Export limit exceeded: 42196 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (42196 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4411 | 2 Fedoraproject, Mongodb | 2 Fedora, Bson | 2024-11-21 | 7.5 High |
| The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. | ||||
| CVE-2015-4410 | 2 Fedoraproject, Moped Project | 2 Fedora, Moped | 2024-11-21 | 7.5 High |
| The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string. | ||||
| CVE-2015-4042 | 1 Gnu | 1 Coreutils | 2024-11-21 | 9.8 Critical |
| Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified other impact via long strings. | ||||
| CVE-2015-4041 | 1 Gnu | 1 Coreutils | 2024-11-21 | 7.8 High |
| The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. | ||||
| CVE-2015-3166 | 4 Canonical, Debian, Postgresql and 1 more | 5 Ubuntu Linux, Debian Linux, Postgresql and 2 more | 2024-11-21 | 9.8 Critical |
| The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. | ||||
| CVE-2015-2326 | 5 Mariadb, Opensuse, Pcre and 2 more | 5 Mariadb, Opensuse, Pcre and 2 more | 2024-11-21 | 5.5 Medium |
| The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". | ||||
| CVE-2015-2325 | 5 Mariadb, Opensuse, Pcre and 2 more | 5 Mariadb, Opensuse, Pcre and 2 more | 2024-11-21 | 7.8 High |
| The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. | ||||
| CVE-2015-2099 | 1 Webgateinc | 1 Control Center | 2024-11-21 | 8.8 High |
| Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.LoginControllerCtrl.1 control, or (3) GetThumbnail function in the WESPPlayback.WESPPlaybackCtrl.1 control. | ||||
| CVE-2015-2098 | 1 Webgateinc | 1 Edvr Manager | 2024-11-21 | 8.8 High |
| Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control. | ||||
| CVE-2015-2004 | 1 Gracenote | 1 Gnsdk | 2024-11-21 | N/A |
| The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | ||||
| CVE-2015-2003 | 1 Pjsip | 1 Pjsua2 Sdk | 2024-11-21 | N/A |
| The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | ||||
| CVE-2015-2002 | 1 Esri | 1 Arcgisruntime Sdk | 2024-11-21 | N/A |
| The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | ||||
| CVE-2015-2001 | 1 Metaio | 1 Metaio Sdk | 2024-11-21 | N/A |
| The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | ||||
| CVE-2015-2000 | 1 Jumio | 1 Jumio Sdk | 2024-11-21 | N/A |
| The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | ||||
| CVE-2015-20001 | 1 Rust-lang | 1 Rust | 2024-11-21 | 7.5 High |
| In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation. | ||||
| CVE-2015-1607 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Gnupg | 2024-11-21 | 5.5 Medium |
| kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges." | ||||
| CVE-2015-1530 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size. | ||||
| CVE-2015-1290 | 3 Google, Opensuse, Qt | 3 Chrome, Leap, Qt | 2024-11-21 | N/A |
| The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. | ||||
| CVE-2015-1208 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | N/A |
| Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. | ||||
| CVE-2015-1007 | 1 Opto22 | 4 Optodatalink, Optoopcserver, Pac Display and 1 more | 2024-11-21 | N/A |
| A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible. | ||||