| CVE-2012-1823 | Cri | 0.86 | 9.8 | 0.94 | KEV | May 11, 2012 | sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case. |
| CVE-2016-3074 | Cri | 0.72 | 9.8 | 0.60 | | Apr 26, 2016 | Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow. |
| CVE-2014-0160 | Hig | 0.71 | 7.5 | 0.94 | KEV | Apr 7, 2014 | The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. |
| CVE-2010-1205 | Cri | 0.68 | 9.8 | 0.15 | | Jun 30, 2010 | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. |
| CVE-2008-0599 | Cri | 0.67 | 9.8 | 0.39 | | May 5, 2008 | The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI. |
| CVE-2016-0729 | Cri | 0.66 | 9.8 | 0.23 | | Apr 7, 2016 | Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) util/XMLURL.cpp, and (3) util/XMLUri.cpp in the XML Parser library in Apache Xerces-C before 3.1.3 allow remote attackers to cause a denial of service (segmentation fault or memory corruption) or possibly execute arbitrary code via a crafted document. |
| CVE-2022-45063 | Cri | 0.65 | 9.8 | 0.18 | | Nov 10, 2022 | xterm before 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions. |
| CVE-2016-2173 | Cri | 0.65 | 9.8 | 0.21 | | Apr 21, 2017 | org.springframework.core.serializer.DefaultDeserializer in Spring AMQP before 1.5.5 allows remote attackers to execute arbitrary code. |
| CVE-2014-1486 | Cri | 0.65 | 9.8 | 0.11 | | Feb 6, 2014 | Use-after-free vulnerability in the imgRequestProxy function in Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allows remote attackers to execute arbitrary code via vectors involving unspecified Content-Type values for image data. |
| CVE-2013-6671 | Cri | 0.65 | 9.8 | 0.10 | | Dec 11, 2013 | The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code via crafted use of JavaScript code for ordered list elements. |
| CVE-2013-5618 | Cri | 0.65 | 9.8 | 0.10 | | Dec 11, 2013 | Use-after-free vulnerability in the nsNodeUtils::LastRelease function in the table-editing user interface in the editor component in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code by triggering improper garbage collection. |
| CVE-2013-5613 | Cri | 0.65 | 9.8 | 0.11 | | Dec 11, 2013 | Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove function in Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before 24.2, and SeaMonkey before 2.23 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving synthetic mouse movement, related to the RestyleManager::GetHoverGeneration function. |
| CVE-2010-2941 | Cri | 0.65 | 9.8 | 0.21 | | Nov 5, 2010 | ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request. |
| CVE-2008-0062 | Cri | 0.65 | 9.8 | 0.16 | | Mar 19, 2008 | KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free. |
| CVE-2019-5482 | Cri | 0.64 | 9.8 | 0.10 | | Sep 16, 2019 | Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. |
| CVE-2019-5481 | Cri | 0.64 | 9.8 | 0.04 | | Sep 16, 2019 | Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. |
| CVE-2017-12170 | Cri | 0.64 | 9.8 | 0.00 | | Sep 21, 2017 | Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was vulnerable to packaging error due to which the original configuration was ignored after update and service started running with default configuration. This has security implications because of overriding security-related configuration. This issue doesn't affect upstream version of pure-ftpd. |
| CVE-2016-9961 | Cri | 0.64 | 9.8 | 0.03 | | Jun 6, 2017 | game-music-emu before 0.6.1 mishandles unspecified integer values. |
| CVE-2017-5885 | Cri | 0.64 | 9.8 | 0.01 | | Feb 28, 2017 | Multiple integer overflows in the (1) vnc_connection_server_message and (2) vnc_color_map_set functions in gtk-vnc before 0.7.0 allow remote servers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving SetColorMapEntries, which triggers a buffer overflow. |
| CVE-2016-9400 | Cri | 0.64 | 9.8 | 0.03 | | Feb 22, 2017 | The CClient::ProcessServerPacket method in engine/client/client.cpp in Teeworlds before 0.6.4 allows remote servers to write to arbitrary physical memory locations and possibly execute arbitrary code via vectors involving snap handling. |
