Export limit exceeded: 23293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23293 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8898 | 2 Imagemagick, Redhat | 2 Imagemagick, Enterprise Linux | 2025-04-20 | N/A |
| The WriteImages function in magick/constitute.c in ImageMagick before 6.9.2-4 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image file. | ||||
| CVE-2016-5205 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferred page loads, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | ||||
| CVE-2014-5008 | 3 Debian, Redhat, Snoopy | 3 Debian Linux, Openstack, Snoopy | 2025-04-20 | N/A |
| Snoopy allows remote attackers to execute arbitrary commands. | ||||
| CVE-2016-5200 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2017-5122 | 3 Debian, Google, Redhat | 3 Debian Linux, Chrome, Rhel Extras | 2025-04-20 | N/A |
| Inappropriate use of table size handling in V8 in Google Chrome prior to 61.0.3163.100 for Windows allowed a remote attacker to trigger out-of-bounds access via a crafted HTML page. | ||||
| CVE-2017-5058 | 3 Google, Microsoft, Redhat | 3 Chrome, Windows, Rhel Extras | 2025-04-20 | N/A |
| A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 for Windows allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | ||||
| CVE-2017-3509 | 2 Oracle, Redhat | 6 Jdk, Jre, Enterprise Linux and 3 more | 2025-04-20 | N/A |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N). | ||||
| CVE-2016-5210 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||||
| CVE-2017-7502 | 2 Mozilla, Redhat | 3 Network Security Services, Container Development Kit, Enterprise Linux | 2025-04-20 | N/A |
| Null pointer dereference vulnerability in NSS since 3.24.0 was found when server receives empty SSLv2 messages resulting into denial of service by remote attacker. | ||||
| CVE-2016-1550 | 2 Ntp, Redhat | 3 Ntp, Enterprise Linux, Rhel Eus | 2025-04-20 | N/A |
| An exploitable vulnerability exists in the message authentication functionality of libntp in ntp 4.2.8p4 and NTPSec a5fb34b9cc89b92a8fef2f459004865c93bb7f92. An attacker can send a series of crafted messages to attempt to recover the message digest key. | ||||
| CVE-2017-5055 | 4 Google, Linux, Microsoft and 1 more | 4 Chrome, Linux Kernel, Windows and 1 more | 2025-04-20 | N/A |
| A use after free in printing in Google Chrome prior to 57.0.2987.133 for Linux and Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. | ||||
| CVE-2017-5043 | 6 Apple, Debian, Google and 3 more | 9 Macos, Debian Linux, Chrome and 6 more | 2025-04-20 | 8.8 High |
| Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension. | ||||
| CVE-2017-0861 | 2 Google, Redhat | 4 Android, Enterprise Linux, Rhel Eus and 1 more | 2025-04-20 | N/A |
| Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. | ||||
| CVE-2016-4459 | 1 Redhat | 4 Enterprise Linux, Jboss Core Services, Jboss Enterprise Application Platform and 1 more | 2025-04-20 | N/A |
| Stack-based buffer overflow in native/mod_manager/node.c in mod_cluster 1.2.9. | ||||
| CVE-2017-3061 | 6 Adobe, Apple, Google and 3 more | 8 Flash Player, Mac Os X, Chrome Os and 5 more | 2025-04-20 | N/A |
| Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-16648 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-20 | N/A |
| The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free. | ||||
| CVE-2017-3068 | 6 Adobe, Apple, Google and 3 more | 12 Flash Player, Flash Player Desktop Runtime, Mac Os X and 9 more | 2025-04-20 | 8.8 High |
| Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution. | ||||
| CVE-2017-5042 | 6 Apple, Debian, Google and 3 more | 10 Macos, Debian Linux, Android and 7 more | 2025-04-20 | 5.7 Medium |
| Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android sent cookies to sites discovered via SSDP, which allowed an attacker on the local network segment to initiate connections to arbitrary URLs and observe any plaintext cookies sent. | ||||
| CVE-2017-5653 | 2 Apache, Redhat | 3 Cxf, Jboss Amq, Jboss Fuse | 2025-04-20 | N/A |
| JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and 3.0.13 do not validate that the service response was signed or encrypted, which allows remote attackers to spoof servers. | ||||
| CVE-2017-5041 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward navigation, which allowed a remote attacker to display incorrect information for a site via a crafted HTML page. | ||||