Max CVSS 10.0 Min CVSS 2.1 Total Count115
IDCVSSSummaryLast (major) updatePublished
CVE-2015-0233 4.6
Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38.
28-08-2017 - 15:29 28-08-2017 - 15:29
CVE-2014-8354 4.3
The HorizontalFilter function in resize.c in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file.
09-05-2017 - 08:40 11-04-2017 - 15:59
CVE-2014-9654 7.5
The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which
05-05-2017 - 13:59 24-04-2017 - 02:59
CVE-2014-9680 2.1
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demo
04-05-2017 - 17:09 24-04-2017 - 02:59
CVE-2014-7926 7.5
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspe
23-04-2017 - 21:59 22-01-2015 - 17:59
CVE-2014-7923 7.5
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspe
23-04-2017 - 21:59 22-01-2015 - 17:59
CVE-2014-8355 4.3
PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds read).
17-04-2017 - 14:18 11-04-2017 - 15:59
CVE-2014-3566 4.3
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.
23-03-2017 - 21:59 14-10-2014 - 20:55
CVE-2014-8709 5.0
The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information by reading packets.
07-03-2017 - 21:59 10-11-2014 - 06:55
CVE-2014-7826 4.6
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereferenc
06-01-2017 - 22:00 10-11-2014 - 06:55
CVE-2014-7825 4.9
kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR
06-01-2017 - 22:00 10-11-2014 - 06:55
CVE-2014-3601 4.3
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruptio
06-01-2017 - 22:00 31-08-2014 - 21:55
CVE-2013-5704 5.0
The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a s
06-01-2017 - 21:59 15-04-2014 - 06:55
CVE-2015-2577 7.2
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Accounting commands.
03-01-2017 - 13:21 16-04-2015 - 13:00
CVE-2015-2151 7.2
The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly
02-01-2017 - 21:59 12-03-2015 - 10:59
CVE-2015-1782 6.8
The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.
02-01-2017 - 21:59 13-03-2015 - 10:59
CVE-2015-1593 5.0
The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predictin
02-01-2017 - 21:59 16-03-2015 - 06:59
CVE-2015-1421 10.0
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by tri
02-01-2017 - 21:59 16-03-2015 - 06:59
CVE-2015-0410 5.0
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown ve
02-01-2017 - 21:59 21-01-2015 - 13:59
CVE-2015-0400 5.0
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
02-01-2017 - 21:59 21-01-2015 - 13:59
CVE-2015-0332 10.0
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a d
02-01-2017 - 21:59 13-03-2015 - 13:59
CVE-2015-0235 10.0
Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 fu
02-01-2017 - 21:59 28-01-2015 - 14:59
CVE-2015-0204 4.3
The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate brute-force decryption by offering a weak
02-01-2017 - 21:59 08-01-2015 - 21:59
CVE-2014-9675 5.0
bdf/bdflib.c in FreeType before 2.5.4 identifies property names by only verifying that an initial substring is present, which allows remote attackers to discover heap pointer values and bypass the ASLR protection mechanism via a crafted BDF font.
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9673 6.8
Integer signedness error in the Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac fo
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9672 5.8
Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac f
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9671 4.3
Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value th
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9670 4.3
Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF f
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9669 6.8
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9667 6.8
sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length calculations without restricting the values, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other im
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9666 6.8
The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9664 6.8
FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9663 7.5
The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9661 7.5
type42/t42parse.c in FreeType before 2.5.4 does not consider that scanning can be incomplete without triggering an error, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a craf
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9660 7.5
The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9658 7.5
The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a craft
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9657 7.5
The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a cr
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-9656 7.5
The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType before 2.5.4 does not properly check for an integer overflow, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impa
02-01-2017 - 21:59 08-02-2015 - 06:59
CVE-2014-8173 7.2
The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a transparent huge-table entry, which allows
02-01-2017 - 21:59 16-03-2015 - 06:59
CVE-2014-8160 5.0
net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass in
02-01-2017 - 21:59 02-03-2015 - 06:59
CVE-2014-7940 7.5
The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to
02-01-2017 - 21:59 22-01-2015 - 17:59
CVE-2014-7933 7.5
Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other
02-01-2017 - 21:59 22-01-2015 - 17:59
CVE-2014-6593 4.0
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
02-01-2017 - 21:59 21-01-2015 - 10:28
CVE-2014-6558 2.6
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.
02-01-2017 - 21:59 15-10-2014 - 18:55
CVE-2014-6512 4.3
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.
02-01-2017 - 21:59 15-10-2014 - 18:55
CVE-2014-6457 4.0
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
02-01-2017 - 21:59 15-10-2014 - 11:55
CVE-2015-0336 9.3
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than
30-12-2016 - 21:59 13-03-2015 - 13:59
CVE-2015-0273 7.5
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier
30-12-2016 - 21:59 30-03-2015 - 06:59
CVE-2015-2265 7.5
The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (2) PDL. NOTE: this vulnerability exists because of
27-12-2016 - 21:59 24-03-2015 - 13:59
CVE-2015-2206 5.0
libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a CSRF token and may be sent with HTTP compression,
27-12-2016 - 21:59 09-03-2015 - 13:59
CVE-2015-1349 5.4
named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon cra
27-12-2016 - 21:59 18-02-2015 - 22:01
CVE-2015-1231 7.5
Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1230 7.5
The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly h
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1229 5.0
net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allows remote proxy servers to conduct cookie-injection
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1228 7.5
The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows r
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1227 7.5
The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an unspecified impact by triggering a failed image de
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1226 5.0
The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass inten
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1225 5.0
PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1224 5.0
The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are identical to image dimensions, which allows remote att
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1223 7.5
Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1222 7.5
Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1221 7.5
Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1220 6.8
Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have uns
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1219 7.5
Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vect
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1218 7.5
Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1217 7.5
The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1216 7.5
Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of ser
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1215 7.5
The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an out-of-bounds write operation.
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1214 7.5
Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2015-1213 7.5
The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors
21-12-2016 - 21:59 08-03-2015 - 20:59
CVE-2014-6591 2.6
Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.
21-12-2016 - 21:59 21-01-2015 - 10:28
CVE-2014-6585 2.6
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.
21-12-2016 - 21:59 21-01-2015 - 10:28
CVE-2015-0275 4.9
The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.
07-12-2016 - 22:06 19-10-2015 - 06:59
CVE-2014-3583 5.0
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
07-12-2016 - 22:05 15-12-2014 - 13:59
CVE-2015-2157 2.1
The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information by reading the memory.
02-12-2016 - 22:04 27-03-2015 - 10:59
CVE-2014-9604 7.5
libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video d
02-12-2016 - 22:02 16-01-2015 - 15:59
CVE-2014-8548 7.5
Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Quicktime Graphics (aka SMC) video data.
02-12-2016 - 22:01 05-11-2014 - 06:55
CVE-2014-8547 7.5
libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute image heights, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted GIF data.
02-12-2016 - 22:01 05-11-2014 - 06:55
CVE-2014-8544 7.5
libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate bits-per-pixel fields, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted TIFF data.
02-12-2016 - 22:01 05-11-2014 - 06:55
CVE-2014-8543 7.5
libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all lines of HHV Intra blocks during validation of image height, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact
02-12-2016 - 22:01 05-11-2014 - 06:55
CVE-2015-2192 5.0
Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length
28-11-2016 - 14:19 07-03-2015 - 21:59
CVE-2015-2191 5.0
Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted length
28-11-2016 - 14:19 07-03-2015 - 21:59
CVE-2015-2190 5.0
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is
28-11-2016 - 14:19 07-03-2015 - 21:59
CVE-2015-2189 5.0