Search Results (4282 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-2373 1 Microsoft 3 Windows 7, Windows 8, Windows Server 2012 2025-04-12 N/A
The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability."
CVE-2015-2519 1 Microsoft 9 Windows 10, Windows 7, Windows 8 and 6 more 2025-04-12 N/A
Integer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal Integer Overflow RCE Vulnerability."
CVE-2016-5841 2 Imagemagick, Oracle 2 Imagemagick, Solaris 2025-04-12 N/A
Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.
CVE-2015-0469 2 Oracle, Redhat 6 Jdk, Jre, Enterprise Linux and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
CVE-2016-2105 8 Apple, Canonical, Debian and 5 more 20 Mac Os X, Ubuntu Linux, Debian Linux and 17 more 2025-04-12 7.5 High
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2015-8605 4 Canonical, Debian, Isc and 1 more 4 Ubuntu Linux, Debian Linux, Dhcp and 1 more 2025-04-12 N/A
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
CVE-2015-1593 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Enterprise Mrg and 1 more 2025-04-12 N/A
The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c.
CVE-2015-7575 4 Canonical, Mozilla, Opensuse and 1 more 9 Ubuntu Linux, Firefox, Network Security Services and 6 more 2025-04-12 N/A
Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision.
CVE-2015-4141 2 Opensuse, W1.fi 3 Opensuse, Hostapd, Wpa Supplicant 2025-04-12 N/A
The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a negative chunk length, which triggers an out-of-bounds read or heap-based buffer overflow.
CVE-2016-3982 4 Canonical, Debian, Opensuse and 1 more 5 Ubuntu Linux, Debian Linux, Leap and 2 more 2025-04-12 N/A
Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow.
CVE-2016-8660 1 Linux 1 Linux Kernel 2025-04-12 N/A
The XFS subsystem in the Linux kernel through 4.8.2 allows local users to cause a denial of service (fdatasync failure and system hang) by using the vfs syscall group in the trinity program, related to a "page lock order bug in the XFS seek hole/data implementation."
CVE-2016-7568 3 Debian, Libgd, Php 3 Debian Linux, Libgd, Php 2025-04-12 N/A
Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD Graphics Library (aka libgd) through 2.2.3, as used in PHP through 7.0.11, allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted imagewebp and imagedestroy calls.
CVE-2015-3144 4 Canonical, Debian, Haxx and 1 more 5 Ubuntu Linux, Debian Linux, Curl and 2 more 2025-04-12 N/A
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
CVE-2015-3145 8 Apple, Canonical, Debian and 5 more 9 Mac Os X, Ubuntu Linux, Debian Linux and 6 more 2025-04-12 N/A
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
CVE-2015-2632 2 Oracle, Redhat 6 Jdk, Jre, Enterprise Linux and 3 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
CVE-2016-7274 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2025-04-12 N/A
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."
CVE-2016-7272 1 Microsoft 8 Windows 10, Windows 7, Windows 8.1 and 5 more 2025-04-12 N/A
The Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Remote Code Execution Vulnerability."
CVE-2015-8078 2 Cyrus, Opensuse 3 Imap, Leap, Opensuse 2025-04-12 N/A
Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks and the section_offset variable. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8076.
CVE-2015-2189 6 Debian, Mageia, Opensuse and 3 more 7 Debian Linux, Mageia, Opensuse and 4 more 2025-04-12 N/A
Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.
CVE-2016-2538 1 Qemu 1 Qemu 2025-04-12 N/A
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.