Export limit exceeded: 14205 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (14205 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-11628 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-20 | N/A |
| In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives. | ||||
| CVE-2017-11697 | 1 Mozilla | 1 Network Security Services | 2025-04-20 | N/A |
| The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file. | ||||
| CVE-2017-11695 | 1 Mozilla | 1 Network Security Services | 2025-04-20 | N/A |
| Heap-based buffer overflow in the alloc_segs function in lib/dbm/src/hash.c in Mozilla Network Security Services (NSS) allows context-dependent attackers to have unspecified impact using a crafted cert8.db file. | ||||
| CVE-2017-2444 | 1 Apple | 4 Iphone Os, Safari, Tvos and 1 more | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreGraphics" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | ||||
| CVE-2017-16827 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| The aout_get_external_symbols function in aoutx.h in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29.1, allows remote attackers to cause a denial of service (slurp_symtab invalid free and application crash) or possibly have unspecified other impact via a crafted ELF file. | ||||
| CVE-2017-12799 | 1 Gnu | 1 Binutils | 2025-04-20 | N/A |
| The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted binary file. | ||||
| CVE-2017-11640 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | N/A |
| When ImageMagick 7.0.6-1 processes a crafted file in convert, it can lead to an address access exception in the WritePTIFImage() function in coders/tiff.c. | ||||
| CVE-2017-2435 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "CoreText" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file. | ||||
| CVE-2017-2432 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "ImageIO" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG file. | ||||
| CVE-2017-7163 | 1 Apple | 1 Mac Os X | 2025-04-20 | N/A |
| An issue was discovered in certain Apple products. macOS before 10.13.2 is affected. The issue involves the "Intel Graphics Driver" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||||
| CVE-2017-14033 | 2 Redhat, Ruby-lang | 3 Enterprise Linux, Rhel Software Collections, Ruby | 2025-04-20 | N/A |
| The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows attackers to cause a denial of service (interpreter crash) via a crafted string. | ||||
| CVE-2017-14064 | 4 Canonical, Debian, Redhat and 1 more | 11 Ubuntu Linux, Debian Linux, Enterprise Linux and 8 more | 2025-04-20 | N/A |
| Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can expose arbitrary memory during a JSON.generate call. The issues lies in using strdup in ext/json/ext/generator/generator.c, which will stop after encountering a '\0' byte, returning a pointer to a string of length zero, which is not the length stored in space_len. | ||||
| CVE-2017-14492 | 5 Canonical, Debian, Novell and 2 more | 9 Ubuntu Linux, Debian Linux, Leap and 6 more | 2025-04-20 | N/A |
| Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request. | ||||
| CVE-2017-14497 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-20 | 7.8 High |
| The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel before 4.13 mishandles vnet headers, which might allow local users to cause a denial of service (buffer overflow, and disk and memory corruption) or possibly have unspecified other impact via crafted system calls. | ||||
| CVE-2017-0476 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A remote code execution vulnerability in AOSP Messaging could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as High due to the possibility of remote code execution within the context of an unprivileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33388925. | ||||
| CVE-2017-16931 | 1 Xmlsoft | 1 Libxml2 | 2025-04-20 | N/A |
| parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. | ||||
| CVE-2017-0472 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33862021. | ||||
| CVE-2016-6808 | 2 Apache, Redhat | 2 Tomcat Jk Connector, Jboss Core Services | 2025-04-20 | N/A |
| Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. | ||||
| CVE-2017-0470 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33818500. | ||||
| CVE-2017-0469 | 1 Google | 1 Android | 2025-04-20 | N/A |
| A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33450635. | ||||