Search Results (23157 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5842 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2025-04-12 7.5 High
MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.
CVE-2016-5017 1 Apache 1 Zookeeper 2025-04-12 N/A
Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when using the "cmd:" batch mode syntax, allows attackers to have unspecified impact via a long command string.
CVE-2016-9423 1 Tats 1 W3m 2025-04-12 N/A
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Heap-based buffer overflow in w3m allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTML page.
CVE-2016-9431 1 Tats 1 W3m 2025-04-12 N/A
An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. Infinite recursion vulnerability in w3m allows remote attackers to cause a denial of service via a crafted HTML page.
CVE-2016-3191 2 Pcre, Redhat 4 Pcre, Pcre2, Enterprise Linux and 1 more 2025-04-12 N/A
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
CVE-2016-3633 1 Libtiff 1 Libtiff 2025-04-12 N/A
The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to the src variable.
CVE-2015-7182 3 Mozilla, Oracle, Redhat 11 Firefox, Network Security Services, Glassfish Server and 8 more 2025-04-12 N/A
Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted OCTET STRING data.
CVE-2016-4002 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2025-04-12 9.8 Critical
Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in QEMU, when the guest NIC is configured to accept large packets, allows remote attackers to cause a denial of service (memory corruption and QEMU crash) or possibly execute arbitrary code via a packet larger than 1514 bytes.
CVE-2016-4429 3 Canonical, Gnu, Opensuse 4 Ubuntu Linux, Glibc, Leap and 1 more 2025-04-12 5.9 Medium
Stack-based buffer overflow in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) allows remote servers to cause a denial of service (crash) or possibly unspecified other impact via a flood of crafted ICMP and UDP packets.
CVE-2016-4804 3 Canonical, Dosfstools Project, Opensuse 4 Ubuntu Linux, Dosfstools, Leap and 1 more 2025-04-12 N/A
The read_boot function in boot.c in dosfstools before 4.0 allows attackers to cause a denial of service (crash) via a crafted filesystem, which triggers a heap-based buffer overflow in the (1) read_fat function or an out-of-bounds heap read in (2) get_fat function.
CVE-2016-0264 3 Ibm, Redhat, Suse 15 Java Sdk, Enterprise Linux Desktop, Enterprise Linux Hpc Node Supplementary and 12 more 2025-04-12 5.6 Medium
Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2015-7557 1 Gnome 1 Librsvg 2025-04-12 N/A
The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elements in a coordinate pair in an SVG document.
CVE-2015-7941 3 Canonical, Redhat, Xmlsoft 4 Ubuntu Linux, Enterprise Linux, Jboss Enterprise Web Server and 1 more 2025-04-12 N/A
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities.
CVE-2015-7942 6 Apple, Canonical, Debian and 3 more 11 Iphone Os, Mac Os X, Tvos and 8 more 2025-04-12 N/A
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941.
CVE-2015-8019 1 Linux 1 Linux Kernel 2025-04-12 N/A
The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a write system call followed by a recvmsg system call.
CVE-2015-8317 5 Canonical, Debian, Hp and 2 more 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more 2025-04-12 N/A
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
CVE-2015-8388 3 Oracle, Pcre, Redhat 4 Linux, Perl Compatible Regular Expression Library, Enterprise Linux and 1 more 2025-04-12 N/A
PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2015-8395 2 Pcre, Redhat 2 Perl Compatible Regular Expression Library, Rhel Software Collections 2025-04-12 N/A
PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.
CVE-2015-8729 1 Wireshark 1 Wireshark 2025-04-12 N/A
The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a date string, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted file.
CVE-2015-8731 1 Wireshark 1 Wireshark 2025-04-12 N/A
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet.