Search Results (26990 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-14445 1 Insteon 2 Hub, Hub Firmware 2024-11-21 9.9 Critical
An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the host parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.
CVE-2017-14444 1 Insteon 2 Hub, Hub Firmware 2024-11-21 9.9 Critical
An exploitable buffer overflow vulnerability exists in Insteon Hub running firmware version 1012. The HTTP server implementation incorrectly handles the URL parameter during a firmware update request, leading to a buffer overflow on a global section. An attacker can send an HTTP GET request to trigger this vulnerability.
CVE-2017-11308 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 9.8 Critical
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2017-11307 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 9.8 Critical
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2017-11306 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 9.8 Critical
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2017-11253 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 9.8 Critical
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2017-11250 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 9.8 Critical
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2017-11240 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2024-11-21 9.8 Critical
Adobe Acrobat and Reader versions 2017.012.20098 and earlier, 2017.011.30066 and earlier, 2015.006.30355 and earlier, 11.0.22 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
CVE-2017-10992 1 Hp 1 Storage Essentials 2024-11-21 9.8 Critical
In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Deserialization with remote code execution via OS commands in a request to invoker/JMXInvokerServlet, aka PSRT110461.
CVE-2017-1002157 1 Redhat 1 Modulemd 2024-11-21 9.8 Critical
modulemd 1.3.1 and earlier uses an unsafe function for processing externally provided data, leading to remote code execution.
CVE-2017-1000497 1 Pepperminty-wiki Project 1 Pepperminty-wiki 2024-11-21 9.8 Critical
Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the getsvgsize function resulting in denial of service and possibly remote code execution
CVE-2017-1000487 3 Codehaus-plexus, Debian, Redhat 4 Plexus-utils, Debian Linux, Jboss Amq and 1 more 2024-11-21 9.8 Critical
Plexus-utils before 3.0.16 is vulnerable to command injection because it does not correctly process the contents of double quoted strings.
CVE-2017-0359 2 Debian, Reproducible Builds 2 Debian Linux, Diffoscope 2024-11-21 9.8 Critical
diffoscope before 77 writes to arbitrary locations on disk based on the contents of an untrusted archive.
CVE-2016-9652 2 Google, Redhat 2 Chrome, Rhel Extras 2024-11-21 9.8 Critical
Multiple unspecified vulnerabilities in Google Chrome before 55.0.2883.75.
CVE-2016-9063 3 Debian, Mozilla, Python 3 Debian Linux, Firefox, Python 2024-11-21 9.8 Critical
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
CVE-2016-9026 1 Exponentcms 1 Exponent Cms 2024-11-21 9.8 Critical
Exponent CMS before 2.6.0 has improper input validation in fileController.php.
CVE-2016-9025 1 Exponentcms 1 Exponent Cms 2024-11-21 9.8 Critical
Exponent CMS before 2.6.0 has improper input validation in purchaseOrderController.php.
CVE-2016-9023 1 Exponentcms 1 Exponent Cms 2024-11-21 9.8 Critical
Exponent CMS before 2.6.0 has improper input validation in cron/find_help.php.
CVE-2016-9022 1 Exponentcms 1 Exponent Cms 2024-11-21 9.8 Critical
Exponent CMS before 2.6.0 has improper input validation in usersController.php.
CVE-2016-9021 1 Exponentcms 1 Exponent Cms 2024-11-21 9.8 Critical
Exponent CMS before 2.6.0 has improper input validation in storeController.php.