| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors. |
| Heap-based buffer overflow in the StartEpa method in the nsepacom ActiveX control (nsepa.exe) in Citrix Access Gateway Enterprise Edition Plug-in for Windows 9.x before 9.3-57.5 and 10.0 before 10.0-69.4 allows remote attackers to execute arbitrary code via a long CSEC HTTP response header. |
| Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0130. |
| Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113. |
| Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream during keychain recovery. |
| CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. |
| IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. |
| Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. |
| The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted H.264 data. |
| The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JPEG 2000 data. |
| The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted .mov file. |
| The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image. |
| tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. |
| The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist. |
| libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML document, a different vulnerability than CVE-2015-7115. |
| Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7092. |
| The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors. |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0109, and CVE-2016-0114. |
