Total
11965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-2545 | 1 Apple | 1 Mac Os X | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "IOGraphics" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-3094 | 1 Adobe | 1 Digital Editions | 2017-07-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the PDF processing engine. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-6986 | 1 Apple | 1 Mac Os X | 2017-07-08 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2015-9025 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application. | |||||
| CVE-2017-9502 | 1 Haxx | 1 Curl | 2017-07-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://"). | |||||
| CVE-2017-6991 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-07-08 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2017-2526 | 1 Apple | 2 Iphone Os, Safari | 2017-07-08 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||||
| CVE-2017-3093 | 1 Adobe | 1 Digital Editions | 2017-07-08 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Digital Editions versions 4.5.4 and earlier have an exploitable memory corruption vulnerability in the bitmap representation module. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2017-2543 | 1 Apple | 1 Mac Os X | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Multi-Touch" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-2548 | 1 Apple | 1 Mac Os X | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "WindowServer" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||||
| CVE-2017-0254 | 1 Microsoft | 7 Office, Office Compatibility Pack, Office Web Apps and 4 more | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Office for Mac 2011, Office for Mac 2016, Microsoft Office Web Apps 2010 SP2, Office Web Apps Server 2013 SP1, Word 2013 RT SP1, Word 2013 SP1, Word Automation Services on Microsoft SharePoint Server 2013 SP1, Office Word Viewer, SharePoint Enterprise Server 2016, and Word 2016 allow a remote code execution vulnerability when the software fails to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-0264 and CVE-2017-0265. | |||||
| CVE-2016-10340 | 1 Google | 1 Android | 2017-07-08 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, an integer underflow leading to buffer overflow vulnerability exists in a syscall handler. | |||||
| CVE-2017-10725 | 1 Winamp | 1 Winamp | 2017-07-07 | 4.4 MEDIUM | 7.3 HIGH |
| Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code or cause a denial of service via a crafted .flv file, related to "Data from Faulting Address controls Code Flow starting at in_flv!winampGetInModule2+0x00000000000009a8." | |||||
| CVE-2017-10706 | 1 Antiy | 1 Antivirus Engine | 2017-07-07 | 2.1 LOW | 6.2 MEDIUM |
| When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP archive, it crashes with a stack-based buffer overflow because a fixed path length is used. | |||||
| CVE-2017-8893 | 1 Aeroadmin | 1 Aeroadmin | 2017-07-07 | 5.0 MEDIUM | 7.5 HIGH |
| AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service. | |||||
| CVE-2017-1105 | 3 Ibm, Linux, Microsoft | 8 Data Server Client, Data Server Driver For Odbc And Cli, Data Server Driver Package and 5 more | 2017-07-07 | 3.6 LOW | 7.1 HIGH |
| IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a buffer overflow that could allow a local user to overwrite DB2 files or cause a denial of service. IBM X-Force ID: 120668. | |||||
| CVE-2017-1310 | 1 Ibm | 1 Informix Dynamic Server | 2017-07-07 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Informix Dynamic Server 12.1 could allow an authenticated user to cause a buffer overflow that would write large assertion fail files to the server. Done enough times, this could use large parts of the file system and cause the server to crash. IBM X-Force ID: 125569. | |||||
| CVE-2017-1000377 | 1 Linux | 1 Linux Kernel | 2017-07-05 | 4.6 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time). | |||||
| CVE-2017-9763 | 1 Radare | 1 Radare2 | 2017-07-05 | 5.0 MEDIUM | 7.5 HIGH |
| The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before 2013-11-12, as used in shlr/grub/fs/ext2.c in radare2 1.5.0, allows remote attackers to cause a denial of service (excessive stack use and application crash) via a crafted binary file, related to use of a variable-size stack array. | |||||
| CVE-2017-9990 | 1 Ffmpeg | 1 Ffmpeg | 2017-07-05 | 6.8 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the color_string_to_rgba function in libavcodec/xpmdec.c in FFmpeg 3.3 before 3.3.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted file. | |||||