0: 4.4 MEDIUM V2.0: 3.5 LOW |