Export limit exceeded: 15971 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (15971 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-2794 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2796 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2797 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2801.
CVE-2016-2798 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The graphite2::GlyphCache::Loader::Loader function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2799 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
Heap-based buffer overflow in the graphite2::Slot::setAttr function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Graphite smart font.
CVE-2016-2804 1 Mozilla 1 Firefox 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2805 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Unspecified vulnerability in the browser engine in Mozilla Firefox ESR 38.x before 38.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2801 6 Mozilla, Opensuse, Oracle and 3 more 7 Firefox, Leap, Opensuse and 4 more 2025-04-12 N/A
The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via a crafted Graphite smart font, a different vulnerability than CVE-2016-2797.
CVE-2016-2806 5 Debian, Mozilla, Opensuse and 2 more 6 Debian Linux, Firefox, Leap and 3 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2807 4 Mozilla, Opensuse, Redhat and 1 more 5 Firefox, Leap, Opensuse and 2 more 2025-04-12 N/A
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
CVE-2016-2808 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
The watch implementation in the JavaScript engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code or cause a denial of service (generation-count overflow, out-of-bounds HashMap write access, and application crash) via a crafted web site.
CVE-2016-2814 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Heap-based buffer overflow in the stagefright::SampleTable::parseSampleCencInfo function in libstagefright in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allows remote attackers to execute arbitrary code via crafted CENC offsets that lead to mismanagement of the sizes table.
CVE-2016-2824 3 Microsoft, Mozilla, Opensuse 4 Windows, Firefox, Leap and 1 more 2025-04-12 N/A
The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact by triggering use of a WebGL shader that writes to an array.
CVE-2016-3134 3 Linux, Novell, Redhat 12 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 9 more 2025-04-12 N/A
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
CVE-2016-3141 3 Apple, Php, Redhat 3 Mac Os X, Php, Rhel Software Collections 2025-04-12 N/A
Use-after-free vulnerability in wddx.c in the WDDX extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element.
CVE-2016-3142 3 Apple, Php, Redhat 3 Mac Os X, Php, Rhel Software Collections 2025-04-12 N/A
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
CVE-2016-3186 3 Libtiff, Opensuse, Redhat 3 Libtiff, Opensuse, Enterprise Linux 2025-04-12 N/A
Buffer overflow in the readextension function in gif2tiff.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (application crash) via a crafted GIF file.
CVE-2016-3190 3 Cairographics, Opensuse, Redhat 3 Cairo, Opensuse, Enterprise Linux 2025-04-12 N/A
The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a negative span length.
CVE-2016-3191 2 Pcre, Redhat 4 Pcre, Pcre2, Enterprise Linux and 1 more 2025-04-12 N/A
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
CVE-2016-3199 1 Microsoft 1 Edge 2025-04-12 N/A
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3214.