Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by CWE-119
Angry Yack Logo
Total 13458 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-5688 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2025-04-12 6.8 MEDIUM 8.1 HIGH
The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, allows remote attackers to have unspecified impact via vectors related to the SetImageExtent return-value check, which trigger (1) a heap-based buffer overflow in the SetPixelIndex function or an invalid write operation in the (2) ScaleCharToQuantum or (3) SetPixelIndex functions.
CVE-2014-0159 2 Debian, Openafs 2 Debian Linux, Openafs 2025-04-12 5.0 MEDIUM N/A
Buffer overflow in the GetStatistics64 remote procedure call (RPC) in OpenAFS 1.4.8 before 1.6.7 allows remote attackers to cause a denial of service (crash) via a crafted statsVersion argument.
CVE-2014-3461 1 Qemu 1 Qemu 2025-04-12 6.8 MEDIUM N/A
hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute arbitrary code via crafted savevm data, which triggers a heap-based buffer overflow, related to "USB post load checks."
CVE-2014-4104 1 Microsoft 1 Internet Explorer 2025-04-12 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2799, CVE-2014-4059, CVE-2014-4065, CVE-2014-4079, CVE-2014-4081, CVE-2014-4083, CVE-2014-4085, CVE-2014-4088, CVE-2014-4090, CVE-2014-4094, CVE-2014-4097, CVE-2014-4100, CVE-2014-4103, CVE-2014-4105, CVE-2014-4106, CVE-2014-4107, CVE-2014 ...

Show More
CVE-2015-8389 3 Fedoraproject, Pcre, Php 3 Fedora, Perl Compatible Regular Expression Library, Php 2025-04-12 7.5 HIGH 9.8 CRITICAL
PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2016-1071 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE ...

Show More
CVE-2014-0551 5 Adobe, Apple, Google and 2 more 7 Adobe Air, Adobe Air Sdk, Flash Player and 4 more 2025-04-12 10.0 HIGH N/A
Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before 15.0.0.152 on Windows and OS X and before 11.2.202.406 on Linux, Adobe AIR before 15.0.0.249 on Windows and OS X and before 15.0.0.252 on Android, Adobe AIR SDK before 15.0.0.249, and Adobe AIR SDK & Compiler before 15.0.0.249 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0547, CVE-2014-0549, CVE-2014-0550, CVE-2014-0552, and ...

Show More
CVE-2016-5116 4 Debian, Libgd, Opensuse and 1 more 4 Debian Linux, Libgd, Leap and 1 more 2025-04-12 6.4 MEDIUM 9.1 CRITICAL
gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x configurations, allows context-dependent attackers to obtain sensitive information from process memory or cause a denial of service (stack-based buffer under-read and application crash) via a long name.
CVE-2015-6093 1 Microsoft 4 Office, Office Web Apps, Office Web Apps Server and 1 more 2025-04-12 9.3 HIGH N/A
Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2016-2210 3 Apple, Linux, Symantec 20 Macos, Linux Kernel, Advanced Threat Protection and 17 more 2025-04-12 9.0 HIGH 7.3 HIGH
Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Prote ...

Show More
CVE-2016-4211 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE ...

Show More
CVE-2014-2778 1 Microsoft 2 Office Compatibility Pack, Word 2025-04-12 9.3 HIGH N/A
Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a (1) .doc or (2) .docx document, aka "Embedded Font Vulnerability."
CVE-2014-0986 1 Advantech 1 Advantech Webaccess 2025-04-12 6.8 MEDIUM N/A
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.
CVE-2016-0856 1 Advantech 1 Webaccess 2025-04-12 10.0 HIGH 9.8 CRITICAL
Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2014-8106 1 Qemu 1 Qemu 2025-04-12 4.6 MEDIUM N/A
Heap-based buffer overflow in the Cirrus VGA emulator (hw/display/cirrus_vga.c) in QEMU before 2.2.0 allows local guest users to execute arbitrary code via vectors related to blit regions. NOTE: this vulnerability exists because an incomplete fix for CVE-2007-1320.
CVE-2015-5930 1 Apple 3 Iphone Os, Itunes, Safari 2025-04-12 6.8 MEDIUM N/A
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
CVE-2016-1861 1 Apple 1 Mac Os X 2025-04-12 9.3 HIGH 7.8 HIGH
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
CVE-2014-2790 1 Microsoft 1 Internet Explorer 2025-04-12 9.3 HIGH N/A
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2802, and CVE-2014-2806.
CVE-2015-2448 1 Microsoft 1 Internet Explorer 2025-04-12 9.3 HIGH N/A
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability."
CVE-2015-0530 1 Emc 1 Networker 2025-04-12 7.2 HIGH N/A
Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors.
CVE-2016-7002 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE ...

Show More
CVE-2014-2789 1 Microsoft 1 Internet Explorer 2025-04-12 9.3 HIGH N/A
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2795, CVE-2014-2798, and CVE-2014-2804.
CVE-2014-3185 1 Linux 1 Linux Kernel 2025-04-12 6.9 MEDIUM N/A
Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response.
CVE-2015-6152 1 Microsoft 6 Internet Explorer, Windows 7, Windows 8 and 3 more 2025-04-12 9.3 HIGH N/A
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6162.
CVE-2015-1845 1 Unzoo 1 Unzoo 2025-04-12 10.0 HIGH N/A
Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-5779 1 Apple 2 Mac Os X, Quicktime 2025-04-12 7.5 HIGH N/A
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753.
CVE-2015-8893 1 Google 1 Android 2025-04-12 4.3 MEDIUM 5.5 MEDIUM
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.
CVE-2014-0302 1 Microsoft 1 Internet Explorer 2025-04-12 9.3 HIGH N/A
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0303.
CVE-2013-4565 1 Debian 1 Ppthtml 2025-04-12 6.8 MEDIUM N/A
Heap-based buffer overflow in the __OLEdecode function in ppthtml 0.5.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .ppt file.
CVE-2016-1358 1 Cisco 1 Prime Infrastructure 2025-04-12 5.5 MEDIUM 6.4 MEDIUM
Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote authenticated users to read arbitrary files or cause a denial of service via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCuw81497.
CVE-2015-4506 1 Mozilla 1 Firefox 2025-04-12 6.8 MEDIUM N/A
Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a crafted VP9 file.
CVE-2016-2799 5 Mozilla, Opensuse, Oracle and 2 more 6 Firefox, Leap, Opensuse and 3 more 2025-04-12 9.3 HIGH 8.8 HIGH
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2014-0991 1 Advantech 1 Advantech Webaccess 2025-04-12 6.8 MEDIUM N/A
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter.
CVE-2015-7392 1 Freeswitch 1 Freeswitch 2025-04-12 7.5 HIGH N/A
Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing \u in a json string to cJSON_Parse.
CVE-2015-6686 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-04-12 6.8 MEDIUM N/A
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted set of fields, a different vulnerability than CVE-2015-6685, CVE-2015-6693, CVE-2015-6694, CVE-2015-6695, and CVE-2015-7622.
CVE-2016-4208 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more 2025-04-12 10.0 HIGH 9.8 CRITICAL
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4195, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE ...

Show More
CVE-2016-3758 1 Google 1 Android 2025-04-12 9.3 HIGH 7.8 HIGH
Multiple buffer overflows in libdex/OptInvocation.cpp in DexClassLoader in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides a long filename, aka internal bug 27840771.
CVE-2014-9458 1 Hex-rays 1 Ida 2025-04-12 10.0 HIGH N/A
Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors.
CVE-2016-4519 1 Unitronics 1 Visilogic Oplc Ide 2025-04-12 7.5 HIGH 9.8 CRITICAL
Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.30 allows remote attackers to execute arbitrary code via a crafted filename field in a ZIP archive in a vlp file.
CVE-2016-5108 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2025-04-12 7.5 HIGH 9.8 CRITICAL
Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted QuickTime IMA file.