Search Results (3823 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-7185 3 Apple, Python, Redhat 4 Mac Os X, Python, Enterprise Linux and 1 more 2025-04-12 N/A
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
CVE-2014-4656 4 Canonical, Linux, Redhat and 1 more 11 Ubuntu Linux, Linux Kernel, Enterprise Linux and 8 more 2025-04-12 N/A
Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel before 3.15.2 allow local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function.
CVE-2014-8118 2 Redhat, Rpm 2 Enterprise Linux, Rpm 2025-04-12 N/A
Integer overflow in RPM 4.12 and earlier allows remote attackers to execute arbitrary code via a crafted CPIO header in the payload section of an RPM file, which triggers a stack-based buffer overflow.
CVE-2015-8605 4 Canonical, Debian, Isc and 1 more 4 Ubuntu Linux, Debian Linux, Dhcp and 1 more 2025-04-12 N/A
ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet.
CVE-2014-4608 5 Canonical, Linux, Opensuse and 2 more 7 Ubuntu Linux, Linux Kernel, Opensuse and 4 more 2025-04-12 7.3 High
Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media hype.
CVE-2014-3587 3 Christos Zoulas, Php, Redhat 4 File, Php, Enterprise Linux and 1 more 2025-04-12 N/A
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1571.
CVE-2014-3144 5 Canonical, Debian, Linux and 2 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-12 N/A
The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.
CVE-2014-4667 5 Canonical, Debian, Linux and 2 more 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more 2025-04-12 N/A
The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.
CVE-2016-2538 1 Qemu 1 Qemu 2025-04-12 N/A
Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain sensitive host memory information via a remote NDIS control message packet that is mishandled in the (1) rndis_query_response, (2) rndis_set_response, or (3) usb_net_handle_dataout function.
CVE-2014-0569 8 Adobe, Apple, Google and 5 more 15 Air Desktop Runtime, Air Sdk, Flash Player and 12 more 2025-04-12 N/A
Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before 15.0.0.189 on Windows and OS X and before 11.2.202.411 on Linux, Adobe AIR before 15.0.0.293, Adobe AIR SDK before 15.0.0.302, and Adobe AIR SDK & Compiler before 15.0.0.302 allows attackers to execute arbitrary code via unspecified vectors.
CVE-2016-7163 4 Debian, Fedoraproject, Redhat and 1 more 10 Debian Linux, Fedora, Enterprise Linux and 7 more 2025-04-12 7.8 High
Integer overflow in the opj_pi_create_decode function in pi.c in OpenJPEG allows remote attackers to execute arbitrary code via a crafted JP2 file, which triggers an out-of-bounds read or write.
CVE-2014-9766 2 Canonical, Pixman 2 Ubuntu Linux, Pixman 2025-04-12 N/A
Integer overflow in the create_bits function in pixman-bits-image.c in Pixman before 0.32.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via large height and stride values.
CVE-2016-7944 2 Fedoraproject, X.org 2 Fedora, Libxfixes 2025-04-12 N/A
Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms might allow remote X servers to gain privileges via a length value of INT_MAX, which triggers the client to stop reading data and get out of sync.
CVE-2016-4345 1 Php 1 Php 2025-04-12 9.8 Critical
Integer overflow in the php_filter_encode_url function in ext/filter/sanitizing_filters.c in PHP before 7.0.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long string, leading to a heap-based buffer overflow.
CVE-2014-0064 2 Postgresql, Redhat 4 Postgresql, Cloudforms Managementengine, Enterprise Linux and 1 more 2025-04-12 N/A
Multiple integer overflows in the path_in and other unspecified functions in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to have unspecified impact and attack vectors, which trigger a buffer overflow. NOTE: this identifier has been SPLIT due to different affected versions; use CVE-2014-2669 for the hstore vector.
CVE-2014-4611 1 Linux 1 Linux Kernel 2025-04-12 N/A
Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.
CVE-2016-7945 2 Fedoraproject, X.org 2 Fedora, Libxi 2025-04-12 N/A
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.
CVE-2016-7947 2 Fedoraproject, X.org 2 Fedora, Libxrandr 2025-04-12 N/A
Multiple integer overflows in X.org libXrandr before 1.5.1 allow remote X servers to trigger out-of-bounds write operations via a crafted response.
CVE-2016-5769 1 Php 1 Php 2025-04-12 N/A
Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted length value, related to the (1) mcrypt_generic and (2) mdecrypt_generic functions.
CVE-2016-5139 2 Google, Redhat 3 Chrome, Enterprise Linux, Rhel Extras 2025-04-12 N/A
Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted JPEG 2000 data.