Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-14578 | 1 Irfanview | 1 Irfanview | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
IrfanView 4.44 - 32bit allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .ani file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77130000!RtlpCoalesceFreeBlocks+0x00000000000004b4."
|
|||||
| CVE-2017-11295 | 1 Adobe | 1 Dng Converter | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered in Adobe DNG Converter 9.12.1 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2017-13799 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 11.1 is affected. macOS before 10.13.1 is affected. tvOS before 11.1 is affected. watchOS before 4.1 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
|||||
| CVE-2017-6843 | 1 Podofo Project | 1 Podofo | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.4 allows remote attackers to have unspecified impact via a crafted file.
|
|||||
| CVE-2017-11243 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2017-6462 | 1 Ntp | 1 Ntp | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
Buffer overflow in the legacy Datum Programmable Time Server (DPTS) refclock driver in NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows local users to have unspecified impact via a crafted /dev/datum device.
|
|||||
| CVE-2017-0468 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33351708.
|
|||||
| CVE-2017-10767 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!StateObjectListFind+0x0000000000000005."
|
|||||
| CVE-2017-9894 | 1 Xnview | 1 Xnview | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a "User Mode Write AV starting at Xfpx!gffGetFormatInfo+0x0000000000029272."
|
|||||
| CVE-2014-9824 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825.
|
|||||
| CVE-2017-15757 | 1 Irfanview | 2 Babacad4image, Irfanview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at BabaCAD4Image!ShowPlugInOptions+0x00000000000029ba."
|
|||||
| CVE-2017-11912 | 1 Microsoft | 10 Chakracore, Edge, Internet Explorer and 7 more | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-1 ...
Show More |
|||||
| CVE-2014-9937 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.
|
|||||
| CVE-2017-7025 | 2 Apple, Microsoft | 6 Icloud, Iphone Os, Itunes and 3 more | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
|||||
| CVE-2017-9873 | 1 Irfanview | 2 Fpx, Irfanview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to a "Read Access Violation on Control Flow starting at FPX!GetPlugInInfo+0x0000000000012bf2."
|
|||||
| CVE-2017-15782 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000032eb."
|
|||||
| CVE-2017-0028 | 1 Microsoft | 1 Edge | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
A remote code execution vulnerability exists when Microsoft scripting engine improperly accesses objects in memory. The vulnerability could corrupt memory in a way that enables an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."
|
|||||
| CVE-2017-15088 | 1 Mit | 1 Kerberos 5 | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka krb5) through 1.15.2 mishandles Distinguished Name (DN) fields, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) in situations involving untrusted X.509 data, related to the get_matching_data and X509_NAME_oneline_ex functions. NOTE: this has security relevance only in use cases outside of the MIT Kerberos distribution, e.g., the use of get_matching_da ...
Show More |
|||||
| CVE-2017-11265 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the Adobe Graphics Manager module. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2017-15746 | 1 Irfanview | 2 Cadimage, Irfanview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x00000000003d21b3."
|
|||||
| CVE-2017-0240 | 1 Microsoft | 1 Edge | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227.
|
|||||
| CVE-2017-15749 | 1 Irfanview | 2 Cadimage, Irfanview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x00000000000348b9."
|
|||||
| CVE-2016-10049 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick before 6.9.4-4 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file.
|
|||||
| CVE-2017-12799 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file.
|
|||||
| CVE-2017-13829 | 1 Apple | 1 Mac Os X | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
An issue was discovered in certain Apple products. macOS before 10.13.1 is affected. The issue involves the "CFNetwork" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
|||||
| CVE-2017-2407 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.
|
|||||
| CVE-2017-11268 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
|
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) private JPEG data. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2017-16671 | 1 Digium | 2 Asterisk, Certified Asterisk | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer.
|
|||||
| CVE-2017-15259 | 1 Irfanview | 2 Irfanview, Pdf | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlParserInputRead+0x000000000011624a."
|
|||||
| CVE-2017-7030 | 2 Apple, Microsoft | 7 Icloud, Iphone Os, Itunes and 4 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
|
|||||
| CVE-2015-9037 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message.
|
|||||
| CVE-2017-8729 | 1 Microsoft | 2 Edge, Windows 10 | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764.
|
|||||
| CVE-2017-15756 | 1 Irfanview | 2 Babacad4image, Irfanview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to "Data from Faulting Address controls subsequent Write Address starting at BabaCAD4Image!ShowPlugInOptions+0x000000000004d7c4."
|
|||||
| CVE-2017-15011 | 1 Qt | 1 Qt | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
|
The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and SugarSync, are configured for remote access and allow remote attackers to cause a denial of service (application crash) via an unspecified string.
|
|||||
| CVE-2017-9151 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the pnm_load_ascii function in input-pnm.c:303:12.
|
|||||
| CVE-2017-16995 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.
|
|||||
| CVE-2017-8926 | 1 Halliburton | 1 Logview Pro | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file.
|
|||||
| CVE-2017-8496 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8497.
|
|||||
| CVE-2017-8651 | 1 Microsoft | 3 Internet Explorer, Windows Server 2008, Windows Server 2012 | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka "Internet Explorer Memory Corruption Vulnerability".
|
|||||
| CVE-2017-16898 | 1 Libming | 1 Libming | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The printMP3Headers function in util/listmp3.c in libming v0.4.8 or earlier is vulnerable to a global buffer overflow, which may allow attackers to cause a denial of service via a crafted file, a different vulnerability than CVE-2016-9264.
|
|||||