Export limit exceeded: 363801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (16509 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-6493 1 Redhat 2 Enterprise Linux, Icedtea-web 2025-04-12 N/A
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a temporary socket file with a predictable name in /tmp.
CVE-2016-6664 4 Mariadb, Oracle, Percona and 1 more 6 Mariadb, Mysql, Percona Server and 3 more 2025-04-12 7.0 High
mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files.
CVE-2016-5272 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2016-1836 6 Apple, Canonical, Debian and 3 more 16 Iphone Os, Mac Os X, Tvos and 13 more 2025-04-12 N/A
Use-after-free vulnerability in the xmlDictComputeFastKey function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-1837 6 Apple, Canonical, Debian and 3 more 16 Iphone Os, Mac Os X, Tvos and 13 more 2025-04-12 N/A
Multiple use-after-free vulnerabilities in the (1) htmlPArsePubidLiteral and (2) htmlParseSystemiteral functions in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allow remote attackers to cause a denial of service via a crafted XML document.
CVE-2016-6515 3 Fedoraproject, Openbsd, Redhat 3 Fedora, Openssh, Enterprise Linux 2025-04-12 N/A
The auth_password function in auth-passwd.c in sshd in OpenSSH before 7.3 does not limit password lengths for password authentication, which allows remote attackers to cause a denial of service (crypt CPU consumption) via a long string.
CVE-2016-6480 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt 2025-04-12 N/A
Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.
CVE-2016-5278 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.
CVE-2016-1838 6 Apple, Canonical, Debian and 3 more 16 Iphone Os, Mac Os X, Tvos and 13 more 2025-04-12 N/A
The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-1839 6 Apple, Canonical, Debian and 3 more 16 Iphone Os, Mac Os X, Tvos and 13 more 2025-04-12 N/A
The xmlDictAddString function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.
CVE-2016-1840 6 Apple, Canonical, Debian and 3 more 16 Iphone Os, Mac Os X, Tvos and 13 more 2025-04-12 N/A
Heap-based buffer overflow in the xmlFAParsePosCharGroup function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.
CVE-2016-1683 7 Canonical, Debian, Google and 4 more 11 Ubuntu Linux, Debian Linux, Chrome and 8 more 2025-04-12 N/A
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
CVE-2016-2857 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2025-04-12 8.4 High
The net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
CVE-2016-5636 2 Python, Redhat 2 Python, Enterprise Linux 2025-04-12 N/A
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
CVE-2016-5844 3 Libarchive, Oracle, Redhat 11 Libarchive, Linux, Solaris and 8 more 2025-04-12 N/A
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.
CVE-2016-6302 3 Openssl, Oracle, Redhat 5 Openssl, Linux, Solaris and 2 more 2025-04-12 N/A
The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before 1.1.0 does not consider the HMAC size during validation of the ticket length, which allows remote attackers to cause a denial of service via a ticket that is too short.
CVE-2014-4038 3 Ppc64-diag Project, Redhat, Suse 4 Ppc64-diag, Enterprise Linux, Enterprise Linux Server and 1 more 2025-04-12 N/A
ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a symlink attack related to (1) rtas_errd/diag_support.c and /tmp/get_dt_files, (2) scripts/ppc64_diag_mkrsrc and /tmp/diagSEsnap/snapH.tar.gz, or (3) lpd/test/lpd_ela_test.sh and /var/tmp/ras.
CVE-2016-2847 3 Linux, Novell, Redhat 12 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 9 more 2025-04-12 N/A
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.
CVE-2016-2842 2 Openssl, Redhat 4 Openssl, Enterprise Linux, Jboss Core Services and 1 more 2025-04-12 N/A
The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not verify that a certain memory allocation succeeds, which allows remote attackers to cause a denial of service (out-of-bounds write or memory consumption) or possibly have unspecified other impact via a long string, as demonstrated by a large amount of ASN.1 data, a different vulnerability than CVE-2016-0799.
CVE-2016-2838 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Heap-based buffer overflow in the nsBidi::BracketData::AddOpening function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via directional content in an SVG document.