Export limit exceeded: 14223 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43964 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20348 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-9176 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | N/A |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:370:25. | ||||
| CVE-2017-9178 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | N/A |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:421:11. | ||||
| CVE-2017-9181 | 1 Autotrace Project | 1 Autotrace | 2025-04-20 | N/A |
| libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c. | ||||
| CVE-2017-9203 | 1 Entropymine | 1 Imageworsener | 2025-04-20 | N/A |
| imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c. | ||||
| CVE-2017-9225 | 3 Oniguruma Project, Php, Ruby-lang | 3 Oniguruma, Php, Ruby | 2025-04-20 | N/A |
| An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow. | ||||
| CVE-2017-9226 | 3 Oniguruma Project, Php, Redhat | 3 Oniguruma, Php, Rhel Software Collections | 2025-04-20 | 9.8 Critical |
| An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. | ||||
| CVE-2017-9228 | 3 Oniguruma Project, Php, Redhat | 3 Oniguruma, Php, Rhel Software Collections | 2025-04-20 | 9.8 Critical |
| An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption. | ||||
| CVE-2017-9242 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-20 | N/A |
| The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls. | ||||
| CVE-2017-9328 | 1 Terra-master | 1 Terramaster Operating System | 2025-04-20 | N/A |
| Shell metacharacter injection vulnerability in /usr/www/include/ajax/GetTest.php in TerraMaster TOS before 3.0.34 leads to remote code execution as root. | ||||
| CVE-2017-9377 | 1 Barco | 4 Clickshare Csc-1, Clickshare Csc-1 Firmware, Clickshare Csm-1 and 1 more | 2025-04-20 | N/A |
| A command injection was identified on Barco ClickShare Base Unit devices with CSM-1 firmware before 1.7.0.3 and CSC-1 firmware before 1.10.0.10. An attacker with access to the product's web API can exploit this vulnerability to completely compromise the vulnerable device. | ||||
| CVE-2017-9736 | 1 Spip | 1 Spip | 2025-04-20 | N/A |
| SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell metacharacters from the host field, allowing a remote attacker to cause remote code execution. | ||||
| CVE-2017-9757 | 1 Ipfire | 1 Ipfire | 2025-04-20 | N/A |
| IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via the OINKCODE parameter, which is mishandled by a shell. This can be exploited directly by authenticated users, or through CSRF. | ||||
| CVE-2017-9828 | 1 Vivotek | 6 Network Camera Fd8164, Network Camera Fd8164 Firmware, Network Camera Fd816ba and 3 more | 2025-04-20 | N/A |
| '/cgi-bin/admin/testserver.cgi' of the web service in most of the VIVOTEK Network Cameras is vulnerable to shell command injection, which allows remote attackers to execute any shell command as root via a crafted HTTP request. This vulnerability is already verified on VIVOTEK Network Camera IB8369/FD8164/FD816BA; most others have similar firmware that may be affected. An attack uses shell metacharacters in the senderemail parameter. | ||||
| CVE-2015-8666 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2025-04-20 | 7.9 High |
| Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. | ||||
| CVE-2015-3431 | 1 Pydio | 1 Pydio | 2025-04-20 | N/A |
| Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." | ||||
| CVE-2017-2933 | 6 Adobe, Apple, Google and 3 more | 8 Flash Player, Mac Os X, Chrome Os and 5 more | 2025-04-20 | 8.8 High |
| Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-2927 | 6 Adobe, Apple, Google and 3 more | 8 Flash Player, Mac Os X, Chrome Os and 5 more | 2025-04-20 | 8.8 High |
| Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-2925 | 6 Adobe, Apple, Google and 3 more | 8 Flash Player, Mac Os X, Chrome Os and 5 more | 2025-04-20 | 8.8 High |
| Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-9229 | 4 Oniguruma Project, Php, Redhat and 1 more | 4 Oniguruma, Php, Rhel Software Collections and 1 more | 2025-04-20 | 7.5 High |
| An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. | ||||
| CVE-2017-2862 | 3 Debian, Gnome, Redhat | 3 Debian Linux, Gdk-pixbuf, Enterprise Linux | 2025-04-20 | 7.8 High |
| An exploitable heap overflow vulnerability exists in the gdk_pixbuf__jpeg_image_load_increment functionality of Gdk-Pixbuf 2.36.6. A specially crafted jpeg file can cause a heap overflow resulting in remote code execution. An attacker can send a file or url to trigger this vulnerability. | ||||