Export limit exceeded: 23259 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (23259 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-0594 1 Google 1 Android 2025-04-20 N/A
An elevation of privilege vulnerability in codecs/aacenc/SoftAACEncoder2.cpp in libstagefright in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34617444.
CVE-2017-0441 2 Google, Linux 2 Android, Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32872662. References: QC-CR#1095009.
CVE-2017-0306 1 Linux 1 Linux Kernel 2025-04-20 N/A
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-34132950. References: N-CVE-2017-0306.
CVE-2017-6883 2 Foxitsoftware, Microsoft 3 Foxit Reader, Phantompdf, Windows 2025-04-20 N/A
The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted TIFF image. The vulnerability could lead to information disclosure; an attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
CVE-2017-3032 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-20 N/A
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 code-stream parser.
CVE-2017-16548 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Rsync 2025-04-20 9.8 Critical
The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-development does not check for a trailing '\0' character in an xattr name, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact by sending crafted data to the daemon.
CVE-2016-7837 1 Bluez 1 Bluez 2025-04-20 N/A
Buffer overflow in BlueZ 5.41 and earlier allows an attacker to execute arbitrary code via the parse_line function used in some userland utilities.
CVE-2017-0176 1 Microsoft 2 Windows Server 2003, Windows Xp 2025-04-20 N/A
A buffer overflow in Smart Card authentication code in gpkcsp.dll in Microsoft Windows XP through SP3 and Server 2003 through SP2 allows a remote attacker to execute arbitrary code on the target computer, provided that the computer is joined in a Windows domain and has Remote Desktop Protocol connectivity (or Terminal Services) enabled.
CVE-2017-14314 2 Debian, Graphicsmagick 2 Debian Linux, Graphicsmagick 2025-04-20 N/A
Off-by-one error in the DrawImage function in magick/render.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (DrawDashPolygon heap-based buffer over-read and application crash) via a crafted file.
CVE-2016-9959 4 Game-music-emu Project, Opensuse, Opensuse Project and 1 more 9 Game-music-emu, Leap, Opensuse and 6 more 2025-04-20 N/A
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVE-2017-13765 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-04-20 N/A
In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM dissector has a buffer over-read and application crash. This was addressed in plugins/irda/packet-ircomm.c by adding length validation.
CVE-2017-15320 1 Huawei 10 Rp200, Rp200 Firmware, Te30 and 7 more 2025-04-20 N/A
RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, V600R006C00; TE40 V500R002C00, V600R006C00; TE50 V500R002C00, V600R006C00; TE60 V100R001C10, V500R002C00, V600R006C00 have an out-of-bounds read vulnerabilities in some Huawei products. Due to insufficient input validation, a remote attacker could exploit these vulnerabilities by sending specially crafted SS7 related packets to the target devices. Successful exploit will cause out-of-bounds read and possibly crash the system.
CVE-2016-9813 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2025-04-20 N/A
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVE-2016-9810 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2025-04-20 N/A
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.
CVE-2017-11753 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
The GetImageDepth function in MagickCore/attribute.c in ImageMagick 7.0.6-4 might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted Flexible Image Transport System (FITS) file.
CVE-2016-9773 1 Imagemagick 1 Imagemagick 2025-04-20 N/A
Heap-based buffer overflow in the IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick 7.0.3.8 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted image file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9556.
CVE-2017-11731 1 Libming 1 Ming 2025-04-20 N/A
An invalid memory read vulnerability was found in the function OpCode (called from isLogicalOp and decompileIF) in util/decompile.c in Ming 0.4.8, which allows attackers to cause a denial of service via a crafted file.
CVE-2017-11722 1 Graphicsmagick 1 Graphicsmagick 2025-04-20 N/A
The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file, because the program's actual control flow was inconsistent with its indentation. This resulted in a logging statement executing outside of a loop, and consequently using an invalid array index corresponding to the loop's exit condition.
CVE-2017-11654 1 Sipcrack Project 1 Sipcrack 2025-04-20 5.9 Medium
An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 processed SIP traffic, because 0x00 termination of a payload array was mishandled. A remote attacker could potentially use this flaw to crash the sipdump process by generating specially crafted SIP traffic.
CVE-2016-9637 2 Citrix, Redhat 2 Xenserver, Enterprise Linux 2025-04-20 N/A
The (1) ioport_read and (2) ioport_write functions in Xen, when qemu is used as a device model within Xen, might allow local x86 HVM guest OS administrators to gain qemu process privileges via vectors involving an out-of-range ioport access.