Search Results (4896 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-9427 3 Bdwgc Project, Debian, Opensuse 4 Bdwgc, Debian Linux, Leap and 1 more 2025-04-12 9.8 Critical
Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation.
CVE-2016-2177 4 Hp, Openssl, Oracle and 1 more 9 Icewall Mcrp, Icewall Sso, Icewall Sso Agent Option and 6 more 2025-04-12 N/A
OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for heap-buffer boundary checks, which might allow remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact by leveraging unexpected malloc behavior, related to s3_srvr.c, ssl_sess.c, and t1_lib.c.
CVE-2014-8240 2 Redhat, Tigervnc 2 Enterprise Linux, Tigervnc 2025-04-12 N/A
Integer overflow in TigerVNC allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to screen size handling, which triggers a heap-based buffer overflow, a similar issue to CVE-2014-6051.
CVE-2014-5119 3 Debian, Gnu, Redhat 5 Debian Linux, Glibc, Enterprise Linux and 2 more 2025-04-12 N/A
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
CVE-2016-7117 4 Canonical, Debian, Linux and 1 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2025-04-12 9.8 Critical
Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.
CVE-2014-9034 1 Wordpress 1 Wordpress 2025-04-12 N/A
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.
CVE-2016-6302 3 Openssl, Oracle, Redhat 5 Openssl, Linux, Solaris and 2 more 2025-04-12 N/A
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
CVE-2016-7945 2 Fedoraproject, X.org 2 Fedora, Libxi 2025-04-12 N/A
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.
CVE-2016-5766 6 Debian, Fedoraproject, Freebsd and 3 more 8 Debian Linux, Fedora, Freebsd and 5 more 2025-04-12 N/A
Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) before 2.2.3, as used in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via crafted chunk dimensions in an image.
CVE-2013-7437 1 Icoasoft 1 Potrace 2025-04-12 N/A
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.
CVE-2016-7944 2 Fedoraproject, X.org 2 Fedora, Libxfixes 2025-04-12 N/A
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
CVE-2016-3171 3 Debian, Drupal, Php 3 Debian Linux, Drupal, Php 2025-04-12 N/A
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
CVE-2014-8817 1 Apple 1 Mac Os X 2025-04-12 N/A
coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 does not verify that expected data types are present in XPC messages, which allows attackers to execute arbitrary code in a privileged context via a crafted app, as demonstrated by lack of verification of xpc_dictionary_get_value API return values during handling of a (1) match_mmap_archives, (2) delete_mmap_archives, (3) write_mmap_archive, or (4) read_mmap_archive command.
CVE-2014-8822 1 Apple 1 Mac Os X 2025-04-12 N/A
IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute arbitrary code in a kernel context or cause a denial of service (write to kernel memory) via a crafted app that calls an unspecified user-client method.
CVE-2014-8826 1 Apple 1 Mac Os X 2025-04-12 N/A
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive.
CVE-2014-9029 2 Jasper Project, Redhat 3 Jasper, Enterprise Linux, Rhev Manager 2025-04-12 N/A
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
CVE-2014-9087 4 Canonical, Debian, Gnupg and 1 more 5 Ubuntu Linux, Debian Linux, Gnupg and 2 more 2025-04-12 N/A
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or (2) ECC based OpenPGP data, which triggers a buffer overflow.
CVE-2015-8339 1 Xen 1 Xen 2025-04-12 N/A
The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host crash) via unspecified vectors related to domain teardown.
CVE-2015-8346 2 Debian, Redmine 2 Debian Linux, Redmine 2025-04-12 N/A
app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the time logging form.
CVE-2015-8370 3 Fedoraproject, Gnu, Redhat 3 Fedora, Grub2, Enterprise Linux 2025-04-12 7.4 High
Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via backspace characters in the (1) grub_username_get function in grub-core/normal/auth.c or the (2) grub_password_get function in lib/crypto.c, which trigger an "Off-by-two" or "Out of bounds overwrite" memory error.