Search Results (23548 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1977 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
CVE-2016-2790 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.
CVE-2016-2792 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2800.
CVE-2016-3521 6 Canonical, Debian, Ibm and 3 more 8 Ubuntu Linux, Debian Linux, Powerkvm and 5 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
CVE-2016-2793 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-3614 3 Canonical, Oracle, Redhat 3 Ubuntu Linux, Mysql, Rhel Software Collections 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.
CVE-2016-2795 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The graphite2::FileFace::get_table_fn function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, does not initialize memory for an unspecified data structure, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted Graphite smart font.
CVE-2016-2796 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2798 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2799 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2801 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.
CVE-2016-2802 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2847 3 Linux, Novell, Redhat 12 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 9 more 2025-04-12 N/A
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
CVE-2016-3156 4 Canonical, Linux, Novell and 1 more 12 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 9 more 2025-04-12 N/A
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.
CVE-2016-3841 3 Google, Linux, Redhat 5 Android, Linux Kernel, Enterprise Linux and 2 more 2025-04-12 7.3 High
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
CVE-2016-4578 5 Canonical, Debian, Linux and 2 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2025-04-12 N/A
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
CVE-2016-3990 3 Libtiff, Oracle, Redhat 3 Libtiff, Vm Server, Enterprise Linux 2025-04-12 N/A
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
CVE-2016-4302 2 Libarchive, Redhat 9 Libarchive, Enterprise Linux, Enterprise Linux Desktop and 6 more 2025-04-12 N/A
Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.
CVE-2016-5626 3 Mariadb, Oracle, Redhat 8 Mariadb, Mysql, Enterprise Linux and 5 more 2025-04-12 6.5 Medium
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.
CVE-2016-5629 3 Mariadb, Oracle, Redhat 10 Mariadb, Mysql, Enterprise Linux and 7 more 2025-04-12 4.9 Medium
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.