Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-2337 1 Ruby-lang 1 Ruby 2025-04-20 N/A
Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Attacker passing different type of object than String as "retval" argument can cause arbitrary code execution.
CVE-2017-2383 1 Apple 2 Icloud, Itunes 2025-04-20 N/A
An issue was discovered in certain Apple products. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. The issue involves cleartext client-certificate transmission in the "APNs Server" component. It allows man-in-the-middle attackers to track users via correlation with this certificate.
CVE-2016-9396 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through 2.0.12 allows remote attackers to cause a denial of service (JPC_COX_RFT assertion failure) via unspecified vectors.
CVE-2016-9392 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-9389 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before 1.900.14 allow remote attackers to cause a denial of service (assertion failure).
CVE-2016-6873 1 Facebook 1 Hhvm 2025-04-20 N/A
Self recursion in compact in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVE-2016-9391 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 allows remote attackers to cause a denial of service (assertion failure) via a very large integer.
CVE-2016-8779 1 Huawei 1 Fusionaccess 2025-04-20 N/A
Huawei FusionAccess with software V100R005C10 and V100R005C20 could allow remote attackers with specific permission to inject a Lightweight Directory Access Protocol (LDAP) operation command into a specific input variable to obtain sensitive information from the database.
CVE-2016-6875 1 Facebook 1 Hhvm 2025-04-20 N/A
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors.
CVE-2017-7273 1 Linux 1 Linux Kernel 2025-04-20 N/A
The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux kernel 3.2 and 4.x before 4.9.4 allows physically proximate attackers to cause a denial of service (integer underflow) or possibly have unspecified other impact via a crafted HID report.
CVE-2014-9804 1 Imagemagick 1 Imagemagick 2025-04-20 7.5 High
vision.c in ImageMagick allows remote attackers to cause a denial of service (infinite loop) via vectors related to "too many object."
CVE-2016-9393 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-6874 1 Facebook 1 Hhvm 2025-04-20 N/A
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows attackers to have unspecified impact via unknown vectors, related to recursion.
CVE-2016-9471 1 Revive-adserver 1 Revive Adserver 2025-04-20 N/A
Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element Injection. Usernames weren't properly sanitised when creating users on a Revive Adserver instance. Especially, control characters were not filtered, allowing apparently identical usernames to co-exist in the system, due to the fact that such characters are normally ignored when an HTML page is displayed in a browser. The issue could have therefore been exploited for user spoofing, although elevated privileges are required to create users within Revive Adserver.
CVE-2015-8896 3 Imagemagick, Oracle, Redhat 9 Imagemagick, Linux, Enterprise Linux and 6 more 2025-04-20 6.5 Medium
Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file.
CVE-2015-8158 2 Ntp, Redhat 2 Ntp, Enterprise Linux 2025-04-20 N/A
The getresponse function in ntpq in NTP versions before 4.2.8p9 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (infinite loop) via crafted packets with incorrect values.
CVE-2017-2415 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-20 N/A
An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code by leveraging an unspecified "type confusion."
CVE-2015-7825 1 Botan Project 1 Botan 2025-04-20 N/A
botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain.
CVE-2016-7478 1 Php 1 Php 2025-04-20 N/A
Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop) via a crafted Exception object in serialized data, a related issue to CVE-2015-8876.
CVE-2022-23523 1 Linux-loader Project 1 Linux-loader 2025-04-18 4 Medium
In versions prior to 0.8.1, the linux-loader crate uses the offsets and sizes provided in the ELF headers to determine the offsets to read from. If those offsets point beyond the end of the file this could lead to Virtual Machine Monitors using the `linux-loader` crate entering an infinite loop if the ELF header of the kernel they are loading was modified in a malicious manner. This issue has been addressed in 0.8.1. The issue can be mitigated by ensuring that only trusted kernel images are loaded or by verifying that the headers do not point beyond the end of the file.