Search Results (1931 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-8687 2 Libarchive, Opensuse 2 Libarchive, Leap 2025-04-20 N/A
Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.
CVE-2016-10068 3 Imagemagick, Opensuse, Opensuse Project 3 Imagemagick, Leap, Leap 2025-04-20 N/A
The MSL interpreter in ImageMagick before 6.9.6-4 allows remote attackers to cause a denial of service (segmentation fault and application crash) via a crafted XML file.
CVE-2016-7448 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Leap and 1 more 2025-04-20 N/A
The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote attackers to cause a denial of service (CPU consumption or large memory allocations) via vectors involving the header information and the file size.
CVE-2017-6318 2 Opensuse, Sane-backends Project 2 Leap, Sane-backends 2025-04-20 N/A
saned in sane-backends 1.0.25 allows remote attackers to obtain sensitive memory information via a crafted SANE_NET_CONTROL_OPTION packet.
CVE-2014-9850 4 Canonical, Imagemagick, Opensuse and 1 more 8 Ubuntu Linux, Imagemagick, Opensuse and 5 more 2025-04-20 N/A
Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption).
CVE-2016-1692 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2025-04-12 N/A
WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVE-2016-5420 4 Debian, Haxx, Opensuse and 1 more 6 Debian Linux, Libcurl, Leap and 3 more 2025-04-12 N/A
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.
CVE-2016-1691 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2025-04-12 N/A
Skia, as used in Google Chrome before 51.0.2704.63, mishandles coincidence runs, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted curves, related to SkOpCoincidence.cpp and SkPathOpsCommon.cpp.
CVE-2016-1689 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2025-04-12 N/A
Heap-based buffer overflow in content/renderer/media/canvas_capture_handler.cc in Google Chrome before 51.0.2704.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site.
CVE-2016-1947 3 Canonical, Mozilla, Opensuse 4 Ubuntu Linux, Firefox, Leap and 1 more 2025-04-12 N/A
Mozilla Firefox 43.x mishandles attempts to connect to the Application Reputation service, which makes it easier for remote attackers to trigger an unintended download by leveraging the absence of reputation data.
CVE-2016-1687 5 Debian, Google, Opensuse and 2 more 9 Debian Linux, Chrome, Leap and 6 more 2025-04-12 N/A
The renderer implementation in Google Chrome before 51.0.2704.63 does not properly restrict public exposure of classes, which allows remote attackers to obtain sensitive information via vectors related to extensions.
CVE-2016-1686 5 Debian, Google, Opensuse and 2 more 9 Debian Linux, Chrome, Leap and 6 more 2025-04-12 N/A
The CPDF_DIBSource::CreateDecoder function in core/fpdfapi/fpdf_render/fpdf_render_loadimage.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, mishandles decoder-initialization failure, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
CVE-2016-5387 8 Apache, Canonical, Debian and 5 more 22 Http Server, Ubuntu Linux, Debian Linux and 19 more 2025-04-12 8.1 High
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.
CVE-2016-1685 5 Debian, Google, Opensuse and 2 more 9 Debian Linux, Chrome, Leap and 6 more 2025-04-12 N/A
core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before 51.0.2704.63, miscalculates certain index values, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document.
CVE-2016-1683 7 Canonical, Debian, Google and 4 more 11 Ubuntu Linux, Debian Linux, Chrome and 8 more 2025-04-12 N/A
numbers.c in libxslt before 1.1.29, as used in Google Chrome before 51.0.2704.63, mishandles namespace nodes, which allows remote attackers to cause a denial of service (out-of-bounds heap memory access) or possibly have unspecified other impact via a crafted document.
CVE-2016-5385 8 Debian, Drupal, Fedoraproject and 5 more 16 Debian Linux, Drupal, Fedora and 13 more 2025-04-12 8.1 High
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.
CVE-2016-0605 3 Opensuse, Oracle, Redhat 5 Leap, Opensuse, Mysql and 2 more 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.
CVE-2016-4478 3 Atheme, Debian, Opensuse 4 Atheme, Debian Linux, Leap and 1 more 2025-04-12 N/A
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
CVE-2016-5301 2 Arvidn, Opensuse 3 Libtorrent, Leap, Opensuse 2025-04-12 N/A
The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial of service (crash) via a crafted (1) HTTP response or possibly a (2) UPnP broadcast.
CVE-2016-1681 5 Debian, Google, Opensuse and 2 more 9 Debian Linux, Chrome, Leap and 6 more 2025-04-12 N/A
Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.