Search Results (83 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4300 2 Libarchive, Redhat 9 Libarchive, Enterprise Linux, Enterprise Linux Desktop and 6 more 2025-04-12 N/A
Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.
CVE-2016-4470 4 Linux, Novell, Oracle and 1 more 17 Linux Kernel, Suse Linux Enterprise Real Time Extension, Linux and 14 more 2025-04-12 N/A
The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command.
CVE-2014-9658 7 Canonical, Debian, Fedoraproject and 4 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2025-04-12 N/A
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.
CVE-2014-9661 6 Canonical, Debian, Fedoraproject and 3 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2025-04-12 N/A
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted Type42 font.
CVE-2014-9667 6 Canonical, Debian, Fedoraproject and 3 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2025-04-12 N/A
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted SFNT table.
CVE-2014-9669 7 Canonical, Debian, Fedoraproject and 4 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2025-04-12 N/A
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.
CVE-2014-9670 7 Canonical, Debian, Fedoraproject and 4 more 13 Ubuntu Linux, Debian Linux, Fedora and 10 more 2025-04-12 N/A
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.
CVE-2014-9673 5 Canonical, Debian, Freetype and 2 more 11 Ubuntu Linux, Debian Linux, Freetype and 8 more 2025-04-12 N/A
Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
CVE-2014-9674 6 Canonical, Fedoraproject, Freetype and 3 more 12 Ubuntu Linux, Fedora, Freetype and 9 more 2025-04-12 N/A
The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.
CVE-2014-9675 6 Canonical, Debian, Fedoraproject and 3 more 12 Ubuntu Linux, Debian Linux, Fedora and 9 more 2025-04-12 N/A
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
CVE-2015-1863 5 Canonical, Debian, Opensuse and 2 more 11 Ubuntu Linux, Debian Linux, Opensuse and 8 more 2025-04-12 N/A
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries.
CVE-2015-2348 4 Apple, Opensuse, Php and 1 more 11 Mac Os X, Opensuse, Php and 8 more 2025-04-12 N/A
The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
CVE-2015-7547 10 Canonical, Debian, F5 and 7 more 34 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 31 more 2025-04-12 N/A
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
CVE-2015-3329 4 Apple, Oracle, Php and 1 more 12 Mac Os X, Linux, Solaris and 9 more 2025-04-12 N/A
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.
CVE-2015-3330 4 Apple, Oracle, Php and 1 more 12 Mac Os X, Linux, Solaris and 9 more 2025-04-12 N/A
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter."
CVE-2015-3411 2 Php, Redhat 9 Php, Enterprise Linux, Enterprise Linux Desktop and 6 more 2025-04-12 N/A
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.
CVE-2015-4021 3 Apple, Php, Redhat 10 Mac Os X, Php, Enterprise Linux and 7 more 2025-04-12 N/A
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive.
CVE-2015-4024 5 Apple, Hp, Oracle and 2 more 13 Mac Os X, System Management Homepage, Linux and 10 more 2025-04-12 N/A
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome.
CVE-2015-4026 3 Apple, Php, Redhat 10 Mac Os X, Php, Enterprise Linux and 7 more 2025-04-12 N/A
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
CVE-2015-4148 3 Apple, Php, Redhat 10 Mac Os X, Php, Enterprise Linux and 7 more 2025-04-12 N/A
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.