CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2017-9228 Mem. Corr. 2017-05-24 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
2 CVE-2017-9226 Mem. Corr. 2017-05-24 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
3 CVE-2017-8775 119 Overflow Mem. Corr. 2017-05-04 2017-05-15
7.5
None Remote Low Not required Partial Partial Partial
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.
4 CVE-2017-8774 119 Overflow Mem. Corr. 2017-05-04 2017-05-15
7.5
None Remote Low Not required Partial Partial Partial
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.
5 CVE-2017-8541 Exec Code Mem. Corr. 2017-05-26 2017-05-26
0.0
None ??? ??? ??? ??? ??? ???
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540.
6 CVE-2017-8540 Exec Code Mem. Corr. 2017-05-26 2017-05-26
0.0
None ??? ??? ??? ??? ??? ???
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
7 CVE-2017-8538 Exec Code Mem. Corr. 2017-05-26 2017-05-26
0.0
None ??? ??? ??? ??? ??? ???
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541.
8 CVE-2017-8070 119 DoS Overflow Mem. Corr. 2017-04-23 2017-04-28
7.2
None Local Low Not required Complete Complete Complete
drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
9 CVE-2017-8069 119 DoS Overflow Mem. Corr. 2017-04-23 2017-04-27
7.2
None Local Low Not required Complete Complete Complete
drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
10 CVE-2017-8068 119 DoS Overflow Mem. Corr. 2017-04-23 2017-04-27
7.2
None Local Low Not required Complete Complete Complete
drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
11 CVE-2017-8067 119 DoS Overflow Mem. Corr. 2017-04-23 2017-04-27
7.2
None Local Low Not required Complete Complete Complete
drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
12 CVE-2017-8066 119 DoS Overflow Mem. Corr. 2017-04-23 2017-04-27
7.2
None Local Low Not required Complete Complete Complete
drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x before 4.10.2 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
13 CVE-2017-8065 119 DoS Overflow Mem. Corr. 2017-04-23 2017-04-27
7.2
None Local Low Not required Complete Complete Complete
crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
14 CVE-2017-8064 119 DoS Overflow Mem. Corr. 2017-04-23 2017-04-28
7.2
None Local Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x and 4.10.x before 4.10.12 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
15 CVE-2017-8062 119 DoS Overflow Mem. Corr. 2017-04-23 2017-04-27
7.2
None Local Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
16 CVE-2017-8061 119 DoS Overflow Mem. Corr. 2017-04-23 2017-04-27
7.2
None Local Low Not required Complete Complete Complete
drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x and 4.10.x before 4.10.7 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
17 CVE-2017-7967 119 Overflow Mem. Corr. 2017-05-09 2017-05-22
2.1
None Local Low Not required None None Partial
All versions of VAMPSET software produced by Schneider Electric, prior to V2.2.189, are susceptible to a memory corruption vulnerability when a corrupted vf2 file is used. This vulnerability causes the software to halt or not start when trying to open the corrupted file. This vulnerability occurs when fill settings are intentionally malformed and is opened in a standalone state, without connection to a protection relay. This attack is not considered to be remotely exploitable. This vulnerability has no effect on the operation of the protection relay to which VAMPSET is connected. As Windows operating system remains operational and VAMPSET responds, it is able to be shut down through its normal closing protocol.
18 CVE-2017-7584 119 DoS Exec Code Overflow Mem. Corr. 2017-04-07 2017-04-11
6.8
None Remote Medium Not required Partial Partial Partial
Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows an attacker to cause Denial of Service & Remote Code Execution when a victim opens a specially crafted PDF file.
19 CVE-2017-6999 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
20 CVE-2017-6998 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
21 CVE-2017-6997 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
22 CVE-2017-6996 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
23 CVE-2017-6995 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
24 CVE-2017-6994 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-24
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
25 CVE-2017-6991 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-22
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
26 CVE-2017-6989 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-22
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
27 CVE-2017-6986 DoS Mem. Corr. 2017-05-22 2017-05-22
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "iBooks" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.
28 CVE-2017-6985 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-22
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "NVIDIA Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
29 CVE-2017-6984 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-22
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. iTunes before 12.6.1 on Windows is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
30 CVE-2017-6983 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-22
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. The issue involves the "SQLite" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
31 CVE-2017-6980 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-22
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
32 CVE-2017-6978 DoS Exec Code Mem. Corr. 2017-05-22 2017-05-22
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Accessibility Framework" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
33 CVE-2017-6977 DoS Mem. Corr. 2017-05-22 2017-05-22
0.0
None ??? ??? ??? ??? ??? ???
An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the "Speech Framework" component. It allows attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app.
34 CVE-2017-6887 119 Overflow Mem. Corr. 2017-05-16 2017-05-25
6.8
None Remote Medium Not required Partial Partial Partial
A boundary error within the "parse_tiff_ifd()" function (internal/dcraw_common.cpp) in LibRaw versions before 0.18.2 can be exploited to cause a memory corruption via e.g. a specially crafted KDC file with model set to "DSLR-A100" and containing multiple sequences of 0x100 and 0x14A TAGs.
35 CVE-2017-6553 119 Overflow Mem. Corr. 2017-04-29 2017-05-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer Overflow in Quest One Identity Privilege Manager for Unix before 6.0.0.061 allows remote attackers to obtain full access to the policy server via an ACT_ALERT_EVENT request that causes memory corruption in the pmmasterd daemon.
36 CVE-2017-6435 119 DoS Overflow Mem. Corr. 2017-03-15 2017-04-13
1.9
None Local Medium Not required None None Partial
The parse_string_node function in bplist.c in libimobiledevice libplist 1.12 allows local users to cause a denial of service (memory corruption) via a crafted plist file.
37 CVE-2017-5881 119 DoS Overflow Mem. Corr. 2017-02-21 2017-02-23
6.8
None Remote Medium Not required Partial Partial Partial
GOM Player 2.3.10.5266 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted fpx file.
38 CVE-2017-5548 399 DoS Mem. Corr. 2017-02-06 2017-02-08
7.2
None Local Low Not required Complete Complete Complete
drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
39 CVE-2017-5547 399 DoS Mem. Corr. 2017-02-06 2017-02-09
7.2
None Local Low Not required Complete Complete Complete
drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
40 CVE-2017-5364 119 DoS Exec Code Overflow Mem. Corr. 2017-01-13 2017-02-02
6.8
None Remote Medium Not required Partial Partial Partial
Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an attacker to cause Denial of Service and Remote Code Execution when the victim opens the specially crafted PDF file. The Vulnerability has been fixed in v2.0.
41 CVE-2017-3074 119 Exec Code Overflow Mem. Corr. 2017-05-09 2017-05-15
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.
42 CVE-2017-3073 119 Exec Code Overflow Mem. Corr. 2017-05-09 2017-05-15
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
43 CVE-2017-3072 119 Exec Code Overflow Mem. Corr. 2017-05-09 2017-05-15
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
44 CVE-2017-3070 119 Exec Code Overflow Mem. Corr. 2017-05-09 2017-05-15
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.
45 CVE-2017-3069 119 Exec Code Overflow Mem. Corr. 2017-05-09 2017-05-15
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.
46 CVE-2017-3068 119 Exec Code Overflow Mem. Corr. 2017-05-09 2017-05-15
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
47 CVE-2017-3065 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-04-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability in the font manipulation functionality. Successful exploitation could lead to arbitrary code execution.
48 CVE-2017-3064 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-04-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.
49 CVE-2017-3061 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-04-18
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.
50 CVE-2017-3060 125 Exec Code Mem. Corr. 2017-04-12 2017-04-18
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the ActionScript2 code parser. Successful exploitation could lead to arbitrary code execution.
Total number of vulnerabilities : 4217   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.