Total
1232 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-2099 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | 6.8 MEDIUM | N/A |
|
The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data.
|
|||||
| CVE-2015-0295 | 3 Digia, Fedoraproject, Opensuse | 3 Qt, Fedora, Opensuse | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and crash) via a crafted BMP file.
|
|||||
| CVE-2014-9029 | 1 Jasper Project | 1 Jasper | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) jpc_dec_cp_setfromrgn functions in jpc/jpc_dec.c in JasPer 1.900.1 and earlier allow remote attackers to execute arbitrary code via a crafted jp2 file, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2014-6269 | 1 Haproxy | 1 Haproxy | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Multiple integer overflows in the http_request_forward_body function in proto_http.c in HAProxy 1.5-dev23 before 1.5.4 allow remote attackers to cause a denial of service (crash) via a large stream of data, which triggers a buffer overflow and an out-of-bounds read.
|
|||||
| CVE-2015-2331 | 5 Debian, Fedoraproject, Nih and 2 more | 5 Debian Linux, Fedora, Libzip and 2 more | 2025-04-12 | 7.5 HIGH | N/A |
|
Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow.
|
|||||
| CVE-2014-1721 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
|
Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range.
|
|||||
| CVE-2014-4639 | 1 Emc | 1 Documentum Wdk | 2025-04-12 | 5.0 MEDIUM | N/A |
|
EMC Documentum Web Development Kit (WDK) before 6.8 does not properly generate random numbers for a certain parameter related to Webtop components, which makes it easier for remote attackers to conduct phishing attacks via brute-force attempts to predict the parameter value.
|
|||||
| CVE-2015-1258 | 2 Debian, Google | 2 Debian Linux, Chrome | 2025-04-12 | 7.5 HIGH | N/A |
|
Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data.
|
|||||
| CVE-2015-7213 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow.
|
|||||
| CVE-2015-5309 | 2 Opensuse, Simon Tatham | 3 Leap, Opensuse, Putty | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.
|
|||||
| CVE-2016-2070 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.8 HIGH | 7.5 HIGH |
|
The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux kernel before 4.3.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via crafted TCP traffic.
|
|||||
| CVE-2015-0851 | 1 Xmltooling Project | 1 Xmltooling | 2025-04-12 | 5.0 MEDIUM | N/A |
|
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.
|
|||||
| CVE-2014-1891 | 1 Xen | 1 Xen | 2025-04-12 | 5.2 MEDIUM | N/A |
|
Multiple integer overflows in the (1) FLASK_GETBOOL, (2) FLASK_SETBOOL, (3) FLASK_USER, and (4) FLASK_CONTEXT_TO_SID suboperations in the flask hypercall in Xen 4.3.x, 4.2.x, 4.1.x, 3.2.x, and earlier, when XSM is enabled, allow local users to cause a denial of service (processor fault) via unspecified vectors, a different vulnerability than CVE-2014-1892, CVE-2014-1893, and CVE-2014-1894.
|
|||||
| CVE-2015-5259 | 1 Apache | 1 Subversion | 2025-04-12 | 9.0 HIGH | 8.6 HIGH |
|
Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read.
|
|||||
| CVE-2014-4377 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.
|
|||||
| CVE-2015-3228 | 1 Artifex | 1 Afpl Ghostscript | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write.
|
|||||
| CVE-2015-4067 | 1 Dell | 1 Netvault Backup | 2025-04-12 | 10.0 HIGH | N/A |
|
Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2015-8078 | 2 Cyrus, Opensuse | 3 Imap, Leap, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
|
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
|
|||||
| CVE-2014-1744 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
|
Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation.
|
|||||
| CVE-2014-7901 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
|
Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image.
|
|||||
| CVE-2016-2538 | 1 Qemu | 1 Qemu | 2025-04-12 | 3.6 LOW | 7.1 HIGH |
|
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.
|
|||||
| CVE-2016-2463 | 1 Google | 1 Android | 2025-04-12 | 7.5 HIGH | 8.4 HIGH |
|
Multiple integer overflows in the h264dec component in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation, aka internal bug 27855419.
|
|||||
| CVE-2014-0211 | 2 Canonical, X | 2 Ubuntu Linux, Libxfont | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow.
|
|||||
| CVE-2015-3863 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | N/A |
|
Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399.
|
|||||
| CVE-2014-2889 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 4.6 MEDIUM | N/A |
|
Off-by-one error in the bpf_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 3.1.8, when BPF JIT is enabled, allows local users to cause a denial of service (system crash) or possibly gain privileges via a long jump after a conditional jump.
|
|||||
| CVE-2011-2593 | 1 Citrix | 1 Access Gateway Plug-in | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Integer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a crafted Content-Length HTTP header, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2014-4508 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | 4.7 MEDIUM | N/A |
|
arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.
|
|||||
| CVE-2014-1684 | 1 Videolan | 1 Vlc Media Player | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The ASF_ReadObject_file_properties function in modules/demux/asf/libasf.c in the ASF Demuxer in VideoLAN VLC Media Player before 2.1.3 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a zero minimum and maximum data packet size in an ASF file.
|
|||||
| CVE-2015-5213 | 4 Apache, Canonical, Debian and 1 more | 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.
|
|||||
| CVE-2015-8077 | 2 Cyrus, Opensuse | 3 Imap, Leap, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
|
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the start_octet variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
|
|||||
| CVE-2014-9602 | 1 Ffmpeg | 1 Ffmpeg | 2025-04-12 | 7.5 HIGH | N/A |
|
libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits and words array dimensions that do not satisfy a required mathematical relationship, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted X-Face image data.
|
|||||
| CVE-2010-2062 | 1 Videolan | 1 Vlc Media Player | 2025-04-12 | 7.5 HIGH | N/A |
|
Integer underflow in the real_get_rdt_chunk function in real.c, as used in modules/access/rtsp/real.c in VideoLAN VLC media player before 1.0.1 and stream/realrtsp/real.c in MPlayer before r29447, allows remote attackers to execute arbitrary code via a crafted length value in an RDT chunk header.
|
|||||
| CVE-2014-8589 | 1 Sap | 1 Network Interface Router | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.
|
|||||
| CVE-2014-9766 | 2 Canonical, Pixman | 2 Ubuntu Linux, Pixman | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.
|
|||||
| CVE-2016-2507 | 1 Google | 1 Android | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
|
Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28532266.
|
|||||
| CVE-2015-0261 | 1 Tcpdump | 1 Tcpdump | 2025-04-12 | 7.5 HIGH | N/A |
|
Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or possibly execute arbitrary code via a negative length value.
|
|||||
| CVE-2014-0099 | 1 Apache | 1 Tomcat | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4, when operated behind a reverse proxy, allows remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
|
|||||
| CVE-2014-0172 | 1 Elfutils Project | 1 Elfutils | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Integer overflow in the check_section function in dwarf_begin_elf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed compressed debug section in an ELF file, which triggers a heap-based buffer overflow.
|
|||||
| CVE-2015-3829 | 1 Google | 1 Android | 2025-04-12 | 10.0 HIGH | N/A |
|
Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261.
|
|||||
| CVE-2015-7222 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow.
|
|||||