Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0124 | 1 Ibm | 1 Rational Quality Manager | 2016-12-03 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix4, 4.x before 4.0.7 iFix3, and 5.x before 5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0128. | |||||
| CVE-2015-0125 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2016-12-03 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 4.x before 4.0.7 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-2097 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before 2.1.4 does not properly validate a certain bits-per-sample value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted TAK (aka Tom's lossless Audio Kompressor) data. | |||||
| CVE-2014-2098 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect data-structure size for certain coefficients, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted WMA data. | |||||
| CVE-2014-2972 | 1 Exim | 1 Exim | 2016-12-03 | 4.6 MEDIUM | N/A |
| expand.c in Exim before 4.83 expands mathematical comparisons twice, which allows local users to gain privileges and execute arbitrary commands via a crafted lookup value. | |||||
| CVE-2014-5271 | 2 Ffmpeg, Libav | 2 Ffmpeg, Libav | 2016-12-03 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-5272 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an out-of-bounds array access, related to the rgb8 and rgbn formats. | |||||
| CVE-2014-8541 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2016-12-03 | 7.5 HIGH | N/A |
| libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension differences, and not bits-per-pixel differences, when determining whether an image size has changed, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MJPEG data. | |||||
| CVE-2014-8543 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2016-12-03 | 7.5 HIGH | N/A |
| libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted MM video data. | |||||
| CVE-2014-8544 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2016-12-03 | 7.5 HIGH | N/A |
| libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data. | |||||
| CVE-2014-8545 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 7.5 HIGH | N/A |
| libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the monochrome-black format without verifying that the bits-per-pixel value is 1, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted PNG data. | |||||
| CVE-2014-8546 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 7.5 HIGH | N/A |
| Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data. | |||||
| CVE-2014-8547 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2016-12-03 | 7.5 HIGH | N/A |
| libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data. | |||||
| CVE-2014-8548 | 2 Canonical, Ffmpeg | 2 Ubuntu Linux, Ffmpeg | 2016-12-03 | 7.5 HIGH | N/A |
| Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data. | |||||
| CVE-2013-0860 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 4.3 MEDIUM | N/A |
| The ff_er_frame_end function in libavcodec/error_resilience.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 does not properly verify that a frame is fully initialized, which allows remote attackers to trigger a NULL pointer dereference via crafted picture data. | |||||
| CVE-2013-0861 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 5.0 MEDIUM | N/A |
| The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.1 allows remote attackers to trigger memory corruption via vectors related to the channel layout. | |||||
| CVE-2013-0862 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 9.3 HIGH | N/A |
| Multiple integer overflows in the process_frame_obj function in libavcodec/sanm.c in FFmpeg before 1.1.2 allow remote attackers to have an unspecified impact via crafted image dimensions in LucasArts Smush video data, which triggers an out-of-bounds array access. | |||||
| CVE-2013-0863 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 9.3 HIGH | N/A |
| Buffer overflow in the rle_decode function in libavcodec/sanm.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via crafted LucasArts Smush video data. | |||||
| CVE-2013-0864 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 10.0 HIGH | N/A |
| The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before 1.1.2 performs an incorrect calculation for an "end pointer," which allows remote attackers to have an unspecified impact via crafted GIF data that triggers an out-of-bounds array access. | |||||
| CVE-2013-0865 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 9.3 HIGH | N/A |
| The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large (1) cbp0 or (2) cbpz chunk in Westwood Studios VQA Video file, which triggers an out-of-bounds write. | |||||
| CVE-2013-0866 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 9.3 HIGH | N/A |
| The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before 1.0.4 and 1.1.x before 1.1.2 allows remote attackers to have an unspecified impact via a large number of channels in an AAC file, which triggers an out-of-bounds array access. | |||||
| CVE-2013-0867 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 9.3 HIGH | N/A |
| The decode_slice_header function in libavcodec/h264.c in FFmpeg before 1.1.2 does not properly check when the pixel format changes, which allows remote attackers to have unspecified impact via crafted H.264 video data, related to an out-of-bounds array access. | |||||
| CVE-2013-0868 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 9.3 HIGH | N/A |
| libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers to have an unspecified impact via crafted Huffyuv data, related to an out-of-bounds write and (1) unchecked return codes from the init_vlc function and (2) "len==0 cases." | |||||
| CVE-2013-0872 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 10.0 HIGH | N/A |
| The swr_init function in libswresample/swresample.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid or unsupported (1) input or (2) output channel layout, related to an out-of-bounds array access. | |||||
| CVE-2013-0873 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 10.0 HIGH | N/A |
| The read_header function in libavcodec/shorten.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via an invalid channel count, related to "freeing invalid addresses." | |||||
| CVE-2013-0874 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 9.3 HIGH | N/A |
| The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via a crafted TIFF image, related to an out-of-bounds array access. | |||||
| CVE-2013-0875 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 9.3 HIGH | N/A |
| The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via a crafted PNG image, related to an out-of-bounds array access. | |||||
| CVE-2013-0876 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 9.3 HIGH | N/A |
| Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 functions in libavcodec/sanm.c in FFmpeg before 1.1.3 allow remote attackers to have an unspecified impact via crafted LucasArts Smush data, which triggers an out-of-bounds array access. | |||||
| CVE-2013-0877 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 9.3 HIGH | N/A |
| The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted LucasArts Smush data that has a large size when decoded, related to an out-of-bounds array access. | |||||
| CVE-2013-0878 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 9.3 HIGH | N/A |
| The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 allows remote attackers to have an unspecified impact via crafted Targa image data, related to an out-of-bounds array access. | |||||
| CVE-2013-4263 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 7.5 HIGH | N/A |
| libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote vectors related to a crafted "plane," which triggers an out-of-bounds heap write. | |||||
| CVE-2013-4264 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 4.3 MEDIUM | N/A |
| The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file. | |||||
| CVE-2013-4265 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 10.0 HIGH | N/A |
| The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference. | |||||
| CVE-2013-7008 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The decode_slice_header function in libavcodec/h264.c in FFmpeg before 2.1 incorrectly relies on a certain droppable field, which allows remote attackers to cause a denial of service (deadlock) or possibly have unspecified other impact via crafted H.264 data. | |||||
| CVE-2013-7009 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before 2.1 does not properly maintain a pointer to pixel data, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Apple RPZA data. | |||||
| CVE-2013-7010 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg before 2.1 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. | |||||
| CVE-2013-7011 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 does not prevent changes to global parameters, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted FFV1 data. | |||||
| CVE-2013-7012 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not prevent attempts to use non-zero image offsets, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | |||||
| CVE-2013-7013 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 uses an incorrect ordering of arithmetic operations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data. | |||||
| CVE-2013-7014 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| Integer signedness error in the add_bytes_l2_c function in libavcodec/pngdsp.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted PNG data. | |||||
| CVE-2013-7015 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg before 2.1 does not properly validate a certain height value, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Flash Screen Video data. | |||||
| CVE-2013-7016 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the expected sample separation, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | |||||
| CVE-2013-7017 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via crafted JPEG2000 data. | |||||
| CVE-2013-7018 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use of valid code-block dimension values, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | |||||
| CVE-2013-7019 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not properly validate the reduction factor, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | |||||
| CVE-2013-7021 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 does not properly ensure the availability of FIFO content, which allows remote attackers to cause a denial of service (double free) or possibly have unspecified other impact via crafted data. | |||||
| CVE-2013-7022 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before 2.1 does not properly allocate memory for tiles, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Go2Webinar data. | |||||
| CVE-2013-7023 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The ff_combine_frame function in libavcodec/parser.c in FFmpeg before 2.1 does not properly handle certain memory-allocation errors, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted data. | |||||
| CVE-2013-7024 | 1 Ffmpeg | 1 Ffmpeg | 2016-12-03 | 6.8 MEDIUM | N/A |
| The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not consider the component number in certain calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG2000 data. | |||||
| CVE-2013-7041 | 1 Cristian Gafton | 1 Pam Userdb | 2016-12-03 | 4.3 MEDIUM | N/A |
| The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack. | |||||