Export limit exceeded: 347679 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 15541 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15541 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-12785 | 1 Noviflow | 1 Noviware | 2025-04-20 | N/A |
| The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection. | ||||
| CVE-2017-12786 | 1 Noviflow | 1 Noviware | 2025-04-20 | N/A |
| Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data. | ||||
| CVE-2017-12787 | 1 Noviflow | 1 Noviware | 2025-04-20 | N/A |
| A network interface of the novi_process_manager_daemon service, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because incoming packet data can contain embedded OS commands, and can also trigger a stack-based buffer overflow. | ||||
| CVE-2017-2797 | 1 Marklogic | 1 Marklogic | 2025-04-20 | N/A |
| An exploitable heap overflow vulnerability exists in the ParseEnvironment functionality of AntennaHouse DMC HTMLFilter as used by MarkLogic 8.0-6. | ||||
| CVE-2017-6753 | 1 Cisco | 20 Webex Event Center, Webex Meeting Center, Webex Meetings and 17 more | 2025-04-20 | N/A |
| A vulnerability in Cisco WebEx browser extensions for Google Chrome and Mozilla Firefox could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system. This vulnerability affects the browser extensions for Cisco WebEx Meetings Server, Cisco WebEx Centers (Meeting Center, Event Center, Training Center, and Support Center), and Cisco WebEx Meetings when they are running on Microsoft Windows. The vulnerability is due to a design defect in the extension. An attacker who can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability. If successful, the attacker could execute arbitrary code with the privileges of the affected browser. The following versions of the Cisco WebEx browser extensions are affected: Versions prior to 1.0.12 of the Cisco WebEx extension on Google Chrome, Versions prior to 1.0.12 of the Cisco WebEx extension on Mozilla Firefox. Cisco Bug IDs: CSCvf15012 CSCvf15020 CSCvf15030 CSCvf15033 CSCvf15036 CSCvf15037. | ||||
| CVE-2016-9844 | 1 Unzip Project | 1 Unzip | 2025-04-20 | N/A |
| Buffer overflow in the zi_short function in zipinfo.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via a large compression method value in the central directory file header. | ||||
| CVE-2017-6892 | 1 Libsndfile Project | 1 Libsndfile | 2025-04-20 | N/A |
| In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" function (aiff.c) can be exploited to cause an out-of-bounds read memory access via a specially crafted AIFF file. | ||||
| CVE-2017-9775 | 3 Debian, Freedesktop, Redhat | 9 Debian Linux, Poppler, Enterprise Linux and 6 more | 2025-04-20 | N/A |
| Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before 0.56 allows remote attackers to cause a denial of service (application crash) via a crafted PDF document. | ||||
| CVE-2017-9502 | 1 Haxx | 1 Curl | 2025-04-20 | N/A |
| In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://"). | ||||
| CVE-2017-3004 | 2 Adobe, Microsoft | 2 Photoshop Cc, Windows | 2025-04-20 | N/A |
| Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 (17.0.1) and earlier have a memory corruption vulnerability when parsing malicious PCX files. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-3017 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-20 | N/A |
| Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability when handling a malformed PDF file. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-9433 | 1 Libmwaw Project | 1 Libmwaw | 2025-04-20 | N/A |
| Document Liberation Project libmwaw before 2017-04-08 has an out-of-bounds write caused by a heap-based buffer overflow related to the MsWrd1Parser::readFootnoteCorrespondance function in lib/MsWrd1Parser.cxx. | ||||
| CVE-2017-9430 | 1 Dnstracer Project | 1 Dnstracer | 2025-04-20 | N/A |
| Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string. | ||||
| CVE-2017-9412 | 1 Lame Project | 1 Lame | 2025-04-20 | N/A |
| The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file. | ||||
| CVE-2017-9372 | 1 Digium | 2 Certified Asterisk, Open Source | 2025-04-20 | N/A |
| PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x before 14.4.1, Certified Asterisk 13.13 before 13.13-cert4, and other products, allows remote attackers to cause a denial of service (buffer overflow and application crash) via a SIP packet with a crafted CSeq header in conjunction with a Via header that lacks a branch parameter. | ||||
| CVE-2017-9351 | 1 Wireshark | 1 Wireshark | 2025-04-20 | N/A |
| In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-bootp.c by extracting the Vendor Class Identifier more carefully. | ||||
| CVE-2017-9348 | 1 Wireshark | 1 Wireshark | 2025-04-20 | N/A |
| In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end of a buffer. This was addressed in epan/dissectors/packet-dof.c by validating a size value. | ||||
| CVE-2017-8927 | 1 Cgmlarson | 1 Vizex Reader | 2025-04-20 | 7.8 High |
| Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file. | ||||
| CVE-2017-8926 | 1 Halliburton | 1 Logview Pro | 2025-04-20 | N/A |
| Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .tif file. | ||||
| CVE-2017-8893 | 1 Aeroadmin | 1 Aeroadmin | 2025-04-20 | N/A |
| AeroAdmin 4.1 uses a function to copy data between two pointers where the size of the data copied is taken directly from a network packet. This can cause a buffer overflow and denial of service. | ||||