Search Results (1935 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-0764 1 Redhat 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more 2025-04-20 6.2 Medium
Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.
CVE-2017-5109 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Chrome and 6 more 2025-04-20 4.3 Medium
Inappropriate implementation of unload handler handling in permission prompts in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to display UI on a non attacker controlled tab via a crafted HTML page.
CVE-2017-5204 3 Debian, Redhat, Tcpdump 9 Debian Linux, Enterprise Linux, Enterprise Linux Desktop and 6 more 2025-04-20 N/A
The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().
CVE-2017-5101 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Chrome and 6 more 2025-04-20 6.5 Medium
Inappropriate implementation in Omnibox in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to spoof the contents of the Omnibox via a crafted HTML page.
CVE-2017-5103 6 Apple, Debian, Google and 3 more 9 Macos, Debian Linux, Chrome and 6 more 2025-04-20 4.3 Medium
Use of an uninitialized value in Skia in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
CVE-2017-11282 6 Adobe, Apple, Google and 3 more 11 Flash Player, Macos, Chrome Os and 8 more 2025-04-20 N/A
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
CVE-2016-0762 6 Apache, Canonical, Debian and 3 more 16 Tomcat, Ubuntu Linux, Debian Linux and 13 more 2025-04-20 5.9 Medium
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
CVE-2017-5093 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 6.5 Medium
Inappropriate implementation in modal dialog handling in Blink in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to prevent a full screen warning from being displayed via a crafted HTML page.
CVE-2017-5105 6 Apple, Debian, Google and 3 more 10 Macos, Debian Linux, Android and 7 more 2025-04-20 6.5 Medium
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-11225 6 Adobe, Apple, Google and 3 more 11 Flash Player, Macos, Chrome Os and 8 more 2025-04-20 N/A
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
CVE-2017-11215 6 Adobe, Apple, Google and 3 more 11 Flash Player, Macos, Chrome Os and 8 more 2025-04-20 N/A
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
CVE-2017-11213 6 Adobe, Apple, Google and 3 more 11 Flash Player, Macos, Chrome Os and 8 more 2025-04-20 N/A
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability occurs as a result of a computation that reads data that is past the end of the target buffer due to an integer overflow; the computation is part of the abstraction that creates an arbitrarily sized transparent or opaque bitmap image. The use of an invalid (out-of-range) pointer offset during access of internal data structure fields causes the vulnerability. A successful attack can lead to sensitive data exposure.
CVE-2017-5088 5 Apple, Google, Linux and 2 more 9 Macos, Android, Chrome and 6 more 2025-04-20 8.8 High
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform out of bounds memory access via a crafted HTML page.
CVE-2017-5089 3 Apple, Google, Redhat 6 Macos, Chrome, Enterprise Linux Desktop and 3 more 2025-04-20 6.5 Medium
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.104 for Mac allowed a remote attacker to perform domain spoofing via a crafted domain name.
CVE-2017-5107 5 Apple, Google, Linux and 2 more 8 Macos, Chrome, Linux Kernel and 5 more 2025-04-20 5.3 Medium
A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a crafted HTML page.
CVE-2017-7980 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2025-04-20 N/A
Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick Emulator (Qemu) 2.8 and earlier allows local guest OS users to execute arbitrary code or cause a denial of service (crash) via vectors related to a VNC client updating its display after a VGA operation.
CVE-2017-5078 5 Apple, Google, Linux and 2 more 8 Macos, Chrome, Linux Kernel and 5 more 2025-04-20 8.8 High
Insufficient validation of untrusted input in Blink's mailto: handling in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac allowed a remote attacker to perform command injection via a crafted HTML page, a similar issue to CVE-2004-0121. For example, characters such as * have an incorrect interaction with xdg-email in xdg-utils, and a space character can be used in front of a command-line argument.
CVE-2017-12613 3 Apache, Debian, Redhat 17 Portable Runtime, Debian Linux, Enterprise Linux and 14 more 2025-04-20 7.1 High
When apr_time_exp*() or apr_os_exp_time*() functions are invoked with an invalid month field value in Apache Portable Runtime APR 1.6.2 and prior, out of bounds memory may be accessed in converting this value to an apr_time_exp_t value, potentially revealing the contents of a different static heap value or resulting in program termination, and may represent an information disclosure or denial of service vulnerability to applications which call these APR functions with unvalidated external input.
CVE-2017-5076 5 Apple, Google, Linux and 2 more 9 Macos, Android, Chrome and 6 more 2025-04-20 6.5 Medium
Insufficient Policy Enforcement in Omnibox in Google Chrome prior to 59.0.3071.86 for Mac, Windows, and Linux, and 59.0.3071.92 for Android, allowed a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name.
CVE-2017-5071 5 Apple, Google, Linux and 2 more 9 Macos, Android, Chrome and 6 more 2025-04-20 6.3 Medium
Insufficient validation of untrusted input in V8 in Google Chrome prior to 59.0.3071.86 for Linux, Windows and Mac, and 59.0.3071.92 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.