Total
11918 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-7407 | 1 Haxx | 1 Curl | 2025-04-20 | 2.1 LOW | 2.4 LOW |
| The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. | |||||
| CVE-2017-9660 | 1 Fujielectric | 1 Monitouch V-sft | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch V-SFT versions prior to Version 5.4.43.0. A heap-based buffer overflow vulnerability has been identified, which may cause a crash or allow remote code execution. | |||||
| CVE-2017-10760 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at COMCTL32!SetStatusText+0x0000000000000029." | |||||
| CVE-2017-6745 | 1 Cisco | 1 Videoscape Distribution Suite For Television | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability in the cache server within Cisco Videoscape Distribution Suite (VDS) for Television 3.2(5)ES1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted appliance. The vulnerability is due to excessive mapped connections exhausting the allotted resources within the system. An attacker could exploit this vulnerability by sending large amounts of inbound traffic to a device with the intention of overloading certain resources. A successful exploit could cause the device to reload, resulting in a DoS condition. Cisco Bug IDs: CSCvc39260. | |||||
| CVE-2017-10733 | 1 Irfanview | 1 Irfanview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpEnterCriticalSectionContended+0x0000000000000031." | |||||
| CVE-2017-14561 | 1 Stdutility | 1 Stdu Viewer | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause a denial of service via a crafted .xps file, related to an "Illegal Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d called from STDUXPSFile!DllUnregisterServer+0x0000000000025638." | |||||
| CVE-2017-5712 | 3 Asus, Intel, Siemens | 394 B150-a, B150-a Firmware, B150-plus and 391 more | 2025-04-20 | 9.0 HIGH | 7.2 HIGH |
| Buffer overflow in Active Management Technology (AMT) in Intel Manageability Engine Firmware 8.x/9.x/10.x/11.0/11.5/11.6/11.7/11.10/11.20 allows attacker with remote Admin access to the system to execute arbitrary code with AMT execution privilege. | |||||
| CVE-2017-13999 | 1 We-con | 1 Levi Studio Hmi Editor | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio HMI Editor v1.8.1 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified in which the application does not verify string size before copying to memory; the attacker may then be able to crash the application or run arbitrary code. | |||||
| CVE-2017-7965 | 1 Schneider-electric | 1 Somachine Hvac | 2025-04-20 | 4.6 MEDIUM | 7.3 HIGH |
| A buffer overflow vulnerability exists in Programming Software executable AlTracePrint.exe, in Schneider Electric's SoMachine HVAC v2.1.0 for Modicon M171/M172 Controller. | |||||
| CVE-2017-16372 | 1 Adobe | 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This issue is due to untrusted pointer dereference in the JavaScript API engine. In this scenario, the JavaScript input is crafted in way that the computation results with pointer to memory locations that do not belong to the relevant process address space. The dereferencing operation is a read operation, and an attack can result with sensitive data exposure. | |||||
| CVE-2017-5240 | 1 Rapid7 | 1 Appspider Pro | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a heap-based buffer overflow in the FLAnalyzer.exe component. A malicious or malformed Flash source file can cause a denial of service condition when parsed by this component, causing the application to crash. | |||||
| CVE-2017-0235 | 1 Microsoft | 1 Edge | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238. | |||||
| CVE-2017-8821 | 2 Debian, Tor Project | 2 Debian Linux, Tor | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 before 0.2.9.14, 0.3.0 before 0.3.0.13, and 0.3.1 before 0.3.1.9, an attacker can cause a denial of service (application hang) via crafted PEM input that signifies a public key requiring a password, which triggers an attempt by the OpenSSL library to ask the user for the password, aka TROVE-2017-011. | |||||
| CVE-2017-9706 | 1 Google | 1 Android | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, an array out-of-bounds access can potentially occur in a display driver. | |||||
| CVE-2017-14271 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 allows attackers to execute arbitrary code or cause a denial of service via a crafted .jb2 file, related to a "User Mode Write AV starting at ntdll_77400000!RtlImpersonateSelfEx+0x000000000000024e." | |||||
| CVE-2017-0477 | 1 Google | 1 Android | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-33621647. | |||||
| CVE-2017-15746 | 1 Irfanview | 2 Cadimage, Irfanview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .dwg file, related to "Data from Faulting Address controls Branch Selection starting at CADIMAGE+0x00000000003d21b3." | |||||
| CVE-2017-6035 | 1 We-con | 1 Levi Studio Hmi Editor | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| A Stack-Based Buffer Overflow issue was discovered in Wecon Technologies LEVI Studio HMI Editor before 1.8.1. This vulnerability causes a buffer overflow, which could result in denial of service when a malicious project file is run on the system. | |||||
| CVE-2016-4292 | 1 Hancom | 1 Hancom Office 2014 | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a static size to allocate a heap buffer yet explicitly trust a size from the file when modifying data inside of it. Due to this, an aggressor can corrupt memory outside the bounds of this buffer which can lead to code execution under the context of the application. | |||||
| CVE-2017-9990 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||