Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1357 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 allows attackers to execute arbitrary code via a crafted application that generates log messages.
|
|||||
| CVE-2016-7425 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.
|
|||||
| CVE-2015-2446 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2447.
|
|||||
| CVE-2015-6056 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2025-04-12 | 9.3 HIGH | N/A |
|
The (1) JScript and (2) VBScript engines in Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
|
|||||
| CVE-2015-3089 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3090, and CVE-2015-3093.
|
|||||
| CVE-2016-9428 | 1 Tats | 1 W3m | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in the addMultirowsForm function in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
|
|||||
| CVE-2016-0116 | 1 Microsoft | 1 Edge | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130.
|
|||||
| CVE-2014-2802 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2787, CVE-2014-2790, and CVE-2014-2806.
|
|||||
| CVE-2014-9664 | 7 Canonical, Debian, Fedoraproject and 4 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.
|
|||||
| CVE-2016-0112 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0113.
|
|||||
| CVE-2014-9595 | 1 Sap | 1 Sap Kernel | 2025-04-12 | 6.5 MEDIUM | N/A |
|
Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 32-bit and 7.40 64-bit allows remote authenticated users to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to the Spool System, aka SAP Note 2061271.
|
|||||
| CVE-2013-4290 | 1 Uclouvain | 1 Openjpeg | 2025-04-12 | 10.0 HIGH | N/A |
|
Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib/openjp3d/event.c.
|
|||||
| CVE-2015-3741 | 2 Apple, Canonical | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
|
|||||
| CVE-2014-1269 | 1 Apple | 4 Mac Os X, Mac Os X Server, Safari and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2014-1268 and CVE-2014-1270.
|
|||||
| CVE-2016-9846 | 1 Qemu | 1 Qemu | 2025-04-12 | 4.9 MEDIUM | 6.5 MEDIUM |
|
QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator support is vulnerable to a memory leakage issue. It could occur while updating the cursor data in update_cursor_data_virgl. A guest user/process could use this flaw to leak host memory bytes, resulting in DoS for a host.
|
|||||
| CVE-2015-1572 | 3 Canonical, Debian, E2fsprogs Project | 3 Ubuntu Linux, Debian Linux, E2fsprogs | 2025-04-12 | 4.6 MEDIUM | N/A |
|
Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as dirty. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-0247.
|
|||||
| CVE-2010-5299 | 1 Microp Project | 1 Microp | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is probably caused by a separate, unnamed function.
|
|||||
| CVE-2014-8457 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8460 and CVE-2014-9159.
|
|||||
| CVE-2016-1970 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Integer underflow in the srtp_unprotect function in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
|
|||||
| CVE-2016-1867 | 1 Jasper Project | 1 Jasper | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
|
|||||
| CVE-2015-8149 | 1 Symantec | 1 Encryption Management Server | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
|
The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted requests.
|
|||||
| CVE-2016-7866 | 1 Adobe | 1 Animate | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
|
|||||
| CVE-2014-1646 | 1 Symantec | 2 Encryption Desktop, Pgp Desktop | 2025-04-12 | 2.6 LOW | N/A |
|
Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop Professional 10.3.x before 10.3.2 MP1 do not properly perform memory copies, which allows remote attackers to cause a denial of service (read access violation and application crash) via a malformed certificate.
|
|||||
| CVE-2015-0348 | 7 Adobe, Apple, Linux and 4 more | 11 Flash Player, Mac Os X, Linux Kernel and 8 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2014-9667 | 6 Canonical, Debian, Fedoraproject and 3 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.
|
|||||
| CVE-2016-2073 | 3 Canonical, Debian, Xmlsoft | 3 Ubuntu Linux, Debian Linux, Libxml2 | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.
|
|||||
| CVE-2015-3699 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
|
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
|
|||||
| CVE-2015-8363 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 image, which allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via a crafted image with two or more of these markers.
|
|||||
| CVE-2015-7077 | 1 Apple | 1 Mac Os X | 2025-04-12 | 7.2 HIGH | N/A |
|
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors.
|
|||||
| CVE-2015-6177 | 1 Microsoft | 3 Excel, Excel Viewer, Office Compatibility Pack | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
|
|||||
| CVE-2016-5228 | 1 Microfocus | 1 Rumba | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.
|
|||||
| CVE-2015-8395 | 1 Pcre | 1 Perl Compatible Regular Expression Library | 2025-04-12 | 7.5 HIGH | N/A |
|
PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
|
|||||
| CVE-2016-3386 | 1 Microsoft | 1 Edge | 2025-04-12 | 9.3 HIGH | 7.5 HIGH |
|
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389, CVE-2016-7190, and CVE-2016-7194.
|
|||||
| CVE-2015-7008 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 6.8 MEDIUM | N/A |
|
FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018.
|
|||||
| CVE-2016-7505 | 1 Artifex | 1 Mujs | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code execution or denial of service condition.
|
|||||
| CVE-2014-3182 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 6.9 MEDIUM | N/A |
|
Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.
|
|||||
| CVE-2016-5681 | 2 D-link, Dlink | 20 Dir-817l\(w\) Firmware, Dir-818l\(w\) Firmware, Dir-823 Firmware and 17 more | 2025-04-12 | 9.3 HIGH | 9.8 CRITICAL |
|
Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax, DIR-818LW Bx before 2.05b03beta03, DIR-822 C1 3.01 before 3.01WWb02, DIR-823 A1 1.00 before 1.00WWb05, DIR-895L A1 1.11 before 1.11WWb04, DIR-890L A1 1.09 before 1.09b14, DIR-885L A1 1.11 before 1.11WWb07, DIR-880L A1 1.07 before 1.07WWb08, DIR-868L B1 2.03 before 2.03WWb01, and DIR-868L C1 3.00 before 3.00WWb01 devices allows remote attackers to execute arbitrary code via a long session cookie.
|
|||||
| CVE-2016-1746 | 1 Apple | 1 Mac Os X | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
IOGraphics in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1747.
|
|||||
| CVE-2016-7016 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE ...
Show More |
|||||
| CVE-2016-3916 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30741779.
|
|||||