Export limit exceeded: 366864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 16018 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (16018 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-1000176 | 1 Swftools | 1 Swftools | 2025-04-20 | N/A |
| In SWFTools, a memcpy buffer overflow was found in swfc. | ||||
| CVE-2017-1000185 | 1 Swftools | 1 Swftools | 2025-04-20 | N/A |
| In SWFTools, a memcpy buffer overflow was found in gif2swf. | ||||
| CVE-2017-1000186 | 1 Swftools | 1 Swftools | 2025-04-20 | N/A |
| In SWFTools, a stack overflow was found in pdf2swf. | ||||
| CVE-2017-1000187 | 1 Swftools | 1 Swftools | 2025-04-20 | N/A |
| In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF() | ||||
| CVE-2017-1000198 | 2 Redhat, Tcmu-runner Project | 2 Storage, Tcmu-runner | 2025-04-20 | N/A |
| tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service | ||||
| CVE-2017-1000206 | 1 Htslib | 1 Htslib | 2025-04-20 | N/A |
| samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution | ||||
| CVE-2017-1000210 | 1 Altran | 1 Picotcp | 2025-04-20 | N/A |
| picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack | ||||
| CVE-2017-1000231 | 1 Nlnetlabs | 1 Ldns | 2025-04-20 | N/A |
| A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. | ||||
| CVE-2017-1000232 | 1 Nlnetlabs | 1 Ldns | 2025-04-20 | N/A |
| A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. | ||||
| CVE-2017-1000249 | 1 File Project | 1 File | 2025-04-20 | N/A |
| An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). | ||||
| CVE-2017-1000254 | 2 Haxx, Redhat | 3 Libcurl, Jboss Core Services, Rhel Software Collections | 2025-04-20 | N/A |
| libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. | ||||
| CVE-2017-1000364 | 2 Linux, Redhat | 10 Linux Kernel, Container Development Kit, Enterprise Linux and 7 more | 2025-04-20 | N/A |
| An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). | ||||
| CVE-2017-10295 | 4 Debian, Netapp, Oracle and 1 more | 34 Debian Linux, Active Iq Unified Manager, Cloud Backup and 31 more | 2025-04-20 | 4.0 Medium |
| Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u161, 7u151, 8u144 and 9; Java SE Embedded: 8u144; JRockit: R28.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Java SE, Java SE Embedded, JRockit. While the vulnerability is in Java SE, Java SE Embedded, JRockit, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N). | ||||
| CVE-2017-10997 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, using a debugfs node, a write to a PCIe register can cause corruption of kernel memory. | ||||
| CVE-2017-10998 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in audio_aio_ion_lookup_vaddr, the buffer length, which is user input, ends up being used to validate if the buffer is fully within the valid region. If the buffer length is large enough then the address + length operation could overflow and produce a result far below the valid region. | ||||
| CVE-2017-10999 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, concurrent calls into ioctl RMNET_IOCTL_ADD_MUX_CHANNEL in ipa wan driver may lead to memory corruption due to missing locks. | ||||
| CVE-2017-11000 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write. | ||||
| CVE-2017-11007 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, there is a possibility of stack corruption due to buffer overflow of Partition name while converting ascii string to unicode string in function HandleMetaImgFlash. | ||||
| CVE-2017-11018 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, array access out of bounds may occur in the camera driver in the kernel | ||||
| CVE-2017-11017 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while flashing a specially crafted UBI image, it is possible to corrupt memory, or access uninitialized memory. | ||||