Export limit exceeded: 10202 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10202 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5177 5 Debian, Fedoraproject, Google and 2 more 8 Debian Linux, Fedora, Chrome and 5 more 2025-04-20 N/A
Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact via unknown vectors.
CVE-2016-5018 6 Apache, Canonical, Debian and 3 more 16 Tomcat, Ubuntu Linux, Debian Linux and 13 more 2025-04-20 9.1 Critical
In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 a malicious web application was able to bypass a configured SecurityManager via a Tomcat utility method that was accessible to web applications.
CVE-2016-4571 2 Debian, Mini-xml Project 2 Debian Linux, Mini-xml 2025-04-20 5.5 Medium
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
CVE-2016-4570 2 Debian, Mini-xml Project 2 Debian Linux, Mini-xml 2025-04-20 5.5 Medium
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
CVE-2016-4483 4 Debian, Oracle, Redhat and 1 more 4 Debian Linux, Solaris, Jboss Core Services and 1 more 2025-04-20 7.5 High
The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.
CVE-2016-4000 2 Debian, Jython Project 2 Debian Linux, Jython 2025-04-20 N/A
Jython before 2.7.1rc1 allows attackers to execute arbitrary code via a crafted serialized PyFunction object.
CVE-2017-11409 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-04-20 N/A
In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a large loop. This was addressed in epan/dissectors/packet-gprs-llc.c by using a different integer data type.
CVE-2016-3616 4 Canonical, Debian, Libjpeg-turbo and 1 more 4 Ubuntu Linux, Debian Linux, Libjpeg-turbo and 1 more 2025-04-20 N/A
The cjpeg utility in libjpeg allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or execute arbitrary code via a crafted file.
CVE-2017-11424 2 Debian, Pyjwt Project 2 Debian Linux, Pyjwt 2025-04-20 N/A
In PyJWT 1.5.0 and below the `invalid_strings` check in `HMACAlgorithm.prepare_key` does not account for all PEM encoded public keys. Specifically, the PKCS1 PEM encoded format would be allowed because it is prefaced with the string `-----BEGIN RSA PUBLIC KEY-----` which is not accounted for. This enables symmetric/asymmetric key confusion attacks against users using the PKCS1 PEM encoded public keys, which would allow an attacker to craft JWTs from scratch.
CVE-2016-2380 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent to the server could potentially result in an out-of-bounds read. A user could be convinced to enter a particular string which would then get converted incorrectly and could lead to a potential out-of-bounds read.
CVE-2016-2378 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
A buffer overflow vulnerability exists in the handling of the MXIT protocol Pidgin. Specially crafted data sent via the server could potentially result in a buffer overflow, potentially resulting in memory corruption. A malicious server or an unfiltered malicious user can send negative length values to trigger this vulnerability.
CVE-2016-2376 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
A buffer overflow vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in arbitrary code execution. A malicious server or an attacker who intercepts the network traffic can send an invalid size for a packet which will trigger a buffer overflow.
CVE-2016-2375 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
An exploitable out-of-bounds read exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT contact information sent from the server can result in memory disclosure.
CVE-2016-2374 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
An exploitable memory corruption vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT MultiMX message sent via the server can result in an out-of-bounds write leading to memory disclosure and code execution.
CVE-2016-2373 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an out-of-bounds read. A malicious server or user can send an invalid mood to trigger this vulnerability.
CVE-2016-2370 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
A denial of service vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent from the server could potentially result in an out-of-bounds read. A malicious server or man-in-the-middle attacker can send invalid data to trigger this vulnerability.
CVE-2016-2369 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
A NULL pointer dereference vulnerability exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in a denial of service vulnerability. A malicious server can send a packet starting with a NULL byte triggering the vulnerability.
CVE-2016-2368 3 Canonical, Debian, Pidgin 3 Ubuntu Linux, Debian Linux, Pidgin 2025-04-20 N/A
Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure.
CVE-2016-2347 3 Debian, Lhasa Project, Opensuse 4 Debian Linux, Lhasa, Leap and 1 more 2025-04-20 N/A
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.
CVE-2016-2318 4 Debian, Graphicsmagick, Opensuse and 1 more 7 Debian Linux, Graphicsmagick, Leap and 4 more 2025-04-20 N/A
GraphicsMagick 1.3.23 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted SVG file, related to the (1) DrawImage function in magick/render.c, (2) SVGStartElement function in coders/svg.c, and (3) TraceArcPath function in magick/render.c.