Export limit exceeded: 26216 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47019 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 19631 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 23499 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 23499 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (23499 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-5042 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 5.7 Medium
Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent.
CVE-2017-5038 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Chrome and 6 more 2025-04-20 6.3 Medium
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
CVE-2017-5036 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 7.8 High
A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file.
CVE-2017-10784 2 Redhat, Ruby-lang 3 Enterprise Linux, Rhel Software Collections, Ruby 2025-04-20 N/A
The Basic authentication code in WEBrick library in Ruby before 2.2.8, 2.3.x before 2.3.5, and 2.4.x through 2.4.1 allows remote attackers to inject terminal emulator escape sequences into its log and possibly execute arbitrary commands via a crafted user name.
CVE-2017-3544 4 Debian, Google, Oracle and 1 more 17 Debian Linux, Android, Jdk and 14 more 2025-04-20 N/A
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SMTP to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS 3.0 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2017-3003 6 Adobe, Apple, Google and 3 more 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more 2025-04-20 8.8 High
Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable use after free vulnerability related to an interaction between the privacy user interface and the ActionScript 2 Camera object. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2995 6 Adobe, Apple, Google and 3 more 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more 2025-04-20 8.8 High
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable type confusion vulnerability related to the MessageChannel class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2934 6 Adobe, Apple, Google and 3 more 8 Flash Player, Mac Os X, Chrome Os and 5 more 2025-04-20 8.8 High
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2926 6 Adobe, Apple, Google and 3 more 8 Flash Player, Mac Os X, Chrome Os and 5 more 2025-04-20 8.8 High
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to processing of atoms in MP4 files. Successful exploitation could lead to arbitrary code execution.
CVE-2015-7529 3 Canonical, Redhat, Sos Project 9 Ubuntu Linux, Enterprise Linux, Enterprise Linux Desktop and 6 more 2025-04-20 7.8 High
sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by sosreport-$hostname-$date.tar in /tmp/sosreport-$hostname-$date.
CVE-2015-7703 5 Debian, Netapp, Ntp and 2 more 14 Debian Linux, Clustered Data Ontap, Data Ontap and 11 more 2025-04-20 7.5 High
The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, when ntpd is configured to allow remote configuration, allows remote attackers with an IP address that is allowed to send configuration requests, and with knowledge of the remote configuration password to write to arbitrary files via the :config command.
CVE-2017-0898 2 Redhat, Ruby-lang 3 Enterprise Linux, Rhel Software Collections, Ruby 2025-04-20 N/A
Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious format string which contains a precious specifier (*) with a huge minus value. Such situation can lead to a buffer overrun, resulting in a heap memory corruption or an information disclosure from the heap.
CVE-2017-3075 6 Adobe, Apple, Google and 3 more 8 Flash Player, Mac Os X, Chrome Os and 5 more 2025-04-20 N/A
Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable use after free vulnerability when manipulating the ActionsScript 2 XML class. Successful exploitation could lead to arbitrary code execution.
CVE-2016-0634 2 Gnu, Redhat 2 Bash, Enterprise Linux 2025-04-20 N/A
The expansion of '\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.
CVE-2017-5009 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, failed to perform proper bounds checking, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2017-5017 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-20 N/A
Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac insufficiently cleared video memory, which allowed a remote attacker to possibly extract image fragments on systems with GeForce 8600M graphics chips via a crafted HTML page.
CVE-2016-7940 2 Redhat, Tcpdump 2 Enterprise Linux, Tcpdump 2025-04-20 N/A
The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.
CVE-2016-8883 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-9392 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-9807 2 Gstreamer, Redhat 2 Gstreamer, Enterprise Linux 2025-04-20 N/A
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.