Search Results (16009 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9636 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2025-04-12 N/A
unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression.
CVE-2016-4589 1 Apple 4 Iphone Os, Safari, Tvos and 1 more 2025-04-12 N/A
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.
CVE-2016-1959 1 Mozilla 1 Firefox 2025-04-12 N/A
The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via unspecified use of the Clients API.
CVE-2016-1963 1 Mozilla 1 Firefox 2025-04-12 N/A
The FileReader class in Mozilla Firefox before 45.0 allows local users to gain privileges or cause a denial of service (memory corruption) by changing a file during a FileReader API read operation.
CVE-2014-7947 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, pi.c, t1.c, t2.c, and tcd.c.
CVE-2015-6056 1 Microsoft 3 Internet Explorer, Jscript, Vbscript 2025-04-12 N/A
The (1) JScript and (2) VBScript engines in Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
CVE-2015-8098 1 F5 1 Big-ip Access Policy Manager 2025-04-12 N/A
F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors related to processing a Citrix Remote Desktop connection through a virtual server configured with a remote desktop profile, aka an "Out-of-bounds memory vulnerability."
CVE-2014-9316 1 Ffmpeg 1 Ffmpeg 2025-04-12 N/A
The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.1.6, 2.2.x through 2.3.x, and 2.4.x before 2.4.4 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file.
CVE-2014-1269 1 Apple 4 Mac Os X, Mac Os X Server, Safari and 1 more 2025-04-12 N/A
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.
CVE-2016-7425 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-12 7.8 High
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.
CVE-2016-1861 1 Apple 1 Mac Os X 2025-04-12 N/A
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
CVE-2013-6691 1 Cisco 1 Adaptive Security Appliance Software 2025-04-12 N/A
The WebVPN CIFS implementation in Cisco Adaptive Security Appliance (ASA) Software 9.0(.4.1) and earlier allows remote CIFS servers to cause a denial of service (device reload) via a long share list, aka Bug ID CSCuj83344.
CVE-2016-3977 2 Giflib Project, Opensuse 2 Giflib, Opensuse 2025-04-12 N/A
Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
CVE-2016-4631 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 N/A
ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.
CVE-2015-1547 3 Debian, Libtiff, Redhat 3 Debian Linux, Libtiff, Enterprise Linux 2025-04-12 N/A
The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif.
CVE-2015-1712 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1691.
CVE-2014-3452 1 Codecguide 1 K-lite Codec Pack 2025-04-12 N/A
Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .jpg file.
CVE-2014-3434 1 Symantec 1 Endpoint Protection 2025-04-12 N/A
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbitrary code via a long argument to a 0x00222084 IOCTL call.
CVE-2015-8874 3 Opensuse, Php, Redhat 3 Leap, Php, Rhel Software Collections 2025-04-12 N/A
Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call.
CVE-2016-3389 1 Microsoft 1 Edge 2025-04-12 N/A
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-7190, and CVE-2016-7194.