Export limit exceeded: 21035 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21035 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12243 | 1 Cisco | 9 Firepower 4100 Next-generation Firewall Firmware, Firepower 4110 Next-generation Firewall, Firepower 4120 Next-generation Firewall and 6 more | 2025-04-20 | N/A |
| A vulnerability in the Cisco Unified Computing System (UCS) Manager, Cisco Firepower 4100 Series Next-Generation Firewall (NGFW), and Cisco Firepower 9300 Security Appliance could allow an authenticated, local attacker to obtain root shell privileges on the device, aka Command Injection. The vulnerability is due to improper validation of string input in the shell application. An attacker could exploit this vulnerability through the use of malicious commands. A successful exploit could allow the attacker to obtain root shell privileges on the device. Cisco Bug IDs: CSCvf20741, CSCvf60078. | ||||
| CVE-2017-9445 | 1 Systemd Project | 1 Systemd | 2025-04-20 | 7.5 High |
| In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it. | ||||
| CVE-2017-12636 | 1 Apache | 1 Couchdb | 2025-04-20 | N/A |
| CouchDB administrative users can configure the database server via HTTP(S). Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitrary shell commands as the CouchDB user, including downloading and executing scripts from the public internet. | ||||
| CVE-2017-14405 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2025-04-20 | N/A |
| The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote command execution via shell metacharacters in a hosts_cacti array parameter to module/admin_device/index.php. | ||||
| CVE-2017-14409 | 1 Mp3gain | 1 Mp3gain | 2025-04-20 | N/A |
| A buffer overflow was discovered in III_dequantize_sample in layer3.c in mpglibDBL, as used in MP3Gain version 1.5.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | ||||
| CVE-2017-8400 | 1 Swftools | 1 Swftools | 2025-04-20 | N/A |
| In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the function png_load() in lib/png.c:755. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS; it might cause arbitrary code execution. | ||||
| CVE-2017-14648 | 1 Bladeenc | 1 Bladeenc | 2025-04-20 | 9.8 Critical |
| A global buffer overflow was discovered in the iteration_loop function in loop.c in BladeEnc version 0.94.2. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | ||||
| CVE-2017-17785 | 3 Canonical, Debian, Gimp | 3 Ubuntu Linux, Debian Linux, Gimp | 2025-04-20 | 7.8 High |
| In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. | ||||
| CVE-2017-14647 | 1 Bento4 | 1 Bento4 | 2025-04-20 | N/A |
| A heap-based buffer overflow was discovered in AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | ||||
| CVE-2017-14644 | 1 Bento4 | 1 Bento4 | 2025-04-20 | N/A |
| A heap-based buffer overflow was discovered in the AP4_HdlrAtom class in Bento4 1.5.0-617. The vulnerability causes an out-of-bounds write, which leads to remote denial of service or possibly code execution. | ||||
| CVE-2017-5461 | 2 Mozilla, Redhat | 7 Network Security Services, Enterprise Linux, Rhel Aus and 4 more | 2025-04-20 | N/A |
| Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through 3.28.x before 3.28.4, 3.29.x before 3.29.5, and 3.30.x before 3.30.1 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by leveraging incorrect base64 operations. | ||||
| CVE-2017-7523 | 1 Cygwin | 1 Cygwin | 2025-04-20 | N/A |
| Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to buffer overflow vulnerability in wcsxfrm/wcsxfrm_l functions resulting into denial-of-service by crashing the process or potential hijack of the process running with administrative privileges triggered by specially crafted input string. | ||||
| CVE-2017-5849 | 2 Fedoraproject, Netpbm Project | 2 Fedora, Netpbm | 2025-04-20 | N/A |
| tiffttopnm in netpbm 10.47.63 does not properly use the libtiff TIFFRGBAImageGet function, which allows remote attackers to cause a denial of service (out-of-bounds read and write) via a crafted tiff image file, related to transposing width and height values. | ||||
| CVE-2017-5884 | 3 Fedoraproject, Gnome, Redhat | 3 Fedora, Gtk-vnc, Enterprise Linux | 2025-04-20 | N/A |
| gtk-vnc before 0.7.0 does not properly check boundaries of subrectangle-containing tiles, which allows remote servers to execute arbitrary code via the src x, y coordinates in a crafted (1) rre, (2) hextile, or (3) copyrect tile. | ||||
| CVE-2017-7690 | 1 Proxifier | 1 Proxifier | 2025-04-20 | 7.8 High |
| Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program. | ||||
| CVE-2017-6398 | 1 Trendmicro | 1 Interscan Messaging Security Virtual Appliance | 2025-04-20 | N/A |
| An issue was discovered in Trend Micro InterScan Messaging Security (Virtual Appliance) 9.1-1600. An authenticated user can execute a terminal command in the context of the web server user (which is root). Besides, the default installation of IMSVA comes with default administrator credentials. The saveCert.imss endpoint takes several user inputs and performs blacklisting. After that, it uses them as arguments to a predefined operating-system command without proper sanitization. However, because of an improper blacklisting rule, it's possible to inject arbitrary commands into it. | ||||
| CVE-2017-7864 | 1 Freetype | 1 Freetype | 2025-04-20 | N/A |
| FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tt_size_reset function in truetype/ttobjs.c. | ||||
| CVE-2016-9808 | 2 Gstreamer, Redhat | 2 Gstreamer, Enterprise Linux | 2025-04-20 | N/A |
| The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs. | ||||
| CVE-2017-11654 | 1 Sipcrack Project | 1 Sipcrack | 2025-04-20 | 5.9 Medium |
| An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic. | ||||
| CVE-2017-7413 | 1 Horde | 1 Groupware | 2025-04-20 | N/A |
| In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition through 5.2.17, OS Command Injection can occur if the attacker is an authenticated Horde Webmail user, has PGP features enabled in their preferences, and attempts to encrypt an email addressed to a maliciously crafted email address. | ||||