Search
Total
1258 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-4962 | 1 Shopizer | 1 Shopizer | 2018-10-09 | 6.4 MEDIUM | N/A |
| Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost. | |||||
| CVE-2014-4045 | 1 Digium | 1 Asterisk | 2018-10-09 | 4.3 MEDIUM | N/A |
| The Publish/Subscribe Framework in the PJSIP channel driver in Asterisk Open Source 12.x before 12.3.1, when sub_min_expiry is set to zero, allows remote attackers to cause a denial of service (assertion failure and crash) via an unsubscribe request when not subscribed to the device. | |||||
| CVE-2014-0998 | 1 Freebsd | 1 Freebsd | 2018-10-09 | 7.2 HIGH | N/A |
| Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access. | |||||
| CVE-2014-0209 | 2 Canonical, X | 2 Ubuntu Linux, Libxfont | 2018-10-09 | 4.6 MEDIUM | N/A |
| Multiple integer overflows in the (1) FontFileAddEntry and (2) lexAlias functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 might allow local users to gain privileges by adding a directory with a large fonts.dir or fonts.alias file to the font path, which triggers a heap-based buffer overflow, related to metadata. | |||||
| CVE-2014-0211 | 2 Canonical, X | 2 Ubuntu Linux, Libxfont | 2018-10-09 | 7.5 HIGH | N/A |
| Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. | |||||
| CVE-2013-1741 | 1 Mozilla | 1 Network Security Services | 2018-10-09 | 7.5 HIGH | N/A |
| Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value. | |||||
| CVE-2011-1659 | 1 Gnu | 1 Glibc | 2018-10-09 | 5.0 MEDIUM | N/A |
| Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071. | |||||
| CVE-2011-1494 | 1 Linux | 1 Linux Kernel | 2018-10-09 | 6.9 MEDIUM | N/A |
| Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and earlier might allow local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow. | |||||
| CVE-2011-1290 | 2 Apple, Rim | 3 Webkit, Blackberry Torch 9800, Blackberry Torch 9800 Firmware | 2018-10-09 | 10.0 HIGH | N/A |
| Integer overflow in WebKit, as used on the Research In Motion (RIM) BlackBerry Torch 9800 with firmware 6.0.0.246, in Google Chrome before 10.0.648.133, and in Apple Safari before 5.0.5, allows remote attackers to execute arbitrary code via unknown vectors related to CSS "style handling," nodesets, and a length value, as demonstrated by Vincenzo Iozzo, Willem Pinckaers, and Ralf-Philipp Weinmann during a Pwn2Own competition at CanSecWest 2011. | |||||
| CVE-2011-0557 | 1 Adobe | 1 Shockwave Player | 2018-10-09 | 9.3 HIGH | N/A |
| Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code via a Director movie with a large count value in 3D assets type 0xFFFFFF45 record, which triggers a "faulty allocation" and memory corruption. | |||||
| CVE-2011-0758 | 1 Ca | 2 Etrust Secure Content Manager, Gateway Security | 2018-10-09 | 10.0 HIGH | N/A |
| The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager 8.0 and CA Gateway Security 8.1 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted request to port 1882, involving an incorrect integer calculation and a heap-based buffer overflow. | |||||
| CVE-2009-1391 | 1 Paul Marquess | 1 Compress-raw-zlib Perl Module | 2018-10-03 | 6.8 MEDIUM | N/A |
| Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009. | |||||
| CVE-2008-5317 | 1 Littlecms | 2 Lcms, Little Cms Color Engine | 2018-10-03 | 10.0 HIGH | N/A |
| Integer signedness error in the cmsAllocGamma function in src/cmsgamma.c in Little cms color engine (aka lcms) before 1.17 allows attackers to have an unknown impact via a file containing a certain "number of entries" value, which is interpreted improperly, leading to an allocation of insufficient memory. | |||||
| CVE-2008-3640 | 1 Apple | 1 Cups | 2018-10-03 | 6.8 MEDIUM | N/A |
| Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. | |||||
| CVE-2008-1420 | 2 Redhat, Xiph.org | 3 Enterprise Linux, Linux Advanced Workstation, Libvorbis | 2018-10-03 | 6.8 MEDIUM | N/A |
| Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. | |||||
| CVE-2007-4351 | 1 Cups | 1 Cups | 2018-10-03 | 10.0 HIGH | N/A |
| Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow. | |||||
| CVE-2006-2197 | 1 Wvware | 1 Wv2 | 2018-10-03 | 6.5 MEDIUM | N/A |
| Integer overflow in wv2 before 0.2.3 might allow context-dependent attackers to execute arbitrary code via a crafted Microsoft Word document. | |||||
| CVE-2011-2939 | 2 Dan Kogai, Perl | 2 Encode Module, Perl | 2018-08-13 | 5.1 MEDIUM | N/A |
| Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-8080 | 2 Debian, Redislabs | 2 Debian Linux, Redis | 2018-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. | |||||
| CVE-2016-2106 | 2 Openssl, Redhat | 8 Openssl, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more | 2018-07-19 | 5.0 MEDIUM | 7.5 HIGH |
| Integer overflow in the EVP_EncryptUpdate function in crypto/evp/evp_enc.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of data. | |||||
| CVE-2015-8312 | 2 Debian, Openafs | 2 Debian Linux, Openafs | 2018-05-17 | 7.2 HIGH | 7.8 HIGH |
| Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes. | |||||
| CVE-2016-10158 | 1 Php | 1 Php | 2018-05-04 | 5.0 MEDIUM | 7.5 HIGH |
| The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. | |||||
| CVE-2016-10490 | 1 Qualcomm | 68 Mdm9206, Mdm9206 Firmware, Mdm9607 and 65 more | 2018-04-24 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, if a negative value is passed as argument "max" to qurt_qdi_state_local_new_handle_from_obj, an buffer overflow occurs, due to typecasting the signed integer to unsigned. | |||||
| CVE-2011-4971 | 1 Memcached | 1 Memcached | 2018-03-25 | 5.0 MEDIUM | N/A |
| Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet. | |||||
| CVE-2012-1569 | 1 Gnu | 2 Gnutls, Libtasn1 | 2018-01-18 | 5.0 MEDIUM | N/A |
| The asn1_get_length_der function in decoding.c in GNU Libtasn1 before 2.12, as used in GnuTLS before 3.0.16 and other products, does not properly handle certain large length values, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly have unspecified other impact via a crafted ASN.1 structure. | |||||
| CVE-2012-1173 | 1 Libtiff | 1 Libtiff | 2018-01-18 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow remote attackers to execute arbitrary code via a crafted tile size in a TIFF file, which is not properly handled by the (1) gtTileSeparate or (2) gtStripSeparate function, leading to a heap-based buffer overflow. | |||||
| CVE-2012-1667 | 1 Isc | 1 Bind | 2018-01-18 | 8.5 HIGH | N/A |
| ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before 9.9.1-P1, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P1 does not properly handle resource records with a zero-length RDATA section, which allows remote DNS servers to cause a denial of service (daemon crash or data corruption) or obtain sensitive information from process memory via a crafted record. | |||||
| CVE-2012-0815 | 1 Rpm | 1 Rpm | 2018-01-18 | 6.8 MEDIUM | N/A |
| The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative value in a region offset of a package header, which is not properly handled in a numeric range comparison. | |||||
| CVE-2016-9266 | 1 Libming | 1 Libming | 2018-01-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| listmp3.c in libming 0.4.7 allows remote attackers to unspecified impact via a crafted mp3 file, which triggers an invalid left shift. | |||||
| CVE-2012-0774 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2018-01-10 | 10.0 HIGH | N/A |
| Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font. | |||||
| CVE-2013-5607 | 1 Mozilla | 4 Firefox, Firefox Esr, Netscape Portable Runtime and 1 more | 2018-01-09 | 7.5 HIGH | N/A |
| Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape Portable Runtime (NSPR) before 4.10.2, as used in Firefox before 25.0.1, Firefox ESR 17.x before 17.0.11 and 24.x before 24.1.1, and SeaMonkey before 2.22.1, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted X.509 certificate, a related issue to CVE-2013-1741. | |||||
| CVE-2013-6367 | 1 Linux | 1 Linux Kernel | 2018-01-09 | 5.7 MEDIUM | N/A |
| The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. | |||||
| CVE-2011-3453 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2018-01-06 | 7.5 HIGH | N/A |
| Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via crafted DNS data. | |||||
| CVE-2015-3216 | 2 Openssl, Redhat | 2 Openssl, Enterprise Linux | 2018-01-05 | 4.3 MEDIUM | N/A |
| Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establishing many TLS sessions to a multithreaded server, leading to use of a negative value for a certain length field. | |||||
| CVE-2016-5224 | 1 Google | 1 Chrome | 2018-01-05 | 4.3 MEDIUM | 4.3 MEDIUM |
| A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page. | |||||
| CVE-2016-4070 | 1 Php | 1 Php | 2018-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** Integer overflow in the php_raw_url_encode function in ext/standard/url.c in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5 allows remote attackers to cause a denial of service (application crash) via a long string to the rawurlencode function. NOTE: the vendor says "Not sure if this qualifies as security issue (probably not)." | |||||
| CVE-2015-5560 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2018-01-05 | 10.0 HIGH | N/A |
| Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-8711 | 1 Wireshark | 1 Wireshark | 2018-01-05 | 5.0 MEDIUM | N/A |
| Multiple integer overflows in epan/dissectors/packet-amqp.c in the AMQP dissector in Wireshark 1.10.x before 1.10.11 and 1.12.x before 1.12.2 allow remote attackers to cause a denial of service (application crash) via a crafted amqp_0_10 PDU in a packet. | |||||
| CVE-2012-2131 | 1 Openssl | 1 Openssl | 2018-01-05 | 7.5 HIGH | N/A |
| Multiple integer signedness errors in crypto/buffer/buffer.c in OpenSSL 0.9.8v allow remote attackers to conduct buffer overflow attacks, and cause a denial of service (memory corruption) or possibly have unspecified other impact, via crafted DER data, as demonstrated by an X.509 certificate or an RSA public key. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2110. | |||||
| CVE-2012-2333 | 2 Openssl, Redhat | 2 Openssl, Openssl | 2018-01-05 | 6.8 MEDIUM | N/A |
| Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted TLS packet that is not properly handled during a certain explicit IV calculation. | |||||
| CVE-2014-9330 | 1 Libtiff | 1 Libtiff | 2018-01-05 | 5.0 MEDIUM | N/A |
| Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read. | |||||
| CVE-2014-3587 | 2 Christos Zoulas, Php | 2 File, Php | 2018-01-05 | 4.3 MEDIUM | N/A |
| Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571. | |||||
| CVE-2014-1744 | 1 Google | 1 Chrome | 2017-12-29 | 7.5 HIGH | N/A |
| Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation. | |||||
| CVE-2011-3102 | 2 Apple, Google | 2 Iphone Os, Chrome | 2017-12-29 | 6.8 MEDIUM | N/A |
| Off-by-one error in libxml2, as used in Google Chrome before 19.0.1084.46 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2012-0473 | 1 Mozilla | 5 Firefox, Firefox Esr, Seamonkey and 2 more | 2017-12-29 | 5.0 MEDIUM | N/A |
| The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 calls the FindMaxElementInSubArray function with incorrect template arguments, which allows remote attackers to obtain sensitive information from video memory via a crafted WebGL.drawElements call. | |||||
| CVE-2012-2113 | 1 Libtiff | 1 Libtiff | 2017-12-29 | 6.8 MEDIUM | N/A |
| Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | |||||
| CVE-2014-4020 | 1 Wireshark | 1 Wireshark | 2017-12-29 | 4.3 MEDIUM | N/A |
| The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2012-2088 | 1 Libtiff | 1 Libtiff | 2017-12-29 | 7.5 HIGH | N/A |
| Integer signedness error in the TIFFReadDirectory function in tif_dirread.c in libtiff 3.9.4 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a negative tile depth in a tiff image, which triggers an improper conversion between signed and unsigned types, leading to a heap-based buffer overflow. | |||||
| CVE-2011-4131 | 1 Linux | 1 Linux Kernel | 2017-12-29 | 4.6 MEDIUM | N/A |
| The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words. | |||||
| CVE-2014-3152 | 2 Fedoraproject, Google | 3 Fedora, Chrome, V8 | 2017-12-29 | 7.5 HIGH | N/A |
| Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value. | |||||