Search Results (2030 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1688 6 Canonical, Debian, Google and 3 more 11 Ubuntu Linux, Debian Linux, Chrome and 8 more 2025-04-12 N/A
The regexp (aka regular expression) implementation in Google V8 before 5.0.71.40, as used in Google Chrome before 51.0.2704.63, mishandles external string sizes, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted JavaScript code.
CVE-2015-2783 3 Apple, Php, Redhat 10 Mac Os X, Php, Enterprise Linux and 7 more 2025-04-12 N/A
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value in conjunction with crafted serialized data in a phar archive, related to the phar_parse_metadata and phar_parse_pharfile functions.
CVE-2016-7861 6 Adobe, Apple, Google and 3 more 15 Flash Player, Flash Player For Linux, Mac Os X and 12 more 2025-04-12 N/A
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.
CVE-2015-3039 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2025-04-12 N/A
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358.
CVE-2016-2105 8 Apple, Canonical, Debian and 5 more 20 Mac Os X, Ubuntu Linux, Debian Linux and 17 more 2025-04-12 7.5 High
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
CVE-2015-8391 5 Fedoraproject, Oracle, Pcre and 2 more 12 Fedora, Linux, Pcre and 9 more 2025-04-12 9.8 Critical
The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.
CVE-2016-1682 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2025-04-12 N/A
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration.
CVE-2015-0248 5 Apache, Apple, Opensuse and 2 more 10 Subversion, Xcode, Opensuse and 7 more 2025-04-12 N/A
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
CVE-2016-1840 6 Apple, Canonical, Debian and 3 more 16 Iphone Os, Mac Os X, Tvos and 13 more 2025-04-12 N/A
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
CVE-2016-1662 3 Google, Opensuse, Redhat 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more 2025-04-12 N/A
extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors.
CVE-2015-8317 5 Canonical, Debian, Hp and 2 more 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more 2025-04-12 N/A
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
CVE-2015-1243 4 Canonical, Debian, Google and 1 more 8 Ubuntu Linux, Debian Linux, Chrome and 5 more 2025-04-12 N/A
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered.
CVE-2015-0348 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2025-04-12 N/A
Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors.
CVE-2015-0349 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2025-04-12 N/A
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039.
CVE-2015-7500 6 Apple, Canonical, Debian and 3 more 15 Iphone Os, Mac Os X, Tvos and 12 more 2025-04-12 N/A
The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect entities boundaries and start tags.
CVE-2015-7497 5 Canonical, Debian, Hp and 2 more 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more 2025-04-12 N/A
Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors.
CVE-2015-0354 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043.
CVE-2015-3040 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357.
CVE-2014-2430 3 Mariadb, Oracle, Redhat 11 Mariadb, Mysql, Solaris and 8 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier and 5.6.16 and earlier allows remote authenticated users to affect availability via unknown vectors related to Performance Schema.
CVE-2015-5312 6 Apple, Canonical, Debian and 3 more 15 Iphone Os, Mac Os X, Tvos and 12 more 2025-04-12 N/A
The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data, a different vulnerability than CVE-2014-3660.