Export limit exceeded: 364870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (4310 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3748 2 Apple, Canonical 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 N/A
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
CVE-2015-7981 4 Canonical, Debian, Libpng and 1 more 13 Ubuntu Linux, Debian Linux, Libpng and 10 more 2025-04-12 N/A
The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read.
CVE-2015-3747 2 Apple, Canonical 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 N/A
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
CVE-2015-8025 2 Canonical, Xscreensaver Project 2 Ubuntu Linux, Xscreensaver 2025-04-12 N/A
driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors.
CVE-2015-8035 5 Apple, Canonical, Debian and 2 more 10 Iphone Os, Mac Os X, Tvos and 7 more 2025-04-12 N/A
The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML data.
CVE-2016-2510 4 Beanshell, Canonical, Debian and 1 more 8 Beanshell, Ubuntu Linux, Debian Linux and 5 more 2025-04-12 8.1 High
BeanShell (bsh) before 2.0b6, when included on the classpath by an application that uses Java serialization or XStream, allows remote attackers to execute arbitrary code via crafted serialized data, related to XThis.Handler.
CVE-2015-3745 2 Apple, Canonical 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 N/A
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
CVE-2015-8222 1 Canonical 1 Ubuntu Linux 2025-04-12 N/A
The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors.
CVE-2015-8241 5 Canonical, Debian, Hp and 2 more 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more 2025-04-12 N/A
The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
CVE-2015-8242 5 Apple, Canonical, Hp and 2 more 14 Iphone Os, Mac Os X, Tvos and 11 more 2025-04-12 N/A
The xmlSAX2TextNode function in SAX2.c in the push interface in the HTML parser in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (stack-based buffer over-read and application crash) or obtain sensitive information via crafted XML data.
CVE-2015-8317 5 Canonical, Debian, Hp and 2 more 11 Ubuntu Linux, Debian Linux, Icewall Federation Agent and 8 more 2025-04-12 N/A
The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declaration in XML data, which triggers an out-of-bounds heap read.
CVE-2015-3743 2 Apple, Canonical 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 N/A
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
CVE-2015-8327 4 Canonical, Debian, Linuxfoundation and 1 more 10 Ubuntu Linux, Debian Linux, Cups-filters and 7 more 2025-04-12 N/A
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job.
CVE-2015-8364 2 Canonical, Ffmpeg 2 Ubuntu Linux, Ffmpeg 2025-04-12 N/A
Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-of-bounds heap-memory access) or possibly have unspecified other impact via crafted image dimensions in Indeo Video Interactive data.
CVE-2016-2774 4 Canonical, Debian, Isc and 1 more 4 Ubuntu Linux, Debian Linux, Dhcp and 1 more 2025-04-12 5.9 Medium
ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.
CVE-2015-8467 3 Canonical, Debian, Samba 3 Ubuntu Linux, Debian Linux, Samba 2025-04-12 7.5 High
The samldb_check_user_account_control_acl function in dsdb/samdb/ldb_modules/samldb.c in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not properly check for administrative privileges during creation of machine accounts, which allows remote authenticated users to bypass intended access restrictions by leveraging the existence of a domain with both a Samba DC and a Windows DC, a similar issue to CVE-2015-2535.
CVE-2015-3741 2 Apple, Canonical 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 N/A
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
CVE-2015-8557 2 Canonical, Pygments 2 Ubuntu Linux, Pygments 2025-04-12 N/A
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name.
CVE-2015-3731 2 Apple, Canonical 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 N/A
WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-08-13-1 and APPLE-SA-2015-08-13-3.
CVE-2016-2391 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2025-04-12 5.0 Medium
The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via vectors related to multiple eof_timers.