Total
29582 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1649 | 1 Microsoft | 6 Office, Office Compatibility Pack, Office Web Apps and 3 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." | ||||
| CVE-2014-0573 | 5 Adobe, Apple, Linux and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0588 and CVE-2014-8438. | ||||
| CVE-2015-7081 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-9752 | 1 Atutor | 1 Atutor | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in mods/_core/properties/lib/course.inc.php in ATutor before 2.2 patch 6 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension as a customicon for a new course, then accessing it via a direct request to the file in content/. | ||||
| CVE-2014-9376 | 1 Ettercap-project | 1 Ettercap | 2025-04-12 | N/A |
| Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c. | ||||
| CVE-2014-0186 | 1 Redhat | 1 Enterprise Linux | 2025-04-12 | N/A |
| A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise Linux (RHEL) 7 allows remote attackers to cause a denial of service (CPU consumption) via a crafted request. NOTE: this vulnerability exists because of an unspecified regression. | ||||
| CVE-2014-9421 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2025-04-12 | N/A |
| The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in MIT Kerberos 5 (aka krb5) through 1.11.5, 1.12.x through 1.12.2, and 1.13.x before 1.13.1 does not properly handle partial XDR deserialization, which allows remote authenticated users to cause a denial of service (use-after-free and double free, and daemon crash) or possibly execute arbitrary code via malformed XDR data, as demonstrated by data sent to kadmind. | ||||
| CVE-2015-1578 | 1 Yuba | 1 U5cms | 2025-04-12 | N/A |
| Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admin/pidvesa.php or (2) uri parameter to u5admin/meta2.php. | ||||
| CVE-2015-1484 | 1 Symantec | 1 Workspace Streaming | 2025-04-12 | N/A |
| Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | ||||
| CVE-2014-9209 | 1 Rockwellautomation | 2 Factorytalk Services Platform, Factorytalk View Studio | 2025-04-12 | N/A |
| Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2013-7180 | 1 Cobham | 9 Aviator 200, Aviator 300, Aviator 350 and 6 more | 2025-04-12 | N/A |
| Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtain administrative privileges by leveraging physical access or terminal access to spoof a reset code. | ||||
| CVE-2013-7455 | 1 Littlecms | 1 Little Cms Color Engine | 2025-04-12 | N/A |
| Double free vulnerability in the DefaultICCintents function in cmscnvrt.c in liblcms2 in Little CMS 2.x before 2.6 allows remote attackers to execute arbitrary code via a malformed ICC profile that triggers an error in the default intent handler. | ||||
| CVE-2014-9302 | 1 Alfresco | 1 Community Edition | 2025-04-12 | N/A |
| Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter. | ||||
| CVE-2015-1414 | 3 Debian, Freebsd, Netgate | 3 Debian Linux, Freebsd, Pfsense | 2025-04-12 | N/A |
| Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. | ||||
| CVE-2015-1421 | 4 Canonical, Debian, Linux and 1 more | 9 Ubuntu Linux, Debian Linux, Linux Kernel and 6 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data. | ||||
| CVE-2013-3064 | 1 Linksys | 2 Ea6500, Ea6500 Firmware | 2025-04-12 | N/A |
| Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter. | ||||
| CVE-2015-6777 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Use-after-free vulnerability in the ContainerNode::notifyNodeInsertedInternal function in WebKit/Source/core/dom/ContainerNode.cpp in the DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOMCharacterDataModified events for certain detached-subtree insertions. | ||||
| CVE-2014-8397 | 1 Corel | 2 Fastflick, Videostudio Pro | 2025-04-12 | N/A |
| Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed. | ||||
| CVE-2016-3227 | 1 Microsoft | 1 Windows Server 2012 | 2025-04-12 | N/A |
| Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability." | ||||
| CVE-2015-6251 | 2 Debian, Gnu | 2 Debian Linux, Gnutls | 2025-04-12 | N/A |
| Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. | ||||