Total
12511 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2524 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "TextInput" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted data. | |||||
| CVE-2016-10067 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers to cause a denial of service (application crash) via vectors involving "too many exceptions," which trigger a buffer overflow. | |||||
| CVE-2017-16671 | 1 Digium | 2 Asterisk, Certified Asterisk | 2025-04-20 | 6.5 MEDIUM | 8.8 HIGH |
| A Buffer Overflow issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 before 14.7.1, and 15 before 15.1.1 and Certified Asterisk 13.13 before 13.13-cert7. No size checking is done when setting the user field for Party B on a CDR. Thus, it is possible for someone to use an arbitrarily large string and write past the end of the user field storage buffer. NOTE: this is different from CVE-2017-7617, which was only about the Party A buffer. | |||||
| CVE-2017-15781 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Read Access Violation on Control Flow starting at CADImage+0x0000000000286a76." | |||||
| CVE-2016-10375 | 1 Yodl Project | 1 Yodl | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Yodl before 3.07.01 has a Buffer Over-read in the queue_push function in queue/queuepush.c. | |||||
| CVE-2017-9881 | 1 Irfanview | 2 Fpx, Irfanview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to execute arbitrary code or cause a denial of service via a crafted .fpx file, related to "Data from Faulting Address controls Code Flow starting at FPX!FPX_GetScanDevicePropertyGroup+0x00000000000014e7." | |||||
| CVE-2016-8863 | 2 Debian, Libupnp Project | 2 Debian Linux, Libupnp | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the create_url_list function in gena/gena_device.c in Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a valid URI followed by an invalid one in the CALLBACK header of an SUBSCRIBE request. | |||||
| CVE-2016-7654 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before 12.5.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2017-5216 | 1 Netop | 1 Remote Control | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Stack-based buffer overflow vulnerability in Netop Remote Control versions 11.53, 12.21 and prior. The affected module in the Guest client is the "Import to Phonebook" option. When a specially designed malicious file containing special characters is loaded, the overflow occurs. 12.51 is the fixed version. The Support case ref is 00109744. | |||||
| CVE-2016-7933 | 1 Tcpdump | 1 Tcpdump | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print(). | |||||
| CVE-2015-9063 | 1 Google | 1 Android | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. | |||||
| CVE-2017-15745 | 1 Irfanview | 2 Cadimage, Irfanview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x000000000002ca2e." | |||||
| CVE-2017-1000176 | 1 Swftools | 1 Swftools | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In SWFTools, a memcpy buffer overflow was found in swfc. | |||||
| CVE-2015-8026 | 1 Exfat Project | 1 Exfat | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem. | |||||
| CVE-2017-9502 | 1 Haxx | 1 Curl | 2025-04-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://"). | |||||
| CVE-2017-11241 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable heap overflow vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to polygons. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-13729 | 1 Gnu | 1 Ncurses | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack. | |||||
| CVE-2017-0131 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability is different from those described in CVE-2017-0010, CVE-2017-0015, CVE-2017-0032, CVE-2017-0035, CVE-2017-0067, CVE-2017-0070, CVE-2017-0071, CVE-2017-0094, CVE-2017-0132, CVE-2017-0133, CVE-2017-0134, CVE-2017-0136, CVE-2017-0137, CVE-2017-0138, CVE-2017-0141, CVE-2017-0150, and CVE-2017-0151. | |||||
| CVE-2017-9918 | 1 Irfanview | 2 Irfanview, Tools | 2025-04-20 | 4.4 MEDIUM | 7.8 HIGH |
| IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or execute arbitrary code via a crafted file, related to "Data from Faulting Address controls Branch Selection starting at KERNELBASE!QueryOptionalDelayLoadedAPI+0x0000000000000c42." | |||||
| CVE-2016-7984 | 1 Tcpdump | 1 Tcpdump | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print(). | |||||