Export limit exceeded: 20088 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (20088 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-2839 3 Ffmpeg, Linux, Mozilla 3 Ffmpeg, Linux Kernel, Firefox 2025-04-12 N/A
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux make cairo _cairo_surface_get_extents calls that do not properly interact with libav header allocation in FFmpeg 0.10, which allows remote attackers to cause a denial of service (application crash) via a crafted video.
CVE-2016-8630 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-12 N/A
The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction.
CVE-2013-6335 4 Hp, Ibm, Linux and 1 more 5 Hp-ux, Aix, Tivoli Storage Manager and 2 more 2025-04-12 N/A
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations.
CVE-2015-5307 6 Canonical, Debian, Linux and 3 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2025-04-12 N/A
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
CVE-2016-8632 1 Linux 1 Linux Kernel 2025-04-12 7.8 High
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.
CVE-2016-7425 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2025-04-12 7.8 High
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.
CVE-2016-7916 1 Linux 1 Linux Kernel 2025-04-12 N/A
Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive information from kernel memory by reading a /proc/*/environ file during a process-setup time interval in which environment-variable copying is incomplete.
CVE-2016-7857 6 Adobe, Apple, Google and 3 more 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more 2025-04-12 N/A
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2016-6930 6 Adobe, Apple, Google and 3 more 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more 2025-04-12 8.8 High
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6931, and CVE-2016-6932.
CVE-2014-0069 3 Linux, Redhat, Suse 11 Linux Kernel, Enterprise Linux, Enterprise Linux Desktop and 8 more 2025-04-12 N/A
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer.
CVE-2016-6929 6 Adobe, Apple, Google and 3 more 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more 2025-04-12 8.8 High
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.
CVE-2016-7869 6 Adobe, Apple, Google and 3 more 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more 2025-04-12 8.8 High
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search functionality. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7870 6 Adobe, Apple, Google and 3 more 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more 2025-04-12 8.8 High
Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Successful exploitation could lead to arbitrary code execution.
CVE-2016-7915 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-12 N/A
The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver.
CVE-2016-7865 6 Adobe, Apple, Google and 3 more 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more 2025-04-12 N/A
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2014-0206 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-12 N/A
Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value.
CVE-2016-6923 6 Adobe, Apple, Google and 3 more 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more 2025-04-12 8.8 High
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.
CVE-2016-6927 6 Adobe, Apple, Google and 3 more 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more 2025-04-12 8.8 High
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932.
CVE-2016-5243 1 Linux 1 Linux Kernel 2025-04-12 N/A
The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.
CVE-2016-6516 1 Linux 1 Linux Kernel 2025-04-12 N/A
Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (heap-based buffer overflow) or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability.