Total
12850 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11281 | 6 Adobe, Apple, Google and 3 more | 10 Flash Player, Macos, Chrome Os and 7 more | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier. | |||||
| CVE-2017-9170 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in the ReadImage function in input-bmp.c:370:25. | |||||
| CVE-2017-10869 | 1 Dena | 1 H2o | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in H2O version 2.2.2 and earlier allows remote attackers to cause a denial-of-service in the server via unspecified vectors. | |||||
| CVE-2017-8854 | 1 Wolfssl | 1 Wolfssl | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| wolfSSL before 3.10.2 has an out-of-bounds memory access with loading crafted DH parameters, aka a buffer overflow triggered by a malformed temporary DH file. | |||||
| CVE-2017-13733 | 1 Gnu | 1 Ncurses | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack. | |||||
| CVE-2016-8701 | 1 Potrace Project | 1 Potrace | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 allows remote attackers to have unspecified impact via a crafted BMP image, a different vulnerability than CVE-2016-8698, CVE-2016-8699, CVE-2016-8700, CVE-2016-8702, and CVE-2016-8703. | |||||
| CVE-2017-10925 | 1 Irfanview | 2 Fpx, Irfanview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .fpx file, related to "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FPX!FPX_GetScanDevicePropertyGroup+0x000000000000b3ae." | |||||
| CVE-2017-15782 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.43 allows attackers to execute arbitrary code or cause a denial of service via a crafted .dwg file, related to a "User Mode Write AV starting at CADImage+0x00000000000032eb." | |||||
| CVE-2017-14308 | 1 Stdutility | 1 Stdu Viewer | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| STDU Viewer 1.6.375 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .jb2 file, related to a "Read Access Violation starting at STDUJBIG2File!DllUnregisterServer+0x0000000000006ddd." | |||||
| CVE-2017-10772 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!memcmp+0x0000000000000018" (with RPC initialization). | |||||
| CVE-2017-2431 | 1 Apple | 1 Mac Os X | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.4 is affected. The issue involves the "CoreMedia" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted .mov file. | |||||
| CVE-2017-7741 | 1 Libsndfile Project | 1 Libsndfile | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libsndfile before 1.0.28, an error in the "flac_buffer_copy()" function (flac.c) can be exploited to cause a segmentation violation (with write memory access) via a specially crafted FLAC file during a resample attempt, a similar issue to CVE-2017-7585. | |||||
| CVE-2017-10757 | 2 Microsoft, Xnview | 2 Windows, Xnview | 2025-04-20 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic for Windows Version 2.40 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted .rle file, related to "Data from Faulting Address controls Branch Selection starting at ntdll_77df0000!RtlpCoalesceFreeBlocks+0x00000000000001b6." | |||||
| CVE-2016-10221 | 1 Artifex | 1 Mupdf | 2025-04-20 | 4.3 MEDIUM | 4.3 MEDIUM |
| The count_entries function in pdf-layer.c in Artifex Software, Inc. MuPDF 1.10a allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted PDF document. | |||||
| CVE-2017-11214 | 3 Adobe, Apple, Microsoft | 7 Acrobat, Acrobat Dc, Acrobat Reader and 4 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable memory corruption vulnerability in the image conversion engine when processing Enhanced Metafile Format (EMF) data related to rendering a path. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-11908 | 1 Microsoft | 3 Chakracore, Edge, Windows 10 | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
| ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | |||||
| CVE-2017-10602 | 1 Juniper | 1 Junos | 2025-04-20 | 7.2 HIGH | 7.0 HIGH |
| A buffer overflow vulnerability in Junos OS CLI may allow a local authenticated user with read only privileges and access to Junos CLI, to execute code with root privileges. Affected releases are Juniper Networks Junos OS: 14.1X53 versions prior to 14.1X53-D46 on EX2200/VC, EX3200, EX3300/VC, EX4200, EX4300, EX4550/VC, EX4600, EX6200, EX8200/VC (XRE), QFX3500, QFX3600, QFX5100; 14.1X53 versions prior to 14.1X53-D130 on QFabric System; 14.2 versions prior to 14.2R4-S9, 14.2R6; 15.1 versions prior to 15.1F5, 15.1R3; 15.1X49 versions prior to 15.1X49-D40 on SRX Series; 15.1X53 versions prior to 15.1X53-D47 on NFX150, NFX250; 15.1X53 versions prior to 15.1X53-D65 on QFX10000 Series; 15.1X53 versions prior to 15.1X53-D233 on QFX5110, QFX5200. | |||||
| CVE-2017-8738 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2016 | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
| Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8649, CVE-2017-8660, CVE-2017-8729, CVE-2017-8740, CVE-2017-8741, CVE-2017-8748, CVE-2017-8752, CVE-2017-8753, CVE-2017-8755, CVE-2017-8756, and CVE-2017-11764. | |||||
| CVE-2017-2935 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2016-10050 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.9.4-8 allows remote attackers to cause a denial of service (application crash) or have other unspecified impact via a crafted RLE file. | |||||