Total
1910 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-9897 | 3 Debian, Mozilla, Redhat | 6 Debian Linux, Firefox, Firefox Esr and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Memory corruption resulting in a potentially exploitable crash during WebGL functions using a vector constructor with a varying array within libGLES. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | |||||
| CVE-2016-9895 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Event handlers on "marquee" elements were executed despite a strict Content Security Policy (CSP) that disallowed inline JavaScript. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | |||||
| CVE-2016-9893 | 3 Debian, Mozilla, Redhat | 10 Debian Linux, Firefox, Firefox Esr and 7 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Memory safety bugs were reported in Thunderbird 45.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.1, Firefox ESR < 45.6, and Thunderbird < 45.6. | |||||
| CVE-2016-9843 | 10 Apple, Canonical, Debian and 7 more | 24 Iphone Os, Mac Os X, Tvos and 21 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. | |||||
| CVE-2016-9842 | 8 Apple, Canonical, Debian and 5 more | 19 Iphone Os, Mac Os X, Tvos and 16 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | |||||
| CVE-2016-9841 | 9 Apple, Canonical, Debian and 6 more | 39 Iphone Os, Mac Os X, Tvos and 36 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | |||||
| CVE-2016-9840 | 8 Apple, Canonical, Debian and 5 more | 19 Iphone Os, Mac Os X, Tvos and 16 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic. | |||||
| CVE-2016-9811 | 4 Debian, Fedoraproject, Gstreamer and 1 more | 9 Debian Linux, Fedora, Gstreamer and 6 more | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file. | |||||
| CVE-2016-9651 | 2 Google, Redhat | 4 Chrome, Enterprise Linux Desktop, Enterprise Linux Server and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A missing check for whether a property of a JS object is private in V8 in Google Chrome prior to 55.0.2883.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. | |||||
| CVE-2016-9636 | 3 Debian, Gstreamer, Redhat | 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer. | |||||
| CVE-2016-9635 | 3 Debian, Gstreamer, Redhat | 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer. | |||||
| CVE-2016-9634 | 3 Debian, Gstreamer, Redhat | 6 Debian Linux, Gstreamer, Enterprise Linux Desktop and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter. | |||||
| CVE-2016-9603 | 4 Citrix, Debian, Qemu and 1 more | 9 Xenserver, Debian Linux, Qemu and 6 more | 2024-11-21 | 9.0 HIGH | 5.5 MEDIUM |
| A heap buffer overflow flaw was found in QEMU's Cirrus CLGD 54xx VGA emulator's VNC display driver support before 2.9; the issue could occur when a VNC client attempted to update its display after a VGA operation is performed by a guest. A privileged user/process inside a guest could use this flaw to crash the QEMU process or, potentially, execute arbitrary code on the host with privileges of the QEMU process. | |||||
| CVE-2016-9600 | 3 Canonical, Jasper Project, Redhat | 8 Ubuntu Linux, Jasper, Enterprise Linux Desktop and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| JasPer before version 2.0.10 is vulnerable to a null pointer dereference was found in the decoded creation of JPEG 2000 image files. A specially crafted file could cause an application using JasPer to crash. | |||||
| CVE-2016-9591 | 3 Debian, Jasper Project, Redhat | 6 Debian Linux, Jasper, Enterprise Linux Desktop and 3 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| JasPer before version 2.0.12 is vulnerable to a use-after-free in the way it decodes certain JPEG 2000 image files resulting in a crash on the application using JasPer. | |||||
| CVE-2016-9583 | 3 Jasper Project, Oracle, Redhat | 8 Jasper, Outside In Technology, Enterprise Linux Desktop and 5 more | 2024-11-21 | 6.8 MEDIUM | 5.5 MEDIUM |
| An out-of-bounds heap read vulnerability was found in the jpc_pi_nextpcrl() function of jasper before 2.0.6 when processing crafted input. | |||||
| CVE-2016-9579 | 2 Canonical, Redhat | 8 Ubuntu Linux, Ceph Storage, Ceph Storage Mon and 5 more | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| A flaw was found in the way Ceph Object Gateway would process cross-origin HTTP requests if the CORS policy was set to allow origin on a bucket. A remote unauthenticated attacker could use this flaw to cause denial of service by sending a specially-crafted cross-origin HTTP request. Ceph branches 1.3.x and 2.x are affected. | |||||
| CVE-2016-9578 | 3 Debian, Redhat, Spice Project | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An attacker able to connect to the SPICE server could send crafted messages which would cause the process to crash. | |||||
| CVE-2016-9577 | 3 Debian, Redhat, Spice Project | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in SPICE before 0.13.90 in the server's protocol handling. An authenticated attacker could send crafted messages to the SPICE server causing a heap overflow leading to a crash or possible code execution. | |||||
| CVE-2016-9573 | 3 Debian, Redhat, Uclouvain | 7 Debian Linux, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | 5.8 MEDIUM | 6.5 MEDIUM |
| An out-of-bounds read vulnerability was found in OpenJPEG 2.1.2, in the j2k_to_image tool. Converting a specially crafted JPEG2000 file to another format could cause the application to crash or, potentially, disclose some data from the heap. | |||||