Total
14046 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-2988 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2025-04-20 | 8.8 High |
| Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-5503 | 1 Jasper Project | 1 Jasper | 2025-04-20 | N/A |
| The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer 1.900.27 allows remote attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via a crafted image. | ||||
| CVE-2017-5329 | 1 Paloaltonetworks | 1 Terminal Services Agent | 2025-04-20 | 7.8 High |
| Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation. | ||||
| CVE-2017-0834 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A remote code execution vulnerability in the Android media framework (libmpeg2). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63125953. | ||||
| CVE-2016-8385 | 1 Iceni | 1 Argus | 2025-04-20 | 7.8 High |
| An exploitable uninitialized variable vulnerability which leads to a stack-based buffer overflow exists in Iceni Argus. When it attempts to convert a malformed PDF to XML a stack variable will be left uninitialized which will later be used to fetch a length that is used in a copy operation. In most cases this will allow an aggressor to write outside the bounds of a stack buffer which is used to contain colors. This can lead to code execution under the context of the account running the tool. | ||||
| CVE-2017-2999 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2025-04-20 | 8.8 High |
| Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK functionality related to hosting playback surface. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-2779 | 1 Ni | 1 Labview | 2025-04-20 | N/A |
| An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping condition resulting in an arbitrary null write. An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution. | ||||
| CVE-2017-3036 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | N/A |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in image conversion related to processing of the PCX (picture exchange) file format. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-5509 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 7.8 High |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. | ||||
| CVE-2016-9052 | 1 Aerospike | 1 Database Server | 2025-04-20 | 9.8 Critical |
| An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. | ||||
| CVE-2017-5510 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2025-04-20 | 7.8 High |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. | ||||
| CVE-2017-2897 | 1 Libxls Project | 1 Libxls | 2025-04-20 | 7.8 High |
| An exploitable out-of-bounds write vulnerability exists in the read_MSAT function of libxls 1.4. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability. | ||||
| CVE-2016-7392 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | 5.5 Medium |
| Heap-based buffer overflow in the pstoedit_suffix_table_init function in output-pstoedit.c in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted bmp image file. | ||||
| CVE-2017-14041 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2025-04-20 | 8.8 High |
| A stack-based buffer overflow was discovered in the pgxtoimage function in bin/jp2/convert.c in OpenJPEG 2.2.0. The vulnerability causes an out-of-bounds write, which may lead to remote denial of service or possibly remote code execution. | ||||
| CVE-2016-9275 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 7.5 High |
| Heap-based buffer overflow in the _dwarf_skim_forms function in libdwarf/dwarf_macro5.c in Libdwarf before 20161124 allows remote attackers to cause a denial of service (out-of-bounds read). | ||||
| CVE-2016-10328 | 2 Freetype, Oracle | 2 Freetype, Outside In Technology | 2025-04-20 | 9.8 Critical |
| FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a heap-based buffer overflow related to the cff_parser_run function in cff/cffparse.c. | ||||
| CVE-2017-3630 | 1 Oracle | 1 Solaris | 2025-04-20 | N/A |
| Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). | ||||
| CVE-2017-2925 | 6 Adobe, Apple, Google and 3 more | 8 Flash Player, Mac Os X, Chrome Os and 5 more | 2025-04-20 | 8.8 High |
| Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2015-8613 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 6.5 Medium |
| Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instance crash) via a crafted SCSI controller CTRL_GET_INFO command. | ||||
| CVE-2017-10984 | 2 Freeradius, Redhat | 2 Freeradius, Enterprise Linux | 2025-04-20 | N/A |
| An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows "Write overflow in data2vp_wimax()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | ||||