Total
29609 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9165 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-8455. | |||||
| CVE-2014-8132 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | 5.0 MEDIUM | N/A |
| Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet. | |||||
| CVE-2014-0170 | 2 Jboss, Redhat | 2 Teiid, Jboss Data Virtualization | 2025-04-12 | 4.3 MEDIUM | N/A |
| Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XML External Entity (XXE) issue. | |||||
| CVE-2014-1216 | 1 Fitnesse | 1 Fitnesse Wiki | 2025-04-12 | 7.5 HIGH | N/A |
| FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page. | |||||
| CVE-2014-0152 | 2 Ovirt, Redhat | 2 Ovirt, Ovirt-engine | 2025-04-12 | 6.8 MEDIUM | N/A |
| Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors. | |||||
| CVE-2014-0236 | 1 Php | 1 Php | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| file before 5.18, as used in the Fileinfo component in PHP before 5.6.0, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a zero root_storage value in a CDF file, related to cdf.c and readcdf.c. | |||||
| CVE-2015-7642 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | 10.0 HIGH | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7639, CVE-2015-7640, CVE-2015-7641, CVE-2015-7643, and CVE-2015-7644. | |||||
| CVE-2015-1136 | 1 Apple | 1 Mac Os X | 2025-04-12 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code by leveraging improper use of a mutex. | |||||
| CVE-2015-7296 | 1 Securifi | 4 Almond, Almond-2015, Almond-2015 Firmware and 1 more | 2025-04-12 | 4.3 MEDIUM | N/A |
| Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query performed on behalf of the device itself, which makes it easier for remote attackers to spoof responses by including this ID value, as demonstrated by a response containing the address of the firmware update server, a different vulnerability than CVE-2015-2914. | |||||
| CVE-2016-2184 | 3 Canonical, Linux, Novell | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 7 more | 2025-04-12 | 4.9 MEDIUM | 4.6 MEDIUM |
| The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor. | |||||
| CVE-2015-5573 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." | |||||
| CVE-2015-4134 | 1 Phpwind | 1 Phpwind | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||||
| CVE-2016-4541 | 3 Fedoraproject, Opensuse, Php | 3 Fedora, Leap, Php | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
| The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | |||||
| CVE-2014-8613 | 1 Freebsd | 1 Freebsd | 2025-04-12 | 7.8 HIGH | N/A |
| The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before p9, and 8.4 before p23 allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted RE_CONFIG chunk. | |||||
| CVE-2014-9403 | 1 Znc | 1 Znc | 2025-04-12 | 4.0 MEDIUM | N/A |
| The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error. | |||||
| CVE-2014-1750 | 1 Nokia Maps \& Places Project | 1 Nokia Maps \& Places | 2025-04-12 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the href parameter to page/place.html. NOTE: this was originally reported as a cross-site scripting (XSS) vulnerability, but this may be inaccurate. | |||||
| CVE-2015-3122 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 10.0 HIGH | N/A |
| Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3119, CVE-2015-3120, CVE-2015-3121, and CVE-2015-4433. | |||||
| CVE-2014-1759 | 1 Microsoft | 1 Publisher | 2025-04-12 | 9.3 HIGH | N/A |
| pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference and application crash) via a crafted .pub file, aka "Arbitrary Pointer Dereference Vulnerability." | |||||
| CVE-2014-3320 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | 5.8 MEDIUM | N/A |
| Multiple open redirect vulnerabilities in the admin web interface in the web framework in Cisco Unified Communications Domain Manager (CDM) 8.1(.4) and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted URLs for unspecified scripts, aka Bug ID CSCuo48835. | |||||
| CVE-2015-8789 | 1 Matroska | 1 Libebml | 2025-04-12 | 9.3 HIGH | 9.6 CRITICAL |
| Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" followed by another element of an upper level in an EBML document. | |||||