CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Novell : Security Vulnerabilities (Memory Corruption)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2016-4997 264 DoS +Priv Mem. Corr. 2016-07-03 2016-12-02
7.2
None Local Low Not required Complete Complete Complete
The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.
2 CVE-2016-4805 416 DoS Mem. Corr. 2016-05-23 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or possibly have unspecified other impact by removing a network namespace, related to the ppp_register_net_channel and ppp_unregister_channel functions.
3 CVE-2016-4342 119 DoS Overflow Mem. Corr. 2016-05-21 2016-11-30
8.3
None Remote Medium Not required Partial Partial Complete
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive.
4 CVE-2016-3134 119 DoS Overflow +Priv Mem. Corr. 2016-04-27 2016-12-02
7.2
None Local Low Not required Complete Complete Complete
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
5 CVE-2016-3062 119 DoS Exec Code Overflow Mem. Corr. 2016-06-16 2016-08-17
6.8
None Remote Medium Not required Partial Partial Partial
The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file.
6 CVE-2016-2851 119 DoS Exec Code Overflow Mem. Corr. 2016-04-07 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a series of large OTR messages, which triggers a heap-based buffer overflow.
7 CVE-2016-2834 DoS Mem. Corr. 2016-06-13 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
8 CVE-2016-2821 DoS Exec Code Mem. Corr. 2016-06-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor.
9 CVE-2016-2818 119 DoS Exec Code Overflow Mem. Corr. 2016-06-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
10 CVE-2016-2815 119 DoS Exec Code Overflow Mem. Corr. 2016-06-13 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
11 CVE-2016-2807 119 DoS Exec Code Overflow Mem. Corr. 2016-04-30 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
12 CVE-2016-2806 119 DoS Exec Code Overflow Mem. Corr. 2016-04-30 2016-11-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
13 CVE-2016-2105 189 DoS Overflow Mem. Corr. 2016-05-04 2016-11-30
5.0
None Remote Low Not required None None Partial
Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h allows remote attackers to cause a denial of service (heap memory corruption) via a large amount of binary data.
14 CVE-2016-1977 119 DoS Exec Code Overflow Mem. Corr. 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The Machine::Code::decoder::analysis::set_ref function in Graphite 2 before 1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a crafted Graphite smart font.
15 CVE-2016-1966 DoS Exec Code Mem. Corr. 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
The nsNPObjWrapper::GetNewOrUsed function in dom/plugins/base/nsJSNPRuntime.cpp in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer dereference and memory corruption) via a crafted NPAPI plugin.
16 CVE-2016-1964 DoS Exec Code Mem. Corr. 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the AtomicBaseIncDec function in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging mishandling of XML transformations.
17 CVE-2016-1956 399 DoS Mem. Corr. 2016-03-13 2016-12-02
7.1
None Remote Medium Not required None None Complete
Mozilla Firefox before 45.0 on Linux, when an Intel video driver is used, allows remote attackers to cause a denial of service (memory consumption or stack memory corruption) by triggering use of a WebGL shader.
18 CVE-2016-1953 119 DoS Exec Code Overflow Mem. Corr. 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
19 CVE-2016-1952 119 DoS Exec Code Overflow Mem. Corr. 2016-03-13 2016-12-02
6.8
None Remote Medium Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
20 CVE-2016-1944 119 DoS Overflow Mem. Corr. 2016-01-31 2016-12-05
10.0
None Remote Low Not required Complete Complete Complete
The Buffer11::NativeBuffer11::map function in ANGLE, as used in Mozilla Firefox before 44.0, might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
21 CVE-2016-1931 119 DoS Exec Code Overflow Mem. Corr. 2016-01-31 2016-12-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to uninitialized memory encountered during brotli data compression, and other vectors.
22 CVE-2016-1930 119 DoS Exec Code Overflow Mem. Corr. 2016-01-31 2016-12-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
23 CVE-2016-1680 119 DoS Overflow Mem. Corr. 2016-06-05 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via unknown vectors.
24 CVE-2016-1661 20 DoS Mem. Corr. 2016-05-14 2016-11-30
8.3
None Remote Medium Not required Partial Partial Complete
Blink, as used in Google Chrome before 50.0.2661.94, does not ensure that frames satisfy a check for the same renderer process in addition to a Same Origin Policy check, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted web site, related to BindingSecurity.cpp and DOMWindow.cpp.
25 CVE-2015-7202 119 DoS Exec Code Overflow Mem. Corr. 2015-12-16 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
26 CVE-2015-7201 119 DoS Exec Code Overflow Mem. Corr. 2015-12-16 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
27 CVE-2015-5309 189 DoS Exec Code Overflow Mem. Corr. 2015-12-07 2016-12-07
4.3
None Remote Medium Not required None None Partial
Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow.
28 CVE-2015-4489 119 DoS Overflow Mem. Corr. 2015-08-15 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.
29 CVE-2015-4487 119 DoS Overflow Mem. Corr. 2015-08-15 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."
30 CVE-2015-4474 DoS Exec Code Mem. Corr. 2015-08-15 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
31 CVE-2015-4473 119 DoS Exec Code Overflow Mem. Corr. 2015-08-15 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
32 CVE-2015-3256 264 DoS +Priv Mem. Corr. 2015-10-26 2016-12-07
4.6
None Local Low Not required Partial Partial Partial
PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "javascript rule evaluation."
33 CVE-2015-3043 DoS Exec Code Mem. Corr. 2015-04-14 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042.
34 CVE-2015-2728 DoS Exec Code Mem. Corr. 2015-07-05 2016-12-07
7.5
None Remote Low Not required Partial Partial Partial
The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.
35 CVE-2015-2726 119 DoS Exec Code Overflow Mem. Corr. 2015-07-05 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
36 CVE-2015-2725 119 DoS Exec Code Overflow Mem. Corr. 2015-07-05 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
37 CVE-2015-2724 119 DoS Exec Code Overflow Mem. Corr. 2015-07-05 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
38 CVE-2015-2715 362 DoS Exec Code Mem. Corr. 2015-05-14 2016-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown.
39 CVE-2015-2713 DoS Exec Code Mem. Corr. 2015-05-14 2016-11-30
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
40 CVE-2015-2709 DoS Exec Code Mem. Corr. 2015-05-14 2016-11-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
41 CVE-2015-2708 DoS Exec Code Mem. Corr. 2015-05-14 2016-11-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
42 CVE-2015-2187 20 DoS Mem. Corr. 2015-03-07 2016-11-28
5.0
None Remote Low Not required None None Partial
The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.
43 CVE-2015-1280 119 DoS Overflow Mem. Corr. 2015-07-22 2016-12-02
7.5
None Remote Low Not required Partial Partial Partial
SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging access to a renderer process and providing crafted serialized data.
44 CVE-2015-0828 DoS Exec Code Mem. Corr. 2015-02-25 2016-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data.
45 CVE-2015-0808 17 DoS Mem. Corr. 2015-04-01 2016-12-06
5.0
None Remote Low Not required None None Partial
The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which might allow remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
46 CVE-2015-0806 17 DoS Exec Code Mem. Corr. 2015-04-01 2016-12-06
7.5
None Remote Low Not required Partial Partial Partial
The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors that trigger rendering of 2D graphics content.
47 CVE-2015-0805 17 DoS Exec Code Mem. Corr. 2015-04-01 2016-12-06
7.5
None Remote Low Not required Partial Partial Partial
The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurface function, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors that trigger rendering of 2D graphics content.
48 CVE-2014-9669 125 DoS Overflow Mem. Corr. 2015-02-08 2016-11-22
6.8
None Remote Medium Not required Partial Partial Partial
Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.
49 CVE-2014-7926 17 DoS Mem. Corr. 2015-01-22 2016-10-24
7.5
None Remote Low Not required Partial Partial Partial
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7923.
50 CVE-2014-7923 17 DoS Mem. Corr. 2015-01-22 2016-10-24
7.5
None Remote Low Not required Partial Partial Partial
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7926.
Total number of vulnerabilities : 67   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.