Filtered by vendor Opensuse
Subscribe
Search
Total
948 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-6123 | 4 Net-snmp, Opensuse, Redhat and 1 more | 4 Net-snmp, Opensuse, Enterprise Linux and 1 more | 2024-01-12 | 5.0 MEDIUM | N/A |
| The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP queries, related to "source/destination IP address confusion." | |||||
| CVE-2014-3638 | 3 D-bus Project, Freedesktop, Opensuse | 3 D-bus, Dbus, Opensuse | 2023-12-27 | 2.1 LOW | N/A |
| The bus_connections_check_reply function in config-parser.c in D-Bus before 1.6.24 and 1.8.x before 1.8.8 allows local users to cause a denial of service (CPU consumption) via a large number of method calls. | |||||
| CVE-2014-3635 | 3 D-bus Project, Freedesktop, Opensuse | 3 D-bus, Dbus, Opensuse | 2023-12-27 | 4.4 MEDIUM | N/A |
| Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8, when running on a 64-bit system and the max_message_unix_fds limit is set to an odd number, allows local users to cause a denial of service (dbus-daemon crash) or possibly execute arbitrary code by sending one more file descriptor than the limit, which triggers a heap-based buffer overflow or an assertion failure. | |||||
| CVE-2014-3636 | 3 D-bus Project, Freedesktop, Opensuse | 3 D-bus, Dbus, Opensuse | 2023-12-27 | 1.9 LOW | N/A |
| D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows local users to (1) cause a denial of service (prevention of new connections and connection drop) by queuing the maximum number of file descriptors or (2) cause a denial of service (disconnect) via multiple messages that combine to have more than the allowed number of file descriptors for a single sendmsg call. | |||||
| CVE-2014-3639 | 3 D-bus Project, Freedesktop, Opensuse | 3 D-bus, Dbus, Opensuse | 2023-12-27 | 2.1 LOW | N/A |
| The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not properly close old connections, which allows local users to cause a denial of service (incomplete connection consumption and prevention of new connections) via a large number of incomplete connections. | |||||
| CVE-2014-3532 | 6 Debian, Freedesktop, Linux and 3 more | 6 Debian Linux, Dbus, Linux Kernel and 3 more | 2023-12-27 | 2.1 LOW | N/A |
| dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) by sending a message containing a file descriptor, then exceeding the maximum recursion depth before the initial message is forwarded. | |||||
| CVE-2014-3637 | 2 Freedesktop, Opensuse | 2 Dbus, Opensuse | 2023-12-27 | 2.1 LOW | N/A |
| D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does not properly close connections for processes that have terminated, which allows local users to cause a denial of service via a D-bus message containing a D-Bus connection file descriptor. | |||||
| CVE-2014-3533 | 4 Debian, Freedesktop, Mageia Project and 1 more | 4 Debian Linux, Dbus, Mageia and 1 more | 2023-12-27 | 2.1 LOW | N/A |
| dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message containing an invalid file descriptor. | |||||
| CVE-2013-2168 | 2 Freedesktop, Opensuse | 2 Dbus, Opensuse | 2023-12-27 | 1.9 LOW | N/A |
| The _dbus_printf_string_upper_bound function in dbus/dbus-sysdeps-unix.c in D-Bus (aka DBus) 1.4.x before 1.4.26, 1.6.x before 1.6.12, and 1.7.x before 1.7.4 allows local users to cause a denial of service (service crash) via a crafted message. | |||||
| CVE-2015-0245 | 2 Freedesktop, Opensuse | 2 Dbus, Opensuse | 2023-12-27 | 1.9 LOW | N/A |
| D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service (activation failure error returned) by leveraging a race condition involving sending an ActivationFailure signal before systemd responds. | |||||
| CVE-2010-1634 | 5 Canonical, Fedoraproject, Opensuse and 2 more | 5 Ubuntu Linux, Fedora, Opensuse and 2 more | 2022-07-13 | 5.0 MEDIUM | N/A |
| Multiple integer overflows in audioop.c in the audioop module in Python 2.6, 2.7, 3.1, and 3.2 allow context-dependent attackers to cause a denial of service (application crash) via a large fragment, as demonstrated by a call to audioop.lin2lin with a long string in the first argument, leading to a buffer overflow. NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-3143.5. | |||||
| CVE-2015-1283 | 8 Canonical, Debian, Google and 5 more | 13 Ubuntu Linux, Debian Linux, Chrome and 10 more | 2022-07-05 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. | |||||
| CVE-2014-0195 | 4 Fedoraproject, Mariadb, Openssl and 1 more | 5 Fedora, Mariadb, Openssl and 2 more | 2022-06-30 | 6.8 MEDIUM | N/A |
| The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly validate fragment lengths in DTLS ClientHello messages, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and application crash) via a long non-initial fragment. | |||||
| CVE-2009-1185 | 7 Canonical, Debian, Fedoraproject and 4 more | 9 Ubuntu Linux, Debian Linux, Fedora and 6 more | 2022-06-03 | 7.2 HIGH | N/A |
| udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space. | |||||
| CVE-2009-1186 | 6 Canonical, Debian, Fedoraproject and 3 more | 8 Ubuntu Linux, Debian Linux, Fedora and 5 more | 2022-06-03 | 2.1 LOW | N/A |
| Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments. | |||||
| CVE-2015-4142 | 3 Opensuse, Redhat, W1.fi | 7 Opensuse, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 4 more | 2022-05-17 | 4.3 MEDIUM | N/A |
| Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read. | |||||
| CVE-2015-0412 | 6 Canonical, Debian, Novell and 3 more | 8 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 5 more | 2022-05-13 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. | |||||
| CVE-2015-0400 | 4 Canonical, Novell, Opensuse and 1 more | 6 Ubuntu Linux, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 3 more | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | |||||
| CVE-2015-0459 | 3 Novell, Opensuse, Oracle | 5 Suse Linux Enterprise Desktop, Opensuse, Javafx and 2 more | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. | |||||
| CVE-2015-8126 | 9 Apple, Canonical, Debian and 6 more | 21 Mac Os X, Ubuntu Linux, Debian Linux and 18 more | 2022-05-13 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19 allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. | |||||
| CVE-2015-0491 | 3 Opensuse, Oracle, Suse | 5 Opensuse, Javafx, Jdk and 2 more | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. | |||||
| CVE-2015-0484 | 3 Opensuse, Oracle, Suse | 5 Opensuse, Javafx, Jdk and 2 more | 2022-05-13 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. | |||||
| CVE-2014-6601 | 6 Canonical, Debian, Novell and 3 more | 8 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 5 more | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | |||||
| CVE-2015-0486 | 2 Opensuse, Oracle | 3 Opensuse, Jdk, Jre | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | |||||
| CVE-2015-0458 | 3 Novell, Opensuse, Oracle | 4 Suse Linux Enterprise Desktop, Opensuse, Jdk and 1 more | 2022-05-13 | 7.6 HIGH | N/A |
| Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||||
| CVE-2015-0492 | 3 Opensuse, Oracle, Suse | 5 Opensuse, Javafx, Jdk and 2 more | 2022-05-13 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. | |||||
| CVE-2013-4002 | 9 Apache, Canonical, Hp and 6 more | 21 Xerces2 Java, Ubuntu Linux, Hp-ux and 18 more | 2022-05-13 | 7.1 HIGH | N/A |
| XMLscanner.java in Apache Xerces2 Java Parser before 2.12.0, as used in the Java Runtime Environment (JRE) in IBM Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 as well as Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, Java SE Embedded 7u40 and earlier, and possibly other products allows remote attackers to cause a denial of service via vectors related to XML attribute names. | |||||
| CVE-2015-0408 | 6 Canonical, Debian, Novell and 3 more | 8 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 5 more | 2022-05-13 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. | |||||
| CVE-2015-0410 | 6 Canonical, Debian, Novell and 3 more | 9 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Desktop and 6 more | 2022-05-13 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security. | |||||
| CVE-2015-0395 | 6 Canonical, Debian, Novell and 3 more | 7 Ubuntu Linux, Debian Linux, Suse Linux Enterprise Server and 4 more | 2022-05-13 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | |||||
| CVE-2015-0383 | 7 Canonical, Debian, Fedoraproject and 4 more | 10 Ubuntu Linux, Debian Linux, Fedora and 7 more | 2022-05-13 | 5.4 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. | |||||
| CVE-2009-2625 | 7 Apache, Canonical, Debian and 4 more | 9 Xerces2 Java, Ubuntu Linux, Debian Linux and 6 more | 2022-05-13 | 5.0 MEDIUM | N/A |
| XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. | |||||
| CVE-2010-0395 | 6 Apache, Canonical, Debian and 3 more | 6 Openoffice, Ubuntu Linux, Debian Linux and 3 more | 2022-02-07 | 9.3 HIGH | N/A |
| OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote attackers to bypass Python macro security restrictions and execute arbitrary Python code via a crafted OpenDocument Text (ODT) file that triggers code execution when the macro directory structure is previewed. | |||||
| CVE-2012-0871 | 2 Opensuse, Systemd Project | 2 Opensuse, Systemd | 2022-01-28 | 6.3 MEDIUM | N/A |
| The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/. | |||||
| CVE-2013-6424 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more | 2022-01-11 | 5.0 MEDIUM | N/A |
| Integer underflow in the xTrapezoidValid macro in render/picture.h in X.Org allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. | |||||
| CVE-2014-0569 | 7 Adobe, Apple, Google and 4 more | 14 Air Desktop Runtime, Air Sdk, Flash Player and 11 more | 2021-11-10 | 9.3 HIGH | N/A |
| Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-0564 | 7 Adobe, Apple, Google and 4 more | 14 Air Desktop Runtime, Air Sdk, Flash Player and 11 more | 2021-11-10 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0558. | |||||
| CVE-2013-4547 | 3 F5, Opensuse, Suse | 5 Nginx, Opensuse, Lifecycle Management Server and 2 more | 2021-11-10 | 7.5 HIGH | N/A |
| nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI. | |||||
| CVE-2014-0133 | 2 F5, Opensuse | 2 Nginx, Opensuse | 2021-11-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 before 1.4.7 and 1.5.x before 1.5.12 allows remote attackers to execute arbitrary code via a crafted request. | |||||
| CVE-2009-2816 | 4 Apple, Fedoraproject, Google and 1 more | 5 Iphone Os, Safari, Fedora and 2 more | 2021-11-08 | 6.8 MEDIUM | N/A |
| The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, as used in Apple Safari before 4.0.4 and Google Chrome before 3.0.195.33, includes certain custom HTTP headers in the OPTIONS request during cross-origin operations with preflight, which makes it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks via a crafted web page. | |||||
| CVE-2014-3004 | 3 Castor Project, Opensuse, Opensuse Project | 3 Castor, Opensuse, Opensuse | 2021-10-20 | 4.3 MEDIUM | N/A |
| The default configuration for the Xerces SAX Parser in Castor before 1.3.3 allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XML document. | |||||
| CVE-2015-1209 | 7 Apple, Canonical, Google and 4 more | 11 Macos, Ubuntu Linux, Chrome and 8 more | 2021-09-08 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor. | |||||
| CVE-2012-2037 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2021-09-08 | 9.3 HIGH | N/A |
| Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2034. | |||||
| CVE-2015-1212 | 7 Apple, Canonical, Google and 4 more | 11 Macos, Ubuntu Linux, Chrome and 8 more | 2021-09-08 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2012-2034 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2021-09-08 | 9.3 HIGH | N/A |
| Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2037. | |||||
| CVE-2015-5122 | 7 Adobe, Apple, Linux and 4 more | 14 Flash Player, Flash Player Desktop Runtime, Macos and 11 more | 2021-09-08 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. | |||||
| CVE-2012-2039 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2021-09-08 | 9.3 HIGH | N/A |
| Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||||
| CVE-2012-2038 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2021-09-08 | 4.3 MEDIUM | N/A |
| Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | |||||
| CVE-2013-0894 | 7 Apple, Canonical, Ffmpeg and 4 more | 7 Macos, Ubuntu Linux, Ffmpeg and 4 more | 2021-09-08 | 7.5 HIGH | N/A |
| Buffer overflow in the vorbis_parse_setup_hdr_floors function in the Vorbis decoder in vorbisdec.c in libavcodec in FFmpeg through 1.1.3, as used in Google Chrome before 25.0.1364.97 on Windows and Linux and before 25.0.1364.99 on Mac OS X and other products, allows remote attackers to cause a denial of service (divide-by-zero error or out-of-bounds array access) or possibly have unspecified other impact via vectors involving a zero value for a bark map size. | |||||
| CVE-2012-2035 | 8 Adobe, Apple, Google and 5 more | 13 Air, Flash Player, Macos and 10 more | 2021-09-08 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on Windows and Mac OS X; before 10.3.183.20 and 11.x before 11.2.202.236 on Linux; before 11.1.111.10 on Android 2.x and 3.x; and before 11.1.115.9 on Android 4.x, and Adobe AIR before 3.3.0.3610, allows attackers to execute arbitrary code via unspecified vectors. | |||||