Total
2998 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8830 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2024-08-06 | N/A |
| Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. | ||||
| CVE-2015-8778 | 7 Canonical, Debian, Fedoraproject and 4 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-08-06 | N/A |
| Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the size argument to the __hcreate_r function, which triggers out-of-bounds heap-memory access. | ||||
| CVE-2015-8751 | 1 Jasper Project | 1 Jasper | 2024-08-06 | 8.8 High |
| Integer overflow in the jas_matrix_create function in JasPer allows context-dependent attackers to have unspecified impact via a crafted JPEG 2000 image, related to integer multiplication for memory allocation. | ||||
| CVE-2015-8730 | 1 Wireshark | 1 Wireshark | 2024-08-06 | N/A |
| epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of service (invalid read operation and application crash) via a crafted packet. | ||||
| CVE-2015-8605 | 4 Canonical, Debian, Isc and 1 more | 4 Ubuntu Linux, Debian Linux, Dhcp and 1 more | 2024-08-06 | N/A |
| ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. | ||||
| CVE-2015-8651 | 9 Adobe, Apple, Google and 6 more | 23 Air, Air Sdk, Air Sdk \& Compiler and 20 more | 2024-08-06 | 8.8 High |
| Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2015-8387 | 3 Fedoraproject, Pcre, Php | 3 Fedora, Perl Compatible Regular Expression Library, Php | 2024-08-06 | 7.3 High |
| PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | ||||
| CVE-2015-8394 | 2 Pcre, Php | 2 Perl Compatible Regular Expression Library, Php | 2024-08-06 | 9.8 Critical |
| PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror. | ||||
| CVE-2015-8366 | 1 Libraw | 1 Libraw | 2024-08-06 | 9.8 Critical |
| Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. | ||||
| CVE-2015-8077 | 2 Cyrus, Opensuse | 3 Imap, Leap, Opensuse | 2024-08-06 | N/A |
| Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. | ||||
| CVE-2015-8080 | 4 Debian, Opensuse, Redhat and 1 more | 6 Debian Linux, Leap, Opensuse and 3 more | 2024-08-06 | 7.5 High |
| Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | ||||
| CVE-2015-8078 | 2 Cyrus, Opensuse | 3 Imap, Leap, Opensuse | 2024-08-06 | N/A |
| Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076. | ||||
| CVE-2015-8041 | 2 Opensuse, W1.fi | 3 Opensuse, Hostapd, Wpa Supplicant | 2024-08-06 | N/A |
| Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read. | ||||
| CVE-2015-7848 | 1 Ntp | 1 Ntp-dev | 2024-08-06 | N/A |
| An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. | ||||
| CVE-2015-7599 | 1 Windriver | 1 Vxworks | 2024-08-06 | N/A |
| Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a username and password. | ||||
| CVE-2015-6781 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
| Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted offset or length value within font data in an SFNT container. | ||||
| CVE-2015-6525 | 2 Debian, Libevent Project | 2 Debian Linux, Libevent | 2024-08-06 | N/A |
| Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. | ||||
| CVE-2015-6243 | 3 Oracle, Redhat, Wireshark | 4 Linux, Solaris, Enterprise Linux and 1 more | 2024-08-06 | N/A |
| The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. | ||||
| CVE-2015-5707 | 4 Canonical, Debian, Linux and 1 more | 5 Ubuntu Linux, Debian Linux, Linux Kernel and 2 more | 2024-08-06 | N/A |
| Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. | ||||
| CVE-2015-5343 | 2 Apache, Debian | 2 Subversion, Debian Linux | 2024-08-06 | N/A |
| Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server crash or memory consumption) and possibly execute arbitrary code via a skel-encoded request body, which triggers an out-of-bounds read and heap-based buffer overflow. | ||||