Vulnerabilities (CVE)

Filtered by CWE-119
Total 12273 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-7555 1 Augeas 1 Augeas 2025-04-20 7.5 HIGH 9.8 CRITICAL
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
CVE-2016-7606 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-20 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-10734 1 Irfanview 1 Irfanview 2025-04-20 6.8 MEDIUM 7.8 HIGH
IrfanView version 4.44 (32bit) might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to an "Invalid Handle starting at wow64!Wow64NotifyDebugger+0x000000000000001d."
CVE-2017-7014 1 Apple 1 Mac Os X 2025-04-20 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-7044 1 Apple 1 Mac Os X 2025-04-20 9.3 HIGH 7.8 HIGH
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
CVE-2017-11674 1 Acunetix 1 Web Vulnerability Scanner 2025-04-20 4.3 MEDIUM 5.5 MEDIUM
Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application crash) via a malformed PRE file, related to a "Read Access Violation starting at reporter!madTraceProcess."
CVE-2017-11764 1 Microsoft 3 Edge, Windows 10, Windows Server 2016 2025-04-20 7.6 HIGH 7.5 HIGH
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8738, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, and CVE-2017-8756.
CVE-2017-5112 2 Google, Microsoft 2 Chrome, Windows 2025-04-20 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 for Windows allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.
CVE-2017-11243 3 Adobe, Apple, Microsoft 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more 2025-04-20 4.3 MEDIUM 6.5 MEDIUM
Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the XSLT engine. Successful exploitation could lead to arbitrary code execution.
CVE-2017-9163 1 Autotrace Project 1 Autotrace 2025-04-20 7.5 HIGH 9.8 CRITICAL
libautotrace.a in AutoTrace 0.31.1 has a "cannot be represented in type int" issue in pxl-outline.c:106:54.
CVE-2017-12707 1 Spidercontrol 1 Scada Microbrowser 2025-04-20 7.5 HIGH 9.8 CRITICAL
A Stack-based Buffer Overflow issue was discovered in SpiderControl SCADA MicroBrowser Versions 1.6.30.144 and prior. Opening a maliciously crafted html file may cause a stack overflow.
CVE-2017-10781 2 Microsoft, Xnview 2 Windows, Xnview 2025-04-20 4.6 MEDIUM 7.8 HIGH
XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!LdrpFindLoadedDllByName+0x00000000000000a5."
CVE-2015-2675 1 Gnome 1 Librest 2025-04-20 5.0 MEDIUM 7.5 HIGH
The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (application crash) via running the EnsureCredentials method from the org.gnome.OnlineAccounts.Account interface on an object representing a Flickr account.
CVE-2017-11345 1 Asuswrt-merlin Project 56 Rt-ac1200, Rt-ac1200 Firmware, Rt-ac3100 and 53 more 2025-04-20 6.8 MEDIUM 7.8 HIGH
Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response.
CVE-2017-14266 1 Broadcom 1 Tcpreplay 2025-04-20 6.8 MEDIUM 7.8 HIGH
tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow vulnerability triggered by a crafted PCAP file, a related issue to CVE-2016-6160.
CVE-2017-10869 1 Dena 1 H2o 2025-04-20 5.0 MEDIUM 7.5 HIGH
Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors.
CVE-2017-15787 2 Microsoft, Xnview 2 Windows, Xnview 2025-04-20 6.8 MEDIUM 7.8 HIGH
XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "Data Execution Prevention Violation starting at xnview+0x0000000000580063."
CVE-2017-6983 1 Apple 2 Iphone Os, Mac Os X 2025-04-20 6.8 MEDIUM 8.8 HIGH
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
CVE-2016-7986 1 Tcpdump 1 Tcpdump 2025-04-20 7.5 HIGH 9.8 CRITICAL
The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.
CVE-2017-3824 1 Cisco 2 Cbr-8 Converged Broadband Router, Ios Xe 2025-04-20 5.4 MEDIUM 6.8 MEDIUM
A vulnerability in the handling of list headers in Cisco cBR Series Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition. Cisco cBR-8 Converged Broadband Routers running vulnerable versions of Cisco IOS XE are affected. More Information: CSCux40637. Known Affected Releases: 15.5(3)S 15.6(1)S. Known Fixed Releases: 15.5(3)S2 15.6(1)S1 15.6(2)S 15.6(2)SP 16.4(1).