Total
13326 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2931 | 5 Adobe, Apple, Google and 2 more | 7 Flash Player, Mac Os X, Chrome Os and 4 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-11465 | 1 Ruby-lang | 1 Ruby | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism. | |||||
| CVE-2016-2050 | 1 Libdwarf Project | 1 Libdwarf | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file. | |||||
| CVE-2016-6870 | 1 Facebook | 1 Hhvm | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, and (3) mb_detect_order functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors. | |||||
| CVE-2017-5029 | 7 Apple, Debian, Google and 4 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. | |||||
| CVE-2017-7865 | 2 Debian, Ffmpeg | 2 Debian Linux, Ffmpeg | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c. | |||||
| CVE-2017-8400 | 1 Swftools | 1 Swftools | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution. | |||||
| CVE-2017-14411 | 1 Mp3gain | 1 Mp3gain | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow was discovered in copy_mp in interface.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | |||||
| CVE-2017-5842 | 1 Gstreamer Project | 1 Gstreamer | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. | |||||
| CVE-2017-16879 | 1 Gnu | 1 Ncurses | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the _nc_write_entry function in tinfo/write_entry.c in ncurses 6.0 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted terminfo file, as demonstrated by tic. | |||||
| CVE-2016-9054 | 1 Aerospike | 1 Database Server | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_list_by_set_binid resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability. | |||||
| CVE-2017-2992 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-3072 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-4924 | 1 Vmware | 3 Esxi, Fusion, Workstation Pro | 2025-04-20 | 7.2 HIGH | 8.8 HIGH |
| VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation (12.x before 12.5.7) and Fusion (8.x before 8.5.8) contain an out-of-bounds write vulnerability in SVGA device. This issue may allow a guest to execute code on the host. | |||||
| CVE-2017-3074 | 6 Adobe, Apple, Google and 3 more | 11 Flash Player, Flash Player Desktop Runtime, Mac Os X and 8 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2015-7504 | 3 Debian, Qemu, Xen | 3 Debian Linux, Qemu, Xen | 2025-04-20 | 4.6 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. | |||||
| CVE-2017-10979 | 1 Freeradius | 1 Freeradius | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows "Write overflow in rad_coalesce()" - this allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code. | |||||
| CVE-2017-8272 | 1 Google | 1 Android | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properly validated potentially leading to an out of bounds heap write. | |||||
| CVE-2017-12459 | 1 Gnu | 1 Binutils | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29 and earlier, allows remote attackers to cause an out of bounds heap write and possibly achieve code execution via a crafted mach-o file. | |||||
| CVE-2017-2991 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution. | |||||