Search Results (15472 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-0728 6 Canonical, Debian, Google and 3 more 9 Ubuntu Linux, Debian Linux, Android and 6 more 2025-04-12 7.8 High
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
CVE-2015-3843 1 Google 1 Android 2025-04-12 N/A
The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171.
CVE-2015-3849 1 Google 1 Android 2025-04-12 N/A
The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via an application that sends a crafted message to a service, aka internal bug 21585255.
CVE-2015-3872 1 Google 1 Android 2025-04-12 N/A
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388.
CVE-2015-5605 3 Google, Opensuse, Redhat 3 Chrome, Opensuse, Rhel Extras 2025-04-12 N/A
The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash) via crafted JavaScript code, as demonstrated by an error in garbage collection during allocation of a stack-overflow exception message.
CVE-2015-3878 1 Google 1 Android 2025-04-12 N/A
Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that references a long application name, aka internal bug 23345192.
CVE-2015-3910 1 Google 2 Chrome, V8 2025-04-12 N/A
Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
CVE-2014-7899 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.
CVE-2014-7902 1 Google 1 Chrome 2025-04-12 N/A
Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
CVE-2014-7907 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods.
CVE-2014-7911 1 Google 1 Android 2025-04-12 N/A
luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.
CVE-2014-7915 1 Google 1 Android 2025-04-12 N/A
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
CVE-2014-7923 6 Canonical, Google, Icu-project and 3 more 10 Ubuntu Linux, Chrome, International Components For Unicode and 7 more 2025-04-12 N/A
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.
CVE-2014-7930 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper maintenance of TreeScope data.
CVE-2014-7936 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that triggers improper maintenance of a zoom bubble.
CVE-2014-7940 3 Google, Icu-project, Redhat 3 Chrome, International Components For Unicode, Rhel Extras 2025-04-12 N/A
The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.
CVE-2014-7941 4 Chromium, Google, Opensuse and 1 more 8 Chromium, Chrome, Opensuse and 5 more 2025-04-12 N/A
The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data.
CVE-2014-7946 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors related to the Fonts implementation.
CVE-2015-8417 6 Adobe, Apple, Google and 3 more 10 Air, Air Sdk, Air Sdk \& Compiler and 7 more 2025-04-12 N/A
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455.
CVE-2015-8419 6 Adobe, Apple, Google and 3 more 10 Air, Air Sdk, Air Sdk \& Compiler and 7 more 2025-04-12 N/A
Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, and CVE-2015-8455.