CWE-76 CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (127 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2019-11930	1 Facebook	1 Hhvm	2024-11-21	9.8 Critical
An invalid free in mb_detect_order can cause the application to crash or potentially result in remote code execution. This issue affects HHVM versions prior to 3.30.12, all versions between 4.0.0 and 4.8.5, all versions between 4.9.0 and 4.23.1, as well as 4.24.0, 4.25.0, 4.26.0, 4.27.0, 4.28.0, and 4.28.1.
CVE-2018-9557	1 Google	1 Android	2024-11-21	N/A
In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. Android ID: A-35385357.
CVE-2018-6836	1 Wireshark	1 Wireshark	2024-11-21	N/A
The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark through 2.4.4 performs a free operation on an uninitialized memory address, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-5552	1 Docutracinc	1 Dtisqlinstaller	2024-11-21	N/A
Versions of DocuTrac QuicDoc and Office Therapy that ship with DTISQLInstaller.exe version 1.6.4.0 and prior contains a hard-coded cryptographic salt, "S@l+&pepper".
CVE-2017-18075	3 Canonical, Linux, Redhat	3 Ubuntu Linux, Linux Kernel, Enterprise Linux	2024-11-21	7.8 High
crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls.
CVE-2016-8380	1 Phoenixcontact	2 Ilc Plcs, Ilc Plcs Firmware	2024-11-21	N/A
The web server in Phoenix Contact ILC PLCs allows access to read and write PLC variables without authentication.
CVE-2013-4695	1 Winamp	1 Winamp	2024-11-21	7.8 High
Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution

« first previous Page 7 of 7.