Search Results (46077 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6274 1 Cisco 2 Asr 1000, Asr 1000 Series Software 2025-04-12 N/A
The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassembly, aka Bug ID CSCuv71273.
CVE-2015-8370 3 Fedoraproject, Gnu, Redhat 3 Fedora, Grub2, Enterprise Linux 2025-04-12 7.4 High
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.
CVE-2014-7825 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-12 7.8 High
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.
CVE-2015-8364 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2025-04-12 N/A
Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.
CVE-2015-1334 1 Linuxcontainers 1 Lxc 2025-04-12 N/A
attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1) AppArmor profile or (2) SELinux label.
CVE-2014-1254 1 Apple 1 Mac Os X 2025-04-12 N/A
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in a document.
CVE-2015-1345 3 Gnu, Opensuse, Redhat 3 Grep, Opensuse, Enterprise Linux 2025-04-12 N/A
The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option.
CVE-2015-1361 1 Google 1 Chrome 2025-04-12 N/A
platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which might allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted HTML document, a different vulnerability than CVE-2015-1205.
CVE-2015-7441 1 Ibm 2 Business Process Manager, Websphere Process Server 2025-04-12 N/A
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
CVE-2015-8346 2 Debian, Redmine 2 Debian Linux, Redmine 2025-04-12 N/A
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.
CVE-2014-8106 2 Qemu, Redhat 3 Qemu, Enterprise Linux, Openstack 2025-04-12 N/A
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
CVE-2015-1782 4 Debian, Fedoraproject, Libssh2 and 1 more 4 Debian Linux, Fedora, Libssh2 and 1 more 2025-04-12 N/A
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.
CVE-2015-1781 5 Canonical, Debian, Gnu and 2 more 8 Ubuntu Linux, Debian Linux, Glibc and 5 more 2025-04-12 N/A
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
CVE-2015-1362 1 Two Pilots 1 Exif Pilot 2025-04-12 N/A
Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file.
CVE-2015-8277 1 Flexerasoftware 1 Flexnet Publisher 2025-04-12 N/A
Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with opcode (a) 0x107 or (b) 0x10a.
CVE-2015-1774 6 Apache, Canonical, Debian and 3 more 9 Openoffice, Ubuntu Linux, Debian Linux and 6 more 2025-04-12 N/A
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.
CVE-2015-1760 1 Microsoft 2 Office, Office Compatibility Pack 2025-04-12 N/A
Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2014-7840 2 Qemu, Redhat 8 Qemu, Enterprise Linux, Enterprise Linux Desktop and 5 more 2025-04-12 N/A
The host_from_stream_offset function in arch_init.c in QEMU, when loading RAM during migration, allows remote attackers to execute arbitrary code via a crafted (1) offset or (2) length value in savevm data.
CVE-2015-1382 3 Debian, Opensuse, Privoxy 3 Debian Linux, Opensuse, Privoxy 2025-04-12 N/A
parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header.
CVE-2016-8670 2 Libgd, Php 2 Libgd, Php 2025-04-12 N/A
Integer signedness error in the dynamicGetbuf function in gd_io_dp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a crafted imagecreatefromstring call.