Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11339 | 1 Exiv2 | 1 Exiv2 | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack.
|
|||||
| CVE-2017-14687 | 2 Artifex, Microsoft | 2 Mupdf, Windows | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Artifex MuPDF 1.11 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .xps file, related to "Data from Faulting Address controls Branch Selection starting at mupdf+0x000000000016cb4f" on Windows. This occurs because of mishandling of XML tag name comparisons.
|
|||||
| CVE-2014-9928 | 1 Google | 1 Android | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
|
In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
|
|||||
| CVE-2016-9773 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.
|
|||||
| CVE-2017-6852 | 1 Jasper Project | 1 Jasper | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image.
|
|||||
| CVE-2017-2538 | 1 Apple | 2 Iphone Os, Safari | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
|
|||||
| CVE-2017-12785 | 1 Noviflow | 1 Noviware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
|
|||||
| CVE-2017-1000210 | 1 Altran | 1 Picotcp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack
|
|||||
| CVE-2016-8699 | 1 Potrace Project | 1 Potrace | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8700, CVE-2016-8701, CVE-2016-8702, and CVE-2016-8703.
|
|||||
| CVE-2017-14298 | 1 Stdutility | 1 Stdu Viewer | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to "Data from Faulting Address controls subsequent Write Address starting at STDUJBIG2File!DllGetClassObject+0x00000000000038e8."
|
|||||
| CVE-2017-2487 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "FontParser" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file.
|
|||||
| CVE-2017-11805 | 1 Microsoft | 3 Chakracore, Edge, Windows 10 | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-1 ...
Show More |
|||||
| CVE-2017-9886 | 1 Irfanview | 2 Fpx, Irfanview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpLowFragHeapFree+0x000000000000001f."
|
|||||
| CVE-2017-11821 | 1 Microsoft | 3 Chakracore, Edge, Windows 10 | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-1 ...
Show More |
|||||
| CVE-2017-2356 | 2 Apple, Webkitgtk | 6 Icloud, Iphone Os, Itunes and 3 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
|
|||||
| CVE-2017-12420 | 1 Netapp | 1 Clustered Data Ontap | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
|
Heap-based buffer overflow in the SMB implementation in NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allows remote authenticated users to cause a denial of service or execute arbitrary code.
|
|||||
| CVE-2017-6435 | 1 Libplist Project | 1 Libplist | 2025-04-20 | 1.9 LOW | 5.0 MEDIUM |
|
The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file.
|
|||||
| CVE-2017-3808 | 1 Cisco | 1 Unified Communications Manager | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
|
A vulnerability in the Session Initiation Protocol (SIP) UDP throttling process of Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient rate limiting protection. An attacker could exploit this vulnerability by sending the affected device a high rate of SIP messages. An exploit could allow the attacker to cause the device to reload unexpec ...
Show More |
|||||
| CVE-2017-5881 | 1 Gomlab | 1 Gom Player | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
|
|||||
| CVE-2016-10093 | 1 Libtiff | 1 Libtiff | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4beta, 4.0.5 and 4.0.6 allows remote attackers to have unspecified impact via a crafted image, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2017-5711 | 3 Asus, Intel, Siemens | 394 B150-a, B150-a Firmware, B150-plus and 391 more | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
Multiple buffer overflows in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allow attacker with local access to the system to execute arbitrary code with AMT execution privilege.
|
|||||
| CVE-2017-9937 | 1 Libtiff | 1 Libtiff | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A crafted TIFF document can lead to an abort resulting in a remote denial of service attack.
|
|||||
| CVE-2017-0137 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully e ...
Show More |
|||||
| CVE-2017-8273 | 1 Google | 1 Android | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image buffer, a buffer overflow can occur.
|
|||||
| CVE-2017-17473 | 1 Tgsoft | 1 Vir.it Explorer | 2025-04-20 | 6.1 MEDIUM | 7.8 HIGH |
|
TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact via a \\.\Viragtlt DeviceIoControl request of 0x82730050.
|
|||||
| CVE-2017-8065 | 1 Linux | 1 Linux Kernel | 2025-04-20 | 7.2 HIGH | 7.8 HIGH |
|
crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
|
|||||
| CVE-2015-4408 | 1 Hikvision | 9 Ds-7604ni-e1\/4p, Ds-7608ni-12\/8p, Ds-7608ni-e1\/8p and 6 more | 2025-04-20 | 6.8 MEDIUM | 6.5 MEDIUM |
|
Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the ISAPI issue.
|
|||||
| CVE-2016-3740 | 1 Foxitsoftware | 1 Foxit Reader | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based buffer overflow in the CreateFXPDFConvertor function in ConvertToPdf_x86.dll in Foxit Reader 7.3.4.311 allows remote attackers to execute arbitrary code via a large SamplesPerPixel value in a crafted TIFF image that is mishandled during PDF conversion. This is fixed in 8.0.
|
|||||
| CVE-2017-9719 | 1 Google | 1 Android | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the kernel driver MDSS, a buffer overflow can occur in HDMI CEC parsing if frame size is out of range.
|
|||||
| CVE-2017-0252 | 1 Microsoft | 1 Edge | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A remote code execution vulnerability exists in Microsoft Chakra Core in the way JavaScript engines render when handling objects in memory. aka "Scripting Engine Memory Corruption Vulnerability". This vulnerability is unique from CVE-2017-0223.
|
|||||
| CVE-2017-11889 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE ...
Show More |
|||||
| CVE-2017-11916 | 1 Microsoft | 1 Chakracore | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, ...
Show More |
|||||
| CVE-2016-8411 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
|
Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775.
|
|||||
| CVE-2017-14279 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
XnView Classic for Windows Version 2.40 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at jbig2dec+0x0000000000005643."
|
|||||
| CVE-2017-8603 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8596, CVE-2017-8610, CVE-2017-8598, CVE-2017-8618, CVE-2017-8619, CVE-2017-8595, CVE-2017-8601, CVE-2017-8604, CVE-2017-8605, CVE-2017-8606, CVE-2017- ...
Show More |
|||||
| CVE-2017-10773 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
|
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at MSCTF!_CtfImeCreateThreadMgr+0x00000000000000a8."
|
|||||
| CVE-2017-13731 | 1 Gnu | 1 Ncurses | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
|
There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.
|
|||||
| CVE-2017-17028 | 1 Qnap | 1 Qts | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
|
A buffer overflow vulnerability in external device function in QNAP QTS version 4.2.6 build 20171026, 4.3.3.0378 build 20171117, 4.3.4.0387 (Beta 2) build 20171116 and earlier could allow remote attackers to execute arbitrary code on NAS devices.
|
|||||
| CVE-2017-11802 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
|
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, ...
Show More |
|||||
| CVE-2017-15256 | 1 Irfanview | 2 Irfanview, Pdf | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to "Data from Faulting Address controls Branch Selection starting at PDF!xmlListWalk+0x0000000000019fc8."
|
|||||