Search
Total
11946 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2013-6474 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2016-12-31 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file. | |||||
| CVE-2013-6473 | 2 Canonical, Linuxfoundation | 2 Ubuntu Linux, Cups-filters | 2016-12-31 | 6.8 MEDIUM | N/A |
| Multiple heap-based buffer overflows in the urftopdf filter in cups-filters 1.0.25 before 1.0.47 allow remote attackers to execute arbitrary code via a large (1) page or (2) line in a URF file. | |||||
| CVE-2013-6382 | 1 Linux | 1 Linux Kernel | 2016-12-31 | 4.0 MEDIUM | N/A |
| Multiple buffer underflows in the XFS implementation in the Linux kernel through 3.12.1 allow local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for a (1) XFS_IOC_ATTRLIST_BY_HANDLE or (2) XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted length value, related to the xfs_attrlist_by_handle function in fs/xfs/xfs_ioctl.c and the xfs_compat_attrlist_by_handle function in fs/xfs/xfs_ioctl32.c. | |||||
| CVE-2013-6381 | 1 Linux | 1 Linux Kernel | 2016-12-31 | 6.9 MEDIUM | N/A |
| Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size. | |||||
| CVE-2013-6369 | 1 Cambridge Enterprise | 1 Jbig-kit | 2016-12-31 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the jbg_dec_in function in libjbig/jbig.c in JBIG-KIT before 2.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted image file. | |||||
| CVE-2013-6343 | 1 Asus | 6 Rt-ac66u, Rt-ac66u Firmware, Rt-n56u and 3 more | 2016-12-31 | 10.0 HIGH | N/A |
| Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and RT-AC66U routers with firmware 3.0.0.4.374_979 allow remote attackers to execute arbitrary code via the (1) apps_name or (2) apps_flag parameter to APP_Installation.asp. | |||||
| CVE-2013-6029 | 1 Att | 1 Connect Participant Application | 2016-12-31 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the AT&T Connect Participant Application before 9.5.51 on Windows allows remote attackers to execute arbitrary code via a malformed .SVT file. | |||||
| CVE-2013-4730 | 1 Pcman\'s Ftp Server Project | 1 Pcman\'s Ftp Server | 2016-12-31 | 10.0 HIGH | N/A |
| Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to execute arbitrary code via a long string in a USER command. | |||||
| CVE-2013-4591 | 1 Linux | 1 Linux Kernel | 2016-12-31 | 6.2 MEDIUM | N/A |
| Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. | |||||
| CVE-2013-4514 | 1 Linux | 1 Linux Kernel | 2016-12-31 | 4.7 MEDIUM | N/A |
| Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. | |||||
| CVE-2013-4513 | 1 Linux | 1 Linux Kernel | 2016-12-31 | 4.9 MEDIUM | N/A |
| Buffer overflow in the oz_cdev_write function in drivers/staging/ozwpan/ozcdev.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact via a crafted write operation. | |||||
| CVE-2013-4512 | 1 Linux | 1 Linux Kernel | 2016-12-31 | 4.7 MEDIUM | N/A |
| Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation. | |||||
| CVE-2013-4256 | 2 Canonical, Radscan | 2 Ubuntu Linux, Network Audio System | 2016-12-31 | 4.6 MEDIUM | N/A |
| Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c. | |||||
| CVE-2013-4231 | 1 Libtiff | 1 Libtiff | 2016-12-31 | 4.3 MEDIUM | N/A |
| Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to tools/gif2tiff.c or (3) a long filename for a TIFF image to tools/rgb2ycbcr.c. NOTE: vectors 1 and 3 are disputed by Red Hat, which states that the input cannot exceed the allocated buffer size. | |||||
| CVE-2013-4234 | 2 Debian, Konstanty Bialkowski | 2 Debian Linux, Libmodplug | 2016-12-31 | 6.8 MEDIUM | N/A |
| Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) abc_MIDI_gchord functions in load_abc.cpp in libmodplug 0.8.8.4 and earlier allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via a crafted ABC. | |||||
| CVE-2013-2110 | 1 Php | 1 Php | 2016-12-31 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function. | |||||
| CVE-2012-6704 | 1 Linux | 1 Linux Kernel | 2016-12-31 | 7.2 HIGH | 7.8 HIGH |
| The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUF or (2) SO_RCVBUF option. | |||||
| CVE-2013-2072 | 2 Debian, Xen | 2 Debian Linux, Xen | 2016-12-31 | 7.4 HIGH | N/A |
| Buffer overflow in the Python bindings for the xc_vcpu_setaffinity call in Xen 4.0.x, 4.1.x, and 4.2.x allows local administrators with permissions to configure VCPU affinity to cause a denial of service (memory corruption and xend toolstack crash) and possibly gain privileges via a crafted cpumap. | |||||
| CVE-2013-2892 | 1 Linux | 1 Linux Kernel | 2016-12-31 | 4.7 MEDIUM | N/A |
| drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. | |||||
| CVE-2013-1961 | 1 Remotesensing | 1 Libtiff | 2016-12-31 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file. | |||||
| CVE-2015-3724 | 1 Apple | 1 Iphone Os | 2016-12-30 | 6.8 MEDIUM | N/A |
| CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723. | |||||
| CVE-2015-3713 | 1 Apple | 2 Mac Os X, Quicktime | 2016-12-30 | 6.8 MEDIUM | N/A |
| QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file. | |||||
| CVE-2015-3723 | 1 Apple | 1 Iphone Os | 2016-12-30 | 6.8 MEDIUM | N/A |
| CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724. | |||||
| CVE-2015-5120 | 1 Adobe | 1 Shockwave Player | 2016-12-29 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.1.9.159 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5121. | |||||
| CVE-2015-5121 | 1 Adobe | 1 Shockwave Player | 2016-12-29 | 10.0 HIGH | N/A |
| Adobe Shockwave Player before 12.1.9.159 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5120. | |||||
| CVE-2015-6284 | 1 Cisco | 6 Telepresence Server 7010, Telepresence Server Mse 8710, Telepresence Server On Multiparty Media 310 and 3 more | 2016-12-29 | 7.8 HIGH | N/A |
| Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277. | |||||
| CVE-2015-6290 | 1 Cisco | 1 Web Security Virtual Appliance | 2016-12-29 | 4.3 MEDIUM | N/A |
| Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to cause a denial of service (memory consumption from stale TCP connections) via crafted responses, aka Bug ID CSCuw10426. | |||||
| CVE-2015-2724 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2016-12-28 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-3667 | 1 Apple | 2 Mac Os X, Quicktime | 2016-12-28 | 6.8 MEDIUM | N/A |
| QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, and CVE-2015-3668. | |||||
| CVE-2015-3666 | 1 Apple | 2 Mac Os X, Quicktime | 2016-12-28 | 6.8 MEDIUM | N/A |
| QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3667, and CVE-2015-3668. | |||||
| CVE-2015-4002 | 1 Linux | 1 Linux Kernel | 2016-12-28 | 9.0 HIGH | N/A |
| drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. | |||||
| CVE-2015-3662 | 1 Apple | 2 Mac Os X, Quicktime | 2016-12-28 | 6.8 MEDIUM | N/A |
| QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. | |||||
| CVE-2015-3665 | 1 Apple | 1 Quicktime | 2016-12-28 | 6.8 MEDIUM | N/A |
| QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3664 and CVE-2015-3669. | |||||
| CVE-2015-3664 | 1 Apple | 1 Quicktime | 2016-12-28 | 6.8 MEDIUM | N/A |
| QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3665 and CVE-2015-3669. | |||||
| CVE-2015-2740 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2016-12-28 | 10.0 HIGH | N/A |
| Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors. | |||||
| CVE-2015-2739 | 5 Canonical, Debian, Mozilla and 2 more | 9 Ubuntu Linux, Debian Linux, Firefox and 6 more | 2016-12-28 | 10.0 HIGH | N/A |
| The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors. | |||||
| CVE-2015-1930 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-12-28 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. | |||||
| CVE-2015-3663 | 1 Apple | 2 Mac Os X, Quicktime | 2016-12-28 | 6.8 MEDIUM | N/A |
| QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. | |||||
| CVE-2015-3109 | 3 Adobe, Apple, Microsoft | 3 Photoshop Cc, Mac Os X, Windows | 2016-12-28 | 10.0 HIGH | N/A |
| Adobe Photoshop CC before 16.0 (aka 2015.0.0) allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2015-3111 | 3 Adobe, Apple, Microsoft | 4 Bridge, Photoshop Cc, Mac Os X and 1 more | 2016-12-28 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-1924 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-12-28 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. | |||||
| CVE-2015-3661 | 1 Apple | 2 Mac Os X, Quicktime | 2016-12-28 | 6.8 MEDIUM | N/A |
| QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. | |||||
| CVE-2015-1965 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-12-28 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, and CVE-2015-1964. | |||||
| CVE-2015-1953 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-12-28 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. | |||||
| CVE-2015-3258 | 3 Canonical, Debian, Linuxfoundation | 3 Ubuntu Linux, Debian Linux, Cups-filters | 2016-12-28 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job. | |||||
| CVE-2015-3112 | 3 Adobe, Apple, Microsoft | 4 Bridge, Photoshop Cc, Mac Os X and 1 more | 2016-12-28 | 10.0 HIGH | N/A |
| Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2015-8382 | 1 Pcre | 1 Perl Compatible Regular Expression Library | 2016-12-28 | 6.4 MEDIUM | N/A |
| The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547. | |||||
| CVE-2015-1954 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2016-12-28 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. | |||||
| CVE-2015-2726 | 3 Mozilla, Novell, Oracle | 5 Firefox, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 2 more | 2016-12-28 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | |||||
| CVE-2015-3668 | 1 Apple | 2 Mac Os X, Quicktime | 2016-12-28 | 6.8 MEDIUM | N/A |
| QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3661, CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, and CVE-2015-3667. | |||||