Export limit exceeded: 364909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (3295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-4138 8 Adobe, Apple, Google and 5 more 17 Flash Player, Flash Player Desktop Runtime, Macos and 14 more 2025-04-12 9.8 Critical
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2016-4139 8 Adobe, Apple, Google and 5 more 17 Flash Player, Flash Player Desktop Runtime, Macos and 14 more 2025-04-12 8.8 High
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.
CVE-2014-8169 3 Automount Project, Opensuse, Redhat 7 Automount, Opensuse, Enterprise Linux and 4 more 2025-04-12 N/A
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
CVE-2014-8157 4 Debian, Jasper Project, Opensuse and 1 more 5 Debian Linux, Jasper, Opensuse and 2 more 2025-04-12 N/A
Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2000 image, which triggers a heap-based buffer overflow.
CVE-2014-8154 2 Gnome, Opensuse 2 Vala, Opensuse 2025-04-12 N/A
The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect buffer length declaration for the Gstreamer bindings, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which trigger a heap-based buffer overflow.
CVE-2014-8148 2 Midgard-project, Opensuse 2 Midgard2, Opensuse 2025-04-12 N/A
The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root privileges.
CVE-2014-8132 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2025-04-12 N/A
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
CVE-2014-9601 4 Fedoraproject, Opensuse, Oracle and 1 more 4 Fedora, Opensuse, Solaris and 1 more 2025-04-12 N/A
Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.
CVE-2014-9744 2 Opensuse, Polarssl 2 Opensuse, Polarssl 2025-04-12 N/A
Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of ClientHello messages. NOTE: this identifier was SPLIT from CVE-2014-8628 per ADT3 due to different affected versions.
CVE-2015-0349 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2025-04-12 N/A
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039.
CVE-2014-3169 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2025-04-12 N/A
Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal.
CVE-2015-0833 3 Microsoft, Mozilla, Opensuse 6 Windows, Firefox, Firefox Esr and 3 more 2025-04-12 N/A
Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll.
CVE-2015-1196 3 Gnu, Opensuse, Oracle 3 Patch, Opensuse, Solaris 2025-04-12 N/A
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.
CVE-2014-3168 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2025-04-12 N/A
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.
CVE-2015-4144 2 Opensuse, W1.fi 3 Opensuse, Hostapd, Wpa Supplicant 2025-04-12 N/A
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
CVE-2014-2978 3 Directfb, Opensuse, Suse 6 Directfb, Opensuse, Linux Enterprise Desktop and 3 more 2025-04-12 N/A
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.
CVE-2014-3730 4 Canonical, Debian, Djangoproject and 1 more 4 Ubuntu Linux, Debian Linux, Django and 1 more 2025-04-12 N/A
The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly validate URLs, which allows remote attackers to conduct open redirect attacks via a malformed URL, as demonstrated by "http:\\\djangoproject.com."
CVE-2015-5828 2 Apple, Opensuse 2 Safari, Leap 2025-04-12 N/A
The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.
CVE-2014-2913 2 Nagios, Opensuse 2 Remote Plugin Executor, Opensuse 2025-04-12 N/A
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to libexec/check_nrpe. NOTE: this issue is disputed by multiple parties. It has been reported that the vendor allows newlines as "expected behavior." Also, this issue can only occur when the administrator enables the "dont_blame_nrpe" option in nrpe.conf despite the "HIGH security risk" warning within the comments
CVE-2015-8842 1 Opensuse 1 Opensuse 2025-04-12 N/A
tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions for /var/log/journal/%m/system.journal, which allows local users to obtain sensitive information by reading the file.