Total
4525 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2011-4189 | 1 Novell | 1 Groupwise | 2025-04-11 | 7.5 HIGH | N/A |
| The client in Novell GroupWise 8.0x through 8.02HP3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) via a long e-mail address in an Address Book (aka .NAB) file. | |||||
| CVE-2013-5942 | 1 Graphite Project | 1 Graphite | 2025-04-11 | 6.8 MEDIUM | N/A |
| Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) storage.py, (3) render/datalib.py, and (4) whitelist/views.py, a different vulnerability than CVE-2013-5093. | |||||
| CVE-2012-2290 | 1 Emc | 1 Networker Module For Microsoft Applications | 2025-04-11 | 9.3 HIGH | N/A |
| The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel. | |||||
| CVE-2012-3980 | 1 Mozilla | 3 Firefox, Thunderbird, Thunderbird Esr | 2025-04-11 | 9.3 HIGH | N/A |
| The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, and Thunderbird ESR 10.x before 10.0.7 allows user-assisted remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site that injects this code and triggers an eval operation. | |||||
| CVE-2011-4047 | 1 Dell | 1 Kace K2000 Systems Deployment Appliance | 2025-04-11 | 9.3 HIGH | N/A |
| The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access. | |||||
| CVE-2011-1969 | 1 Microsoft | 1 Forefront Unified Access Gateway | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability." | |||||
| CVE-2009-4789 | 2 Joomla, Mojoblog | 2 Joomla, Mojoblog | 2025-04-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in the MojoBlog component RC 0.15 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) wp-comments-post.php and (2) wp-trackback.php. | |||||
| CVE-2013-2802 | 1 Sixnet | 2 Rtu Firmware, Udr | 2025-04-11 | 10.0 HIGH | N/A |
| The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata via function opcodes. | |||||
| CVE-2010-2217 | 3 Adobe, Linux, Microsoft | 4 Flash Media Server, Flash Media Server 2, Linux Kernel and 1 more | 2025-04-11 | 10.0 HIGH | N/A |
| Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, allows attackers to execute arbitrary code via unspecified vectors, related to a "JS method vulnerability." | |||||
| CVE-2011-1388 | 2 .bbsoftware, Ibm | 2 Bb Flashback, Rational Rhapsody | 2025-04-11 | 9.3 HIGH | N/A |
| The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-2174 | 1 Ibm | 1 Lotus Notes | 2025-04-11 | 9.3 HIGH | N/A |
| The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote attackers to execute arbitrary code via a crafted notes:// URL. | |||||
| CVE-2010-3331 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory in certain circumstances involving use of Microsoft Word to read Word documents, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2012-1933 | 1 Sourcefabric | 1 Newscoop | 2025-04-11 | 6.8 MEDIUM | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x before 3.5.5 and 4 before RC4, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[g_campsiteDir] parameter to (1) include/phorum_load.php, (2) conf/install_conf.php, or (3) conf/liveuser_configuration.php. | |||||
| CVE-2010-1879 | 1 Microsoft | 3 Directx, Windows Media Encoder, Windows Media Format Runtime | 2025-04-11 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media Format Runtime 9, 9.5, and 11; Media Encoder 9; and the Asycfilt.dll COM component allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "Media Decompression Vulnerability." | |||||
| CVE-2013-3079 | 1 Vmware | 1 Vcenter Server Appliance | 2025-04-11 | 9.0 HIGH | N/A |
| VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows remote authenticated users to execute arbitrary programs with root privileges by leveraging Virtual Appliance Management Interface (VAMI) access. | |||||
| CVE-2013-2115 | 1 Apache | 1 Struts | 2025-04-11 | 9.3 HIGH | 8.1 HIGH |
| Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966. | |||||
| CVE-2010-3635 | 1 Adobe | 1 Flash Media Server | 2025-04-11 | 10.0 HIGH | N/A |
| Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, and 4.0.x before 4.0.1 allows attackers to execute arbitrary code via unspecified vectors, related to a "segmentation fault vulnerability." | |||||
| CVE-2009-4273 | 1 Systemtap | 1 Systemtap | 2025-04-11 | 10.0 HIGH | N/A |
| stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command-line arguments in a request. | |||||
| CVE-2012-0168 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | 7.6 HIGH | N/A |
| Microsoft Internet Explorer 6 through 9 allows user-assisted remote attackers to execute arbitrary code via a crafted HTML document that is not properly handled during a "Print table of links" print operation, aka "Print Feature Remote Code Execution Vulnerability." | |||||
| CVE-2011-4786 | 1 Hp | 1 Easy Printer Care Software | 2025-04-11 | 9.3 HIGH | N/A |
| A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-2404 and CVE-2011-4787. | |||||