Search Results (21034 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5210 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
CVE-2016-5209 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2016-9091 1 Bluecoat 2 Advanced Secure Gateway, Content Analysis System Software 2025-04-20 N/A
Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content Analysis System (CAS) 1.3 before 1.3.7.4 are susceptible to an OS command injection vulnerability. An authenticated malicious administrator can execute arbitrary OS commands with elevated system privileges.
CVE-2017-2886 1 Acdsee 1 Ultimate 2025-04-20 7.8 High
A memory corruption vulnerability exists in the .PSD parsing functionality of ACDSee Ultimate 10.0.0.292. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in potential code execution. An attacker can send a specific .PSD file to trigger this vulnerability.
CVE-2017-6867 1 Siemens 3 Simatic Wincc, Simatic Wincc \(tia Portal\), Simatic Wincc Runtime 2025-04-20 N/A
A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before Upd 11 and V7.4 before SP1), SIMATIC WinCC Runtime Professional (V13 before SP2 and V14 before SP1), SIMATIC WinCC (TIA Portal) Professional (V13 before SP2 and V14 before SP1) that could allow an authenticated, remote attacker who is member of the "administrators" group to crash services by sending specially crafted messages to the DCOM interface.
CVE-2016-9808 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2025-04-20 N/A
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
CVE-2017-16641 1 Cacti 1 Cacti 2025-04-20 N/A
lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.
CVE-2017-1000203 1 Cern 1 Root 2025-04-20 N/A
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution
CVE-2017-3044 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-20 N/A
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the JPEG 2000 engine, related to image scaling. Successful exploitation could lead to arbitrary code execution.
CVE-2017-8051 1 Tenable 1 Appliance 2025-04-20 N/A
Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a flaw in the simpleupload.py script in the Web UI. Through the manipulation of the tns_appliance_session_user parameter, a remote attacker can inject arbitrary commands.
CVE-2017-1453 1 Ibm 1 Security Access Manager 9.0 Firmware 2025-04-20 N/A
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372.
CVE-2017-0608 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35400458. References: QC-CR#1098363.
CVE-2017-1000363 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 7.8 High
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line.
CVE-2017-0684 1 Google 1 Android 2025-04-20 N/A
A elevation of privilege vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35421151.
CVE-2017-16417 1 Adobe 4 Acrobat, Acrobat Dc, Acrobat Reader and 1 more 2025-04-20 N/A
An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer; the computation is a part of the font parsing module. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
CVE-2014-8389 1 Airlive 10 Bu-2015, Bu-2015 Firmware, Bu-3026 and 7 more 2025-04-20 N/A
cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive POE-200CAM v2 with firmware LM.1.6.17.01 uses hard-coded credentials in the embedded Boa web server, which allows remote attackers to obtain user credentials via crafted HTTP requests.
CVE-2017-6309 2 Debian, Tnef Project 2 Debian Linux, Tnef 2025-04-20 N/A
An issue was discovered in tnef before 1.4.13. Two type confusions have been identified in the parse_file() function. These might lead to invalid read and write operations, controlled by an attacker.
CVE-2016-10320 1 Textract Project 1 Textract 2025-04-20 N/A
textract before 1.5.0 allows OS Command Injection attacks via a filename in a call to the process function. This may be a remote attack if a web application accepts names of arbitrary uploaded files.
CVE-2017-6307 2 Debian, Tnef Project 2 Debian Linux, Tnef 2025-04-20 N/A
An issue was discovered in tnef before 1.4.13. Two OOB Writes have been identified in src/mapi_attr.c:mapi_attr_read(). These might lead to invalid read and write operations, controlled by an attacker.
CVE-2016-2050 1 Libdwarf Project 1 Libdwarf 2025-04-20 6.5 Medium
The get_abbrev_array_info function in libdwarf-20151114 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted elf file.