Vulnerabilities (CVE)

Filtered by CWE-787
Total 10918 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-9634 1 Mitsubishielectric 1 E-designer 2024-11-21 10.0 HIGH 9.8 CRITICAL
Mitsubishi E-Designer, Version 7.52 Build 344 contains two code sections which may be exploited to allow an attacker to overwrite arbitrary memory locations. This can result in arbitrary code execution, compromised data integrity, denial of service, and system crash.
CVE-2017-9544 1 Echatserver 1 Easy Chat Server 2024-11-21 7.5 HIGH 9.8 CRITICAL
There is a remote stack-based buffer overflow (SEH) in register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1. By sending an overly long username string to registresult.htm for registering the user, an attacker may be able to execute arbitrary code.
CVE-2017-9445 1 Systemd Project 1 Systemd 2024-11-21 5.0 MEDIUM 7.5 HIGH
In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.
CVE-2017-9432 1 Libstaroffice Project 1 Libstaroffice 2024-11-21 7.5 HIGH 9.8 CRITICAL
Document Liberation Project libstaroffice before 2017-04-07 has an out-of-bounds write caused by a stack-based buffer overflow related to the DatabaseName::read function in lib/StarWriterStruct.cxx.
CVE-2017-9431 1 Grpc 1 Grpc 2024-11-21 7.5 HIGH 9.8 CRITICAL
Google gRPC before 2017-04-05 has an out-of-bounds write caused by a heap-based buffer overflow related to core/lib/iomgr/error.c.
CVE-2017-9228 2 Oniguruma Project, Php 2 Oniguruma, Php 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it's used as an index, resulting in an out-of-bounds write memory corruption.
CVE-2017-9226 2 Oniguruma Project, Php 2 Oniguruma, Php 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption.
CVE-2017-9225 3 Oniguruma Project, Php, Ruby-lang 3 Oniguruma, Php, Ruby 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.
CVE-2017-9203 1 Entropymine 1 Imageworsener 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 allows remote attackers to cause a denial of service (buffer underflow) via a crafted image, related to imagew-bmp.c.
CVE-2017-9181 1 Autotrace Project 1 Autotrace 2024-11-21 5.0 MEDIUM 7.5 HIGH
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c.
CVE-2017-9178 1 Autotrace Project 1 Autotrace 2024-11-21 5.0 MEDIUM 7.5 HIGH
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:421:11.
CVE-2017-9176 1 Autotrace Project 1 Autotrace 2024-11-21 5.0 MEDIUM 7.5 HIGH
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:370:25.
CVE-2017-9175 1 Autotrace Project 1 Autotrace 2024-11-21 5.0 MEDIUM 7.5 HIGH
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the ReadImage function in input-bmp.c:353:25.
CVE-2017-9159 1 Autotrace Project 1 Autotrace 2024-11-21 5.0 MEDIUM 7.5 HIGH
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_rawpbm function in input-pnm.c:391:15.
CVE-2017-9158 1 Autotrace Project 1 Autotrace 2024-11-21 5.0 MEDIUM 7.5 HIGH
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_raw function in input-pnm.c:336:11.
CVE-2017-9157 1 Autotrace Project 1 Autotrace 2024-11-21 5.0 MEDIUM 7.5 HIGH
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:306:14.
CVE-2017-9156 1 Autotrace Project 1 Autotrace 2024-11-21 5.0 MEDIUM 7.5 HIGH
libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a denial of service (invalid write and SEGV), related to the pnm_load_ascii function in input-pnm.c:303:12.
CVE-2017-8923 1 Php 1 Php 2024-11-21 7.5 HIGH 9.8 CRITICAL
The zend_string_extend function in Zend/zend_string.h in PHP through 7.1.5 does not prevent changes to string objects that result in a negative length, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging a script's use of .= with a long string.
CVE-2017-8775 1 Quickheal 3 Antivirus Pro, Internet Security, Total Security 2024-11-21 7.5 HIGH 9.8 CRITICAL
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.
CVE-2017-8774 1 Quickheal 3 Antivirus Pro, Internet Security, Total Security 2024-11-21 7.5 HIGH 9.8 CRITICAL
Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security 10.1.0.316, and Quick Heal AntiVirus Pro 10.1.0.316 are vulnerable to Memory Corruption while parsing a malformed Mach-O file.