Export limit exceeded: 19664 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 21031 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (21031 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-2520 2 Apple, Debian 5 Iphone Os, Mac Os X, Tvos and 2 more 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a crafted SQL statement.
CVE-2017-2281 1 Iodata 2 Wn-ax1167gr, Wn-ax1167gr Firmware 2025-04-20 N/A
WN-AX1167GR firmware version 3.00 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
CVE-2017-17935 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-04-20 N/A
The File_read_line function in epan/wslua/wslua_file.c in Wireshark through 2.2.11 does not properly strip '\n' characters, which allows remote attackers to cause a denial of service (buffer underflow and application crash) via a crafted packet that triggers the attempted processing of an empty line.
CVE-2017-17105 1 Zivif 2 Pr115-204-p-rs, Pr115-204-p-rs Firmware 2025-04-20 N/A
Zivif PR115-204-P-RS V2.3.4.2103 and V4.7.4.2121 (and possibly in-between versions) web cameras are vulnerable to unauthenticated, blind remote command injection via CGI scripts used as part of the web interface, as demonstrated by a cgi-bin/iptest.cgi?cmd=iptest.cgi&-time="1504225666237"&-url=$(reboot) request.
CVE-2017-17055 1 Articatech 1 Artica Proxy 2025-04-20 N/A
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.
CVE-2017-16996 2 Debian, Linux 2 Debian Linux, Linux Kernel 2025-04-20 7.8 High
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.
CVE-2017-16958 1 Tp-link 108 Tl-er3210g, Tl-er3210g Firmware, Tl-er3220g and 105 more 2025-04-20 N/A
TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the t_bindif field of an admin/bridge command to cgi-bin/luci, related to the get_device_byif function in /usr/lib/lua/luci/controller/admin/bridge.lua in uhttpd.
CVE-2017-16926 1 Ohcount Project 1 Ohcount 2025-04-20 N/A
Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.
CVE-2017-15103 2 Heketi Project, Redhat 3 Heketi, Enterprise Linux, Storage 2025-04-20 N/A
A security-check flaw was found in the way the Heketi 5 server API handled user requests. An authenticated Heketi user could send specially crafted requests to the Heketi server, resulting in remote command execution as the user running Heketi server and possibly privilege escalation.
CVE-2017-15049 1 Zoom 1 Zoom 2025-04-20 8.8 High
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.
CVE-2017-1453 1 Ibm 1 Security Access Manager 9.0 Firmware 2025-04-20 N/A
IBM Security Access Manager Appliance 9.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 128372.
CVE-2017-13739 1 Liblouis 1 Liblouis 2025-04-20 N/A
There is a heap-based buffer overflow that causes a more than two thousand bytes out-of-bounds write in Liblouis 3.2.0, triggered in the function resolveSubtable() in compileTranslationTable.c. It will lead to denial of service or remote code execution.
CVE-2017-13713 1 Twsz 2 Wifi Repeater, Wifi Repeater Firmware 2025-04-20 N/A
T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.
CVE-2017-12608 2 Apache, Debian 2 Openoffice, Debian Linux 2025-04-20 7.8 High
A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution.
CVE-2017-12606 2 Debian, Opencv 2 Debian Linux, Opencv 2025-04-20 8.8 High
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow4 in utils.cpp when reading an image file by using cv::imread.
CVE-2017-12605 2 Debian, Opencv 2 Debian Linux, Opencv 2025-04-20 8.8 High
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillColorRow8 function in utils.cpp when reading an image file by using cv::imread.
CVE-2017-12604 2 Debian, Opencv 2 Debian Linux, Opencv 2025-04-20 8.8 High
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the FillUniColor function in utils.cpp when reading an image file by using cv::imread.
CVE-2017-12603 2 Debian, Opencv 2 Debian Linux, Opencv 2025-04-20 8.8 High
OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid write in the cv::RLByteStream::getBytes function in modules/imgcodecs/src/bitstrm.cpp when reading an image file by using cv::imread, as demonstrated by the 2-opencv-heapoverflow-fseek test case.
CVE-2017-12597 2 Debian, Opencv 2 Debian Linux, Opencv 2025-04-20 8.8 High
OpenCV (Open Source Computer Vision Library) through 3.3 has an out-of-bounds write error in the function FillColorRow1 in utils.cpp when reading an image file by using cv::imread.
CVE-2017-12581 1 Electron 1 Electron 2025-04-20 N/A
GitHub Electron before 1.6.8 allows remote command execution because of a nodeIntegration bypass vulnerability. This also affects all applications that bundle Electron code equivalent to 1.6.8 or earlier. Bypassing the Same Origin Policy (SOP) is a precondition; however, recent Electron versions do not have strict SOP enforcement. Combining an SOP bypass with a privileged URL internally used by Electron, it was possible to execute native Node.js primitives in order to run OS commands on the user's host. Specifically, a chrome-devtools://devtools/bundled/inspector.html window could be used to eval a Node.js child_process.execFile API call.