Search Results (46122 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-8933 3 Canonical, Libarchive, Suse 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more 2025-04-12 N/A
Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.
CVE-2015-7083 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 N/A
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084.
CVE-2015-5477 2 Isc, Redhat 4 Bind, Enterprise Linux, Rhel Aus and 1 more 2025-04-12 N/A
named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via TKEY queries.
CVE-2016-6525 2 Artifex, Debian 2 Mupdf, Debian Linux 2025-04-12 N/A
Heap-based buffer overflow in the pdf_load_mesh_params function in pdf/pdf-shade.c in MuPDF allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a large decode array.
CVE-2014-0133 2 F5, Opensuse 2 Nginx, Opensuse 2025-04-12 N/A
Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request.
CVE-2015-7183 2 Mozilla, Redhat 6 Firefox, Network Security Services, Enterprise Linux and 3 more 2025-04-12 N/A
Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors.
CVE-2016-6132 3 Debian, Libgd, Opensuse 3 Debian Linux, Libgd, Leap 2025-04-12 N/A
The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka libgd) before 2.2.3 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TGA file.
CVE-2015-7499 7 Apple, Canonical, Debian and 4 more 17 Iphone Os, Mac Os X, Tvos and 14 more 2025-04-12 N/A
Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive process memory information via unspecified vectors.
CVE-2016-2838 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.
CVE-2015-4469 1 Libmspack Project 1 Libmspack 2025-04-12 N/A
The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CHM file.
CVE-2015-8947 2 Harfbuzz Project, Redhat 2 Harfbuzz, Rhel Extras 2025-04-12 N/A
hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.
CVE-2015-7084 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 N/A
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083.
CVE-2015-7106 1 Apple 1 Mac Os X 2025-04-12 N/A
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
CVE-2015-8416 6 Adobe, Apple, Google and 3 more 10 Air, Air Sdk, Air Sdk \& Compiler and 7 more 2025-04-12 N/A
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455.
CVE-2012-5876 1 Nero 1 Mediahome 2025-04-12 N/A
Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow.
CVE-2014-0209 3 Canonical, Redhat, X 3 Ubuntu Linux, Enterprise Linux, Libxfont 2025-04-12 N/A
Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata.
CVE-2014-0210 3 Canonical, Redhat, X 3 Ubuntu Linux, Enterprise Linux, Libxfont 2025-04-12 N/A
Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function.
CVE-2014-0211 3 Canonical, Redhat, X 3 Ubuntu Linux, Enterprise Linux, Libxfont 2025-04-12 N/A
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
CVE-2012-6619 2 Mongodb, Redhat 5 Mongodb, Enterprise Mrg, Openstack and 2 more 2025-04-12 N/A
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read.
CVE-2014-0226 4 Apache, Debian, Oracle and 1 more 9 Http Server, Debian Linux, Enterprise Manager Ops Center and 6 more 2025-04-12 N/A
Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.