| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. |
| Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app. |
| Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496. |
| XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data. |
| Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages improper unmarshalling of bitmaps, aka internal bug 19666945. |
| Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underflow Vulnerability." |
| Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. |
| Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. |
| The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet. |
| IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 allows remote attackers to execute arbitrary code or cause a denial of service (integer truncation and application crash) via a crafted GIF image, aka SPR KLYH9T7NT9. |
| Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. |
| Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493. |
| Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow. |
| Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted Cinepak video data. |
| Shopizer 1.1.5 and earlier allows remote attackers to reduce the total cost of their shopping cart via a negative number in the productQuantity parameter, which causes the price of the item to be subtracted from the total cost. |
| libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the number of channels to at most 2, which allows remote attackers to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via crafted On2 data. |
| Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value. |
| The dissect_frame function in epan/dissectors/packet-frame.c in the frame metadissector in Wireshark 1.10.x before 1.10.8 interprets a negative integer as a length value even though it was intended to represent an error condition, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. |
| Integer signedness error in system/core/adb/adb_client.c in Android Debug Bridge (ADB) for Android 4.4 in the Android SDK Platform Tools 18.0.1 allows ADB servers to execute arbitrary code via a negative length value, which bypasses a signed comparison and triggers a stack-based buffer overflow. |
| The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before 2.1.4 does not properly calculate line sizes, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Microsoft RLE video data. |
