Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-189
Total 1251 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-3104 5 Adobe, Apple, Google and 2 more 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more 2016-12-30 10.0 HIGH N/A
Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors.
CVE-2015-3223 1 Samba 1 Samba 2016-12-30 5.0 MEDIUM 5.3 MEDIUM
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets.
CVE-2013-4359 1 Proftpd 1 Proftpd 2016-12-30 5.0 MEDIUM N/A
Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation.
CVE-2015-1804 3 Canonical, Debian, X 3 Ubuntu Linux, Debian Linux, Libxfont 2016-12-30 8.5 HIGH N/A
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
CVE-2015-3110 3 Adobe, Apple, Microsoft 4 Bridge, Photoshop Cc, Mac Os X and 1 more 2016-12-27 10.0 HIGH N/A
Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2015-4001 1 Linux 1 Linux Kernel 2016-12-27 9.0 HIGH N/A
Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.
CVE-2015-3279 3 Canonical, Debian, Linuxfoundation 3 Ubuntu Linux, Debian Linux, Cups-filters 2016-12-27 7.5 HIGH N/A
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.
CVE-2014-9683 2 Canonical, Linux 2 Ubuntu Linux, Linux Kernel 2016-12-23 3.6 LOW N/A
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename.
CVE-2015-3768 1 Apple 2 Iphone Os, Mac Os X 2016-12-23 9.3 HIGH N/A
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
CVE-2012-5667 1 Gnu 1 Grep 2016-12-23 4.4 MEDIUM N/A
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow.
CVE-2015-6819 1 Ffmpeg 1 Ffmpeg 2016-12-21 7.5 HIGH N/A
Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data.
CVE-2015-4167 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2016-12-21 4.7 MEDIUM N/A
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem.
CVE-2013-6487 1 Pidgin 1 Pidgin 2016-12-21 7.5 HIGH N/A
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow.
CVE-2015-4472 1 Libmspack Project 1 Libmspack 2016-12-21 6.8 MEDIUM N/A
Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file.
CVE-2013-7422 2 Apple, Perl 2 Mac Os X, Perl 2016-12-21 7.5 HIGH N/A
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.
CVE-2015-1219 3 Canonical, Google, Redhat 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more 2016-12-21 7.5 HIGH N/A
Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering.
CVE-2013-4122 2 Cmu, Gnu 2 Cyrus-sasl, Glibc 2016-12-07 4.3 MEDIUM N/A
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference.
CVE-2013-4449 2 Debian, Openldap 2 Debian Linux, Openldap 2016-12-07 4.3 MEDIUM N/A
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search.
CVE-2016-1904 1 Php 1 Php 2016-12-07 7.5 HIGH 7.3 HIGH
Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.
CVE-2015-8664 1 Google 1 Chrome 2016-12-07 7.5 HIGH 8.8 HIGH
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792.