Total
1222 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7804 | 2 Apple, Php | 2 Mac Os X, Php | 2024-11-21 | 6.8 MEDIUM | N/A |
| Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. | |||||
| CVE-2015-7674 | 3 Canonical, Gnome, Opensuse | 3 Ubuntu Linux, Gdk-pixbuf, Opensuse | 2024-11-21 | 6.8 MEDIUM | N/A |
| Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted GIF image file, which triggers a heap-based buffer overflow. | |||||
| CVE-2015-7222 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect memory allocation and application crash) via an MP4 video file with crafted covr metadata that triggers a buffer overflow. | |||||
| CVE-2015-7219 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise frame that triggers decompressed-buffer length miscalculation and incorrect memory allocation. | |||||
| CVE-2015-7218 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header frame that triggers incorrect memory allocation. | |||||
| CVE-2015-7213 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote attackers to execute arbitrary code via a crafted MP4 video file that triggers a buffer overflow. | |||||
| CVE-2015-7212 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
| Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering a graphics operation that requires a large texture allocation. | |||||
| CVE-2015-7205 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 10.0 HIGH | N/A |
| Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a crafted WebRTC RTP packet. | |||||
| CVE-2015-7183 | 1 Mozilla | 2 Firefox, Network Security Services | 2024-11-21 | 7.5 HIGH | N/A |
| Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||||
| CVE-2015-6819 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted MJPEG data. | |||||
| CVE-2015-6781 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | N/A |
| Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted offset or length value within font data in an SFNT container. | |||||
| CVE-2015-6575 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | N/A |
| SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted atoms in MP4 data, aka internal bug 20139950, a different vulnerability than CVE-2015-1538. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-7915, CVE-2014-7916, and/or CVE-2014-7917. | |||||
| CVE-2015-6525 | 2 Debian, Libevent Project | 2 Debian Linux, Libevent | 2024-11-21 | 7.5 HIGH | N/A |
| Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspecified impact via "insanely large inputs" to the (1) evbuffer_add, (2) evbuffer_prepend, (3) evbuffer_expand, (4) exbuffer_reserve_space, or (5) evbuffer_read function, which triggers a heap-based buffer overflow or an infinite loop. NOTE: this identifier was SPLIT from CVE-2014-6272 per ADT3 due to different affected versions. | |||||
| CVE-2015-6130 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2024-11-21 | 9.3 HIGH | N/A |
| Integer underflow in Uniscribe in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows remote attackers to execute arbitrary code via a crafted font, aka "Windows Integer Underflow Vulnerability." | |||||
| CVE-2015-5962 | 1 Mozilla | 1 Firefox Os | 2024-11-21 | 5.0 MEDIUM | N/A |
| Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management implementation in the graphics layer in Mozilla Firefox OS before 2.2 might allow attackers to cause a denial of service (memory corruption) via a negative value of a size parameter. | |||||
| CVE-2015-5560 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2024-11-21 | 10.0 HIGH | N/A |
| Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-5479 | 3 Libav, Opensuse, Ubuntu | 3 Libav, Leap, Ubuntu | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. | |||||
| CVE-2015-5309 | 2 Opensuse, Simon Tatham | 3 Leap, Opensuse, Putty | 2024-11-21 | 4.3 MEDIUM | N/A |
| Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow. | |||||
| CVE-2015-5259 | 1 Apache | 1 Subversion | 2024-11-21 | 9.0 HIGH | 8.6 HIGH |
| Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which triggers a heap-based buffer overflow and an out-of-bounds read. | |||||
| CVE-2015-5213 | 4 Apache, Canonical, Debian and 1 more | 4 Openoffice, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow. | |||||