The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.
Max CVSS
8.0
EPSS Score
0.79%
Published
2017-09-12
Updated
2023-01-19
Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request.
Max CVSS
9.8
EPSS Score
77.32%
Published
2017-11-27
Updated
2022-08-16
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
Max CVSS
9.8
EPSS Score
33.26%
Published
2017-10-04
Updated
2022-04-22
Adobe Flash Player has an exploitable memory corruption vulnerability in the MP4 atom parser. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
Max CVSS
9.8
EPSS Score
11.59%
Published
2017-12-01
Updated
2021-09-08
Adobe Flash Player has an exploitable memory corruption vulnerability in the text handling function. Successful exploitation could lead to arbitrary code execution. This affects 26.0.0.151 and earlier.
Max CVSS
9.8
EPSS Score
9.78%
Published
2017-12-01
Updated
2021-09-08
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK metadata functionality. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
Max CVSS
10.0
EPSS Score
1.49%
Published
2017-12-09
Updated
2021-09-08
An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the Primetime SDK. The mismatch between an old and a new object can provide an attacker with unintended memory access -- potentially leading to code corruption, control-flow hijack, or an information leak attack. Successful exploitation could lead to arbitrary code execution.
Max CVSS
10.0
EPSS Score
1.49%
Published
2017-12-09
Updated
2021-09-08
Integer overflow in the wrestool program in icoutils before 0.31.1 allows remote attackers to cause a denial of service (memory corruption) via a crafted executable, which triggers a denial of service (application crash) or the possibility of execution of arbitrary code.
Max CVSS
8.8
EPSS Score
2.84%
Published
2017-08-22
Updated
2019-03-20
Inappropriate use of partition alloc in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
Max CVSS
8.8
EPSS Score
1.48%
Published
2017-10-27
Updated
2022-04-06
Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and Linux, and 61.0.3163.81 for Android, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.04%
Published
2017-10-27
Updated
2022-04-06
A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.
Max CVSS
8.8
EPSS Score
1.58%
Published
2017-10-27
Updated
2022-04-06
A use after free in Apps in Google Chrome prior to 60.0.3112.78 for Windows allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.22%
Published
2017-10-27
Updated
2022-04-08
A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.22%
Published
2017-10-27
Updated
2022-04-08
Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.
Max CVSS
8.8
EPSS Score
1.57%
Published
2017-10-27
Updated
2022-04-08
A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 for Linux, Android, Windows, and Mac allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.22%
Published
2017-10-27
Updated
2022-04-06
A use after free in Blink in Google Chrome prior to 59.0.3071.104 for Mac, Windows, and Linux, and 59.0.3071.117 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page, aka an IndexedDB sandbox escape.
Max CVSS
8.8
EPSS Score
1.60%
Published
2017-10-27
Updated
2022-04-06
Use after free in print preview in Blink in Google Chrome prior to 59.0.3071.86 for Linux, Windows, and Mac, and 59.0.3071.92 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Max CVSS
8.8
EPSS Score
1.55%
Published
2017-10-27
Updated
2022-04-06
A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 for Mac, Windows, and Linux, and 58.0.3029.83 for Android, allowed a remote attacker to potentially perform out of bounds memory access via a crafted Chrome extension.
Max CVSS
8.8
EPSS Score
1.20%
Published
2017-10-27
Updated
2022-04-08
A use after free in Blink in Google Chrome prior to 57.0.2987.133 for Linux, Windows, and Mac, and 57.0.2987.132 for Android, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
Max CVSS
8.8
EPSS Score
1.55%
Published
2017-10-27
Updated
2022-04-11
An incorrect assumption about block structure in Blink in Google Chrome prior to 57.0.2987.133 for Mac, Windows, and Linux, and 57.0.2987.132 for Android, allowed a remote attacker to potentially exploit memory corruption via a crafted HTML page that triggers improper casting.
Max CVSS
8.8
EPSS Score
0.83%
Published
2017-10-27
Updated
2022-04-11
Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, and Mac had a use after free bug in GuestView, which allowed a remote attacker to perform an out of bounds memory read via a crafted Chrome extension.
Max CVSS
8.8
EPSS Score
1.72%
Published
2017-04-24
Updated
2022-04-22
The xsltAddTextString function in transform.c in libxslt 1.1.29, as used in Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android, lacked a check for integer overflow during a size calculation, which allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Max CVSS
8.8
EPSS Score
2.04%
Published
2017-04-24
Updated
2022-04-22
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.
Max CVSS
9.3
EPSS Score
1.40%
Published
2017-05-09
Updated
2023-01-30
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
Max CVSS
9.3
EPSS Score
1.03%
Published
2017-05-09
Updated
2023-01-30
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
Max CVSS
9.3
EPSS Score
1.40%
Published
2017-05-09
Updated
2023-01-27
31 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!