CVE-2013-6629

The CVE-2013-6629 issue affects libjpeg 6b and libjpeg-turbo up to 1.3.0, used by Chrome prior to 31.0.1650.48, Ghostscript, and other products. The vulnerability arises in get_sos() in jdmarker.c, which does not properly validate certain duplications of component data after SOS JPEG markers, all...

CVE-2014-3470

CVE-2014-3470 is an OpenSSL vulnerability where the ssl3_send_client_key_exchange in s3_clnt.c can trigger a NULL certificate value when using anonymous ECDH cipher suites, leading to a denial-of-service via NULL pointer dereference and client crash. Affected OpenSSL versions are before 0.9.8za, ...

CVE-2014-1491

CVE-2014-1491 describes an issue in the Mozilla NSS library where public DH values were not properly restricted, enabling remote attackers to bypass cryptographic protections in ticket handling when NSS was used (e.g., in Firefox/Thunderbird/SeaMonkey). The vulnerability affects NSS

CVE-2011-3192

CVE-2011-3192 is a DoS flaw in the Apache HTTP Server related to how Range headers are processed. In affected releases of httpd (1.3.x, 2.0.x up to 2.0.64, and 2.2.x up to 2.2.19), a remote attacker can trigger excessive memory and CPU usage by sending a Range header with multiple overlapping ran...

CVE-2014-0160

CVE-2014-0160 (Heartbleed) is an information-disclosure vulnerability in OpenSSL’s TLS/DTLS heartbeat implementation. Affected: OpenSSL 1.0.1 before 1.0.1g. Root cause: improper handling of the Heartbeat extension (d1_both.c, t1_lib.c) leading to a buffer over-read, enabling an attacker to read m...

CVE-2014-6271

CVE-2014-6271 (Shellshock) affects GNU Bash up to 4.3, enabling remote code execution by processing trailing strings after function definitions in environment variables. Exploitation vectors include OpenSSH ForceCommand, mod_cgi/mod_cgid in Apache, DHCP client scripts, and other environment-passi...

CVE-2012-1823

CVE-2012-1823 affects PHP when run as CGI (php-cgi). The issue is that sapi/cgi/cgi_main.c mishandles query strings without an =, enabling remote code execution by passing command-line options in the query. Affected PHP versions include 5.3.x up to 5.3.12 and 5.4.x up to 5.4.2, with exploitation ...

CVE-2016-5387

CVE-2016-5387 affects Apache httpd prior to 2.4.25, where RFC 3875 compliance allows untrusted HTTP_PROXY data to influence outbound proxy selection via a crafted Proxy header (the httpoxy issue). Public docs indicate the issue arises from the HTTP_PROXY environment variable being exposed to appl...

CVE-2014-7169

CVE-2014-7169 affects GNU Bash up to 4.3, where parsing of function definitions in environment variables can be exploited to run commands or impact other attributes across privilege boundaries (notably via ForceCommand in OpenSSH sshd and via mod_cgi/mod_cgid in Apache, as well as DHCP client scr...

CVE-2012-0883

CVE-2012-0883 affects the Apache HTTP Server up to version 2.4.2, where the envvars (envvars-std) feature places a zero-length directory name in LD_LIBRARY_PATH. This enables local users to gain privileges by exploiting a Trojan horse DSO in the current working directory during execution of apach...

CVE-2010-4344

CVE-2010-4344 : Exim before 4.70 has a heap-based buffer overflow in string_vformat() in string.c. A remote attacker can exploit this via an SMTP session (two MAIL commands with a large crafted header) to execute arbitrary code, potentially as the Exim user/root. The issue is fixed by upgrading t...

CVE-2013-1896

The CVE-2013-1896 issue affects the Apache HTTP Server: mod_dav.c fails to correctly determine if DAV is enabled for a URI, allowing a remote attacker to trigger a segfault via a MERGE request when the URI is handled by mod_dav_svn and the href in the XML data points to a non-DAV URI. This can le...

CVE-2012-0053

CVE-2012-0053 affects Apache HTTP Server 2.2.x up to 2.2.21. The flaw in protocol.c during 400 error page construction can reveal HTTPOnly cookie values via long/malformed headers with crafted scripts. Remediation per advisories: upgrade to 2.2.22 or later (e.g., httpd 2.2.22).

CVE-2013-1690

CVE-2013-1690 affects Mozilla Firefox prior to 22.0, Firefox ESR 17.x prior to 17.0.7, Thunderbird prior to 17.0.7, and Thunderbird ESR 17.x prior to 17.0.7. Root cause is improper handling of onreadystatechange events with page reload, enabling a crafted web page to cause a denial-of-service (cr...

CVE-2013-1862

CVE-2013-1862 affects Apache HTTP Server 2.2.x up to 2.2.24, where mod_rewrite writes log data without sanitizing non‑printable characters. This can allow a remote attacker to execute arbitrary commands by sending an HTTP request containing an escape sequence for a terminal emulator, with some so...

CVE-2015-2590

CVE-2015-2590 is an unspecified vulnerability affecting Oracle Java SE (6u95, 7u80, 8u45) and Java SE Embedded (7u75, 8u33) with impact to confidentiality, integrity, and availability via unknown vectors in the Libraries component. Public details in the initial description are limited; connected ...

CVE-2013-0422

CVE-2013-0422 affects Oracle Java 7 before Update 11, combining two issues: (1) JMX/MBean path via getMBeanInstantiator and findClass enabling private MBeanInstantiator reference retrieval, and (2) recursive use of Reflection API bypassing java.lang.invoke.MethodHandles.Lookup.checkSecurityManage...

CVE-2013-2423

CVE-2013-2423 is an unspecified remote vulnerability in the Java Runtime Environment (JRE) component affecting Oracle Java SE 7 (Update 17 and earlier) and OpenJDK 7. The root cause, as per connected advisories, involves hotspot-related code and unknown vectors allowing reflection/type-confusion ...

CVE-2014-3153

The CVE-2014-3153 issue affects the Linux kernel futex_requeue path (kernel/futex.c) through version 3.14.5. A local unprivileged user can exploit FUTEX_REQUEUE with two identical futex addresses to gain privileges or modify waiter state, causing potential privilege escalation and memory impact. ...

CVE-2013-0640

CVE-2013-0640 is a memory corruption remote code execution vulnerability in Adobe Reader and Acrobat. It affects Adobe Reader/Acrobat 9.x prior to 9.5.4, 10.x prior to 10.1.6, and 11.x prior to 11.0.02, exploitable via a crafted PDF and observed in the wild in February 2013. The impact includes r...

CVE-2016-9843

CVE-2016-9843 concerns zlib 1.2.8 and its crc32_big implementation (big-endian CRC calculation). Connected docs show affected packages: FLTK builds for zlib before 1.3.8-1 in CBLMariner, and Cloud Foundry/ALAS advisories link multiple zlib-related CVEs with remediation guidance. The FLTK note sta...

CVE-2012-2034

CVE-2012-2034 concerns memory corruption in Adobe Flash Player (and Adobe AIR) that enables remote code execution or DoS via unspecified vectors. Affected platforms include Windows/macOS prior to 10.3.183.20 and 11.x before 11.3.300.257 (Windows/macOS), Linux prior to 11.2.202.236, Android 2.x/3....

CVE-2011-0609

The CVE-2011-0609 issue is an Adobe Flash Player AVM Bytecode Verification vulnerability that allows remote code execution via crafted SWF content. Affected products include Flash Player 10.2.x and earlier (Windows, macOS, Linux, Solaris), Flash Player 10.1.106.16 and earlier on Android, Adobe AI...

CVE-2016-3715

Summary: CVE-2016-3715 affects ImageMagick where the EPHEMERAL coder allows a remote attacker to delete arbitrary files via a crafted image. Affected versions are ImageMagick prior to 6.9.3-10 and 7.x prior to 7.0.1-1. Impact (per sources): Remote deletion of files via crafted images using the EP...

CVE-2016-3718

ImageMagick is affected by CVE-2016-3718: the HTTP and FTP coders can be abused to perform server-side request forgery via a crafted image. Affected lines: ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1. The vulnerability allows an attacker to induce the server to make HTTP/FTP requests when ...

CVE-2016-0752

CVE-2016-0752 is a directory-traversal flaw in Rails’ Action View triggered when untrusted input is passed to render, allowing remote read of arbitrary files via a path containing .. and linked to incomplete fixes that affected Rails 3.2.x/4.x. The vulnerability stems from Action View’s rendering...

CVE-2013-1675

CVE-2013-1675 affects Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, and Thunderbird before 17.0.6. The issue arises from improper initialization of nsDOMSVGZoomEvent data structures (mPreviousScale and mNewScale), enabling a remote attacker to disclose memory-resident data via a cr...

CVE-2010-4345

CVE-2010-4345 is a local privilege escalation in Exim up to version 4.72, where the exim user could gain root privileges by specifying an alternate configuration file with -C or via macro overrides (-D). Upstream fixes require changes to Exim behavior; newer builds drop root privileges when run w...

CVE-2015-3043

CVE-2015-3043 refers to a memory corruption vulnerability in Adobe Flash Player that allows remote code execution. Affected versions include Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows/macOS, and before 11.2.202.457 on Linux. The underlying root cause is desc...

CVE-2016-4117

CVE-2016-4117 affects Adobe Flash Player (earlier than 21.0.0.196) via an out-of-bounds access in the DeleteRangeTimelineOperation module of the SWF runtime, caused by a type-confusion vulnerability. This allows memory corruption and arbitrary code execution, as demonstrated by FireEye researcher...

CVE-2010-1297

CVE-2010-1297 affects Adobe Flash Player (versions prior to 9.0.277.0 and 10.x prior to 10.1.53.64), Adobe AIR (prior to 2.0.2.12610), and Adobe Reader/Acrobat (8.x up to 8.2.3; 9.x prior to 9.3.3) on Windows and macOS. The root cause is memory corruption/remote code execution via crafted SWF con...

CVE-2015-0313

Adobe Flash Player is affected by a use-after-free vulnerability (CVE-2015-0313) that enables remote code execution via crafted SWF handling. Affected products include Flash Player versions prior to 13.0.0.269 and 14.x–16.x prior to 16.0.0.305 on Windows/macOS, and prior to 11.2.202.442 on Linux....

CVE-2010-0840

CVE-2010-0840 is an unspecified vulnerability in the Java Runtime Environment within Oracle Java SE/Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 that can affect confidentiality, integrity, and availability via unknown vectors. The March 2010 CPU note references a possible issue with privileg...

CVE-2011-0611

CVE-2011-0611 affects Adobe Flash Player before 10.2.154.27 (Windows/macOS/Linux/Solaris) and 10.2.156.12 and earlier on Android, plus Authplay.dll in Reader/Acrobat components. The vulnerability allows remote attackers to execute arbitrary code or cause a denial of service via crafted Flash cont...

CVE-2016-1646

Summary: CVE-2016-1646 affects Google Chrome’s V8 engine. The Array.prototype.concat implementation in V8/builtins.cc does not properly consider element data types, enabling a remote attacker to cause a denial of service (out-of-bounds read) via crafted JavaScript code. Affected software/versions...

CVE-2015-8651

CVE-2015-8651 is an Adobe Flash Player vulnerability described as an integer overflow that enables remote code execution. The initial entry lists affected Flash Player versions on Windows, OS X, and Linux, and notes exploitation to run arbitrary code via unspecified vectors. Connected sources con...

CVE-2014-3566

CVE-2014-3566 (POODLE) affects SSLv3 in AIX and related IBM components. IBM’s advisory (nettcp) states SSLv3 padding oracle vulnerability could allow MITM decryption of SSL sessions. Affected: AIX 6.1/7.1 and VIOS 2.2.x with vulnerable bos.net.tcp.client/server file sets (various lower/upper leve...

CVE-2012-1535

Adobe Flash Player suffers an arbitrary code execution/DoS vulnerability (CVE-2012-1535) via crafted SWF content. Expected impact is remote code execution or application crash; evidence cites in-the-wild activity in August 2012. Affected versions are Windows/Mac OS X: prior to 11.3.300.271; Linux...

CVE-2015-7645

CVE-2015-7645 is an Adobe Flash Player remote code execution vulnerability exploitable via a crafted SWF file. The initial document states Flash Player 18.x–18.0.0.252 and 19.x–19.0.0.207 on Windows and macOS, and 11.x–11.2.202.535 on Linux, with exploitation observed in the wild in October 2015....

CVE-2009-4324

Adobe Reader/Acrobat (Windows/macOS) is affected by CVE-2009-4324 due to a use-after-free in Doc.media.newPlayer inside Multimedia.api. A crafted PDF with ZLib streams can trigger remote code execution. The vulnerability is reported as exploited in the wild in December 2009. Affected versions inc...

CVE-2009-3953

CVE-2009-3953 affects Adobe Reader/Acrobat U3D handling in PDFs. The vulnerability arises from a CLODProgressiveMeshDeclaration array boundary issue in the U3D implementation, allowing remote code execution when processing malformed U3D data. Affected product versions include Acrobat/Reader 9.x p...

CVE-2013-0641

CVE-2013-0641 is a buffer overflow in Adobe Reader and Acrobat versions prior to certain patches that allows a remote attacker to execute arbitrary code via a crafted PDF. The description specifies impact as remote code execution, with exploitation observed in the wild in February 2013. Affected ...

CVE-2015-5119

The CVE-2015-5119 entry documents a use-after-free in Adobe Flash Player’s AS3 ByteArray class. The vulnerability arises when a crafted valueOf override in an object causes the ByteArray storage to be reallocated during a write ba[0] = obj, leading to memory corruption and potential remote code e...

CVE-2015-4902

CVE-2015-4902 is an unspecified vulnerability in Oracle Java SE affecting Java 6u101, 7u85, and 8u60, with impact limited to integrity via unknown vectors related to Deployment. The Connected documents confirm the affected products and the vulnerability class, but do not provide concrete exploit ...

CVE-2015-4495

CVE-2015-4495 affects Mozilla Firefox's built-in PDF viewer. The vulnerability allows remote attackers to bypass the Same Origin Policy and read arbitrary files or gain privileges via crafted JavaScript and a native setter, in Firefox versions before 39.0.3, Firefox ESR 38.x before 38.1.1, and Fi...

CVE-2015-3113

CVE-2015-3113 is a heap-based buffer overflow in Adobe Flash Player affecting Windows/macOS Flash parsing of FLV data, exploited in the wild in June 2015. Affected versions: Flash Player before 13.0.0.296, and 14.x up to 18.x before 18.0.0.194 on Windows/macOS; before 11.2.202.468 on Linux. The f...

CVE-2015-1419

The CVE-2015-1419 vulnerability affects vsftpd 3.0.2 and earlier, enabling remote bypass of access restrictions via the deny_file parsing logic. The root cause is improper handling of the deny_file option, which could allow unauthorized access under certain conditions. Public references in the co...

CVE-2014-2323

Lighttpd vulnerability CVE-2014-2323: SQL injection in mod_mysql_vhost.c allows remote command execution via the host name (related to request_check_hostname). Affected software: lighttpd prior to 1.4.35. Impact risk is described in public advisories as enabling arbitrary SQL execution. Remediati...

CVE-2013-4559

lighttpd prior to 1.4.33 is vulnerable because it does not check the return values of setuid, setgid, or setgroups, which can cause the server to continue running as root on restart and allow privilege escalation (illustrated by repeated clone calls where setuid fails). The issue is tracked acros...

CVE-2015-2808

CVE-2015-2808 concerns RC4 usage in TLS/SSL within OpenJDK/OpenJDK components. The Invariance Weakness (Bar Mitzvah) means RC4 key material can leak partial plaintext from the first bytes of a TLS/SSL stream, enabling plaintext-recovery under certain traffic patterns. Public advisories for OpenJD...