Export limit exceeded: 26285 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363781 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (15475 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-3077 6 Adobe, Apple, Google and 3 more 8 Flash Player, Mac Os X, Chrome Os and 5 more 2025-04-20 N/A
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable memory corruption vulnerability in the PNG image parser. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3106 6 Adobe, Apple, Google and 3 more 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more 2025-04-20 8.8 High
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3544 4 Debian, Google, Oracle and 1 more 17 Debian Linux, Android, Jdk and 14 more 2025-04-20 N/A
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2017-3750 2 Google, Lenovo 21 Android, Vibe A1600, Vibe A2560 and 18 more 2025-04-20 N/A
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749.
CVE-2017-5006 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
CVE-2017-5007 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
CVE-2017-5008 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
CVE-2017-5009 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-5010 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, resolved promises in an inappropriate context, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
CVE-2017-5011 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Google Chrome prior to 56.0.2924.76 for Windows insufficiently sanitized DevTools URLs, which allowed a remote attacker who convinced a user to install a malicious extension to read filesystem contents via a crafted HTML page.
CVE-2017-5012 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-5027 1 Google 1 Chrome 2025-04-20 N/A
Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to properly enforce unsafe-inline content security policy, which allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2017-5029 7 Apple, Debian, Google and 4 more 11 Macos, Debian Linux, Android and 8 more 2025-04-20 8.8 High
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
CVE-2017-5052 5 Apple, Google, Linux and 2 more 9 Macos, Android, Chrome and 6 more 2025-04-20 8.8 High
An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting.
CVE-2017-5053 5 Apple, Google, Linux and 2 more 9 Macos, Android, Chrome and 6 more 2025-04-20 9.6 Critical
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page, related to Array.prototype.indexOf.
CVE-2017-5054 5 Apple, Google, Linux and 2 more 9 Macos, Android, Chrome and 6 more 2025-04-20 8.8 High
An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to obtain heap memory contents via a crafted HTML page.
CVE-2017-5050 4 Apple, Google, Linux and 1 more 5 Macos, Android, Chrome and 2 more 2025-04-20 N/A
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
CVE-2017-5051 4 Apple, Google, Linux and 1 more 5 Macos, Android, Chrome and 2 more 2025-04-20 N/A
An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to perform an out of bounds memory write via a crafted video file, related to ChunkDemuxer.
CVE-2017-5067 5 Apple, Google, Linux and 2 more 8 Macos, Chrome, Linux Kernel and 5 more 2025-04-20 6.5 Medium
An insufficient watchdog timer in navigation in Google Chrome prior to 58.0.3029.81 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
CVE-2017-5068 5 Apple, Google, Linux and 2 more 8 Macos, Chrome, Linux Kernel and 5 more 2025-04-20 7.5 High
Incorrect handling of picture ID in WebRTC in Google Chrome prior to 58.0.3029.96 for Mac, Windows, and Linux allowed a remote attacker to trigger a race condition via a crafted HTML page.