Export limit exceeded: 29828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29828 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8069 | 6 Adobe, Apple, Google and 3 more | 10 Air, Air Sdk, Air Sdk \& Compiler and 7 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454. | ||||
| CVE-2015-8113 | 1 Symantec | 1 Endpoint Protection | 2025-04-12 | N/A |
| Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1492. | ||||
| CVE-2015-8765 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-12 | N/A |
| Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | ||||
| CVE-2015-8816 | 3 Linux, Novell, Suse | 11 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 8 more | 2025-04-12 | 6.8 Medium |
| The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. | ||||
| CVE-2015-8833 | 1 Cypherpunks | 1 Pidgin-otr | 2025-04-12 | N/A |
| Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbitrary code via vectors related to the "Authenticate buddy" menu item. | ||||
| CVE-2016-0041 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2025-04-12 | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability." | ||||
| CVE-2016-3039 | 1 Ibm | 1 Traveler | 2025-04-12 | N/A |
| IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2016-1662 | 3 Google, Opensuse, Redhat | 7 Chrome, Opensuse, Enterprise Linux Desktop Supplementary and 4 more | 2025-04-12 | N/A |
| extensions/renderer/gc_callback.cc in Google Chrome before 50.0.2661.94 does not prevent fallback execution once the Garbage Collection callback has started, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via unknown vectors. | ||||
| CVE-2012-5057 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-04-12 | N/A |
| CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter. | ||||
| CVE-2014-5139 | 1 Openssl | 1 Openssl | 2025-04-12 | N/A |
| The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a ServerHello message that includes an SRP ciphersuite without the required negotiation of that ciphersuite with the client. | ||||
| CVE-2016-2340 | 1 Graniteds | 1 Granite Data Services | 2025-04-12 | N/A |
| The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows remote authenticated users to read arbitrary files, send TCP requests to intranet servers, or cause a denial of service via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2013-0250 | 1 Corosync | 1 Corosync | 2025-04-12 | N/A |
| The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet. | ||||
| CVE-2014-8142 | 2 Php, Redhat | 3 Php, Enterprise Linux, Rhel Software Collections | 2025-04-12 | N/A |
| Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys within the serialized properties of an object, a different vulnerability than CVE-2004-1019. | ||||
| CVE-2013-2225 | 1 Glpi-project | 1 Glpi | 2025-04-12 | N/A |
| inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php. | ||||
| CVE-2016-4059 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2025-04-12 | N/A |
| Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document. | ||||
| CVE-2015-2994 | 1 Sysaid | 1 Sysaid | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/. | ||||
| CVE-2016-4063 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2025-04-12 | N/A |
| Use-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document. | ||||
| CVE-2013-6308 | 1 Ibm | 1 Marketing Platform | 2025-04-12 | N/A |
| IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection. | ||||
| CVE-2013-7323 | 1 Vinay Sajip | 1 Python-gnupg | 2025-04-12 | N/A |
| python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | ||||
| CVE-2013-7336 | 2 Opensuse, Redhat | 4 Opensuse, Enterprise Linux, Libvirt and 1 more | 2025-04-12 | N/A |
| The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function. | ||||