Export limit exceeded: 11939 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (3295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8867 4 Debian, Opensuse, Redhat and 1 more 5 Debian Linux, Opensuse, Enterprise Linux and 2 more 2025-04-12 N/A
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM guests to cause a denial of service (host crash) via unspecified vectors.
CVE-2015-2316 5 Canonical, Djangoproject, Fedoraproject and 2 more 5 Ubuntu Linux, Django, Fedora and 2 more 2025-04-12 N/A
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.
CVE-2016-1654 6 Canonical, Debian, Google and 3 more 6 Ubuntu Linux, Debian Linux, Chrome and 3 more 2025-04-12 N/A
The media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.
CVE-2014-6595 2 Opensuse, Oracle 2 Opensuse, Vm Virtualbox 2025-04-12 N/A
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427.
CVE-2015-1280 4 Debian, Google, Opensuse and 1 more 8 Debian Linux, Chrome, Opensuse and 5 more 2025-04-12 N/A
SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.
CVE-2016-0616 6 Canonical, Debian, Mariadb and 3 more 16 Ubuntu Linux, Debian Linux, Mariadb and 13 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
CVE-2016-1943 3 Google, Mozilla, Opensuse 4 Android, Firefox, Leap and 1 more 2025-04-12 N/A
Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method.
CVE-2014-6590 2 Opensuse, Oracle 2 Opensuse, Vm Virtualbox 2025-04-12 N/A
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427.
CVE-2016-1704 5 Canonical, Google, Novell and 2 more 9 Ubuntu Linux, Chrome, Suse Package Hub For Suse Linux Enterprise and 6 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.103 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2016-2324 4 Git-scm, Opensuse, Redhat and 1 more 10 Git, Leap, Opensuse and 7 more 2025-04-12 9.8 Critical
Integer overflow in Git before 2.7.4 allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, which triggers a heap-based buffer overflow.
CVE-2016-7787 2 Kde, Opensuse 3 Kde-cli-tools, Leap, Opensuse 2025-04-12 N/A
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
CVE-2015-3336 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2025-04-12 N/A
Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL.
CVE-2016-1702 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2025-04-12 N/A
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted serialized data.
CVE-2015-0559 2 Opensuse, Wireshark 2 Opensuse, Wireshark 2025-04-12 N/A
Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of service (application crash) via a crafted packet, related to the use of packet-scope memory instead of pinfo-scope memory.
CVE-2014-0181 4 Linux, Opensuse, Redhat and 1 more 9 Linux Kernel, Evergreen, Enterprise Linux and 6 more 2025-04-12 N/A
The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program.
CVE-2015-0358 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2025-04-12 N/A
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039.
CVE-2016-2315 4 Git-scm, Opensuse, Redhat and 1 more 10 Git, Leap, Opensuse and 7 more 2025-04-12 9.8 Critical
revision.c in git before 2.7.4 uses an incorrect integer data type, which allows remote attackers to execute arbitrary code via a (1) long filename or (2) many nested trees, leading to a heap-based buffer overflow.
CVE-2014-2978 3 Directfb, Opensuse, Suse 6 Directfb, Opensuse, Linux Enterprise Desktop and 3 more 2025-04-12 N/A
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.
CVE-2014-8154 2 Gnome, Opensuse 2 Vala, Opensuse 2025-04-12 N/A
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.
CVE-2014-2977 3 Directfb, Opensuse, Suse 6 Directfb, Opensuse, Linux Enterprise Desktop and 3 more 2025-04-12 N/A
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.