Total
1251 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-3104 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2016-12-30 | 10.0 HIGH | N/A |
Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2015-3223 | 1 Samba | 1 Samba | 2016-12-30 | 5.0 MEDIUM | 5.3 MEDIUM |
The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero values, which allows remote attackers to cause a denial of service (infinite loop) via crafted packets. | |||||
CVE-2013-4359 | 1 Proftpd | 1 Proftpd | 2016-12-30 | 5.0 MEDIUM | N/A |
Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 allows remote attackers to cause a denial of service (memory consumption) via a large response count value in an authentication request, which triggers a large memory allocation. | |||||
CVE-2015-1804 | 3 Canonical, Debian, X | 3 Ubuntu Linux, Debian Linux, Libxfont | 2016-12-30 | 8.5 HIGH | N/A |
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file. | |||||
CVE-2015-3110 | 3 Adobe, Apple, Microsoft | 4 Bridge, Photoshop Cc, Mac Os X and 1 more | 2016-12-27 | 10.0 HIGH | N/A |
Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. | |||||
CVE-2015-4001 | 1 Linux | 1 Linux Kernel | 2016-12-27 | 9.0 HIGH | N/A |
Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. | |||||
CVE-2015-3279 | 3 Canonical, Debian, Linuxfoundation | 3 Ubuntu Linux, Debian Linux, Cups-filters | 2016-12-27 | 7.5 HIGH | N/A |
Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow. | |||||
CVE-2014-9683 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2016-12-23 | 3.6 LOW | N/A |
Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. | |||||
CVE-2015-3768 | 1 Apple | 2 Iphone Os, Mac Os X | 2016-12-23 | 9.3 HIGH | N/A |
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls. | |||||
CVE-2012-5667 | 1 Gnu | 1 Grep | 2016-12-23 | 4.4 MEDIUM | N/A |
Multiple integer overflows in GNU Grep before 2.11 might allow context-dependent attackers to execute arbitrary code via vectors involving a long input line that triggers a heap-based buffer overflow. | |||||
CVE-2015-6819 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-21 | 7.5 HIGH | N/A |
Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. | |||||
CVE-2015-4167 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2016-12-21 | 4.7 MEDIUM | N/A |
The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data representation or integer overflow, and OOPS) via a crafted UDF filesystem. | |||||
CVE-2013-6487 | 1 Pidgin | 1 Pidgin | 2016-12-21 | 7.5 HIGH | N/A |
Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu (gg) parser in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a large Content-Length value, which triggers a buffer overflow. | |||||
CVE-2015-4472 | 1 Libmspack Project | 1 Libmspack | 2016-12-21 | 6.8 MEDIUM | N/A |
Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted CHM file. | |||||
CVE-2013-7422 | 2 Apple, Perl | 2 Mac Os X, Perl | 2016-12-21 | 7.5 HIGH | N/A |
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. | |||||
CVE-2015-1219 | 3 Canonical, Google, Redhat | 6 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 3 more | 2016-12-21 | 7.5 HIGH | N/A |
Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted allocation of a large amount of memory during WebGL rendering. | |||||
CVE-2013-4122 | 2 Cmu, Gnu | 2 Cyrus-sasl, Glibc | 2016-12-07 | 4.3 MEDIUM | N/A |
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service (thread crash and consumption) via (1) an invalid salt or, when FIPS-140 is enabled, a (2) DES or (3) MD5 encrypted password, which triggers a NULL pointer dereference. | |||||
CVE-2013-4449 | 2 Debian, Openldap | 2 Debian Linux, Openldap | 2016-12-07 | 4.3 MEDIUM | N/A |
The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not properly count references, which allows remote attackers to cause a denial of service (slapd crash) by unbinding immediately after a search request, which triggers rwm_conn_destroy to free the session context while it is being used by rwm_op_search. | |||||
CVE-2016-1904 | 1 Php | 1 Php | 2016-12-07 | 7.5 HIGH | 7.3 HIGH |
Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow. | |||||
CVE-2015-8664 | 1 Google | 1 Chrome | 2016-12-07 | 7.5 HIGH | 8.8 HIGH |
Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly have unspecified other impact via an RGBA pixel array with crafted dimensions, a different vulnerability than CVE-2015-6792. |