Search Results (46094 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-1854 2 Apple, Webkitgtk 4 Iphone Os, Safari, Tvos and 1 more 2025-04-12 N/A
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1855, CVE-2016-1856, and CVE-2016-1857.
CVE-2016-1855 1 Apple 3 Iphone Os, Safari, Tvos 2025-04-12 N/A
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-1854, CVE-2016-1856, and CVE-2016-1857.
CVE-2016-1859 2 Apple, Webkitgtk 4 Iphone Os, Safari, Tvos and 1 more 2025-04-12 N/A
The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
CVE-2016-1861 1 Apple 1 Mac Os X 2025-04-12 N/A
The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2016-1846.
CVE-2016-1867 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-12 N/A
The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
CVE-2016-1882 1 Freebsd 1 Freebsd 2025-04-12 N/A
FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow remote attackers to cause a denial of service (kernel crash) via vectors related to creating a TCP connection with the TCP_MD5SIG and TCP_NOOPT socket options.
CVE-2016-1885 1 Freebsd 1 Freebsd 2025-04-12 N/A
Integer signedness error in the amd64_set_ldt function in sys/amd64/amd64/sys_machdep.c in FreeBSD 9.3 before p39, 10.1 before p31, and 10.2 before p14 allows local users to cause a denial of service (kernel panic) via an i386_set_ldt system call, which triggers a heap-based buffer overflow.
CVE-2016-1886 1 Freebsd 1 Freebsd 2025-04-12 N/A
Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory overwrite and kernel crash), or gain privileges via a negative value in the flen structure member in the arg argument in a SETFKEY ioctl call, which triggers a "two way heap and stack overflow."
CVE-2014-8159 4 Canonical, Debian, Linux and 1 more 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more 2025-04-12 N/A
The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.
CVE-2016-1901 2 Cgit Project, Fedoraproject 2 Cgit, Fedora 2025-04-12 N/A
Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.
CVE-2016-1903 2 Php, Redhat 2 Php, Rhel Software Collections 2025-04-12 N/A
The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.
CVE-2016-1904 1 Php 1 Php 2025-04-12 N/A
Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.
CVE-2016-1907 1 Openbsd 1 Openssh 2025-04-12 N/A
The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.
CVE-2016-1923 1 Uclouvain 1 Openjpeg 2025-04-12 N/A
Heap-based buffer overflow in the opj_j2k_update_image_data function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
CVE-2016-1924 1 Uclouvain 1 Openjpeg 2025-04-12 N/A
The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.
CVE-2014-8158 4 Debian, Jasper Project, Opensuse and 1 more 5 Debian Linux, Jasper, Opensuse and 2 more 2025-04-12 N/A
Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 and earlier allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image.
CVE-2016-1928 1 Sap 1 Hana 2025-04-12 N/A
Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.
CVE-2016-1930 4 Mozilla, Opensuse, Oracle and 1 more 5 Firefox, Leap, Opensuse and 2 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-1931 2 Mozilla, Opensuse 3 Firefox, Leap, Opensuse 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.
CVE-2016-1933 2 Mozilla, Opensuse 3 Firefox, Leap, Opensuse 2025-04-12 N/A
Integer overflow in the image-deinterlacing functionality in Mozilla Firefox before 44.0 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted GIF image.