Export limit exceeded: 13849 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 14263 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 19553 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (19553 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43598 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2025-04-14 | 8.1 High |
| Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`. | ||||
| CVE-2022-4515 | 3 Debian, Exuberant Ctags Project, Redhat | 3 Debian Linux, Exuberant Ctags, Enterprise Linux | 2025-04-14 | 7.8 High |
| A flaw was found in Exuberant Ctags in the way it handles the "-o" option. This option specifies the tag filename. A crafted tag filename specified in the command line or in the configuration file results in arbitrary command execution because the externalSortTags() in sort.c calls the system(3) function in an unsafe way. | ||||
| CVE-2022-46600 | 1 Trendnet | 2 Tew-755ap, Tew-755ap Firmware | 2025-04-14 | 9.8 Critical |
| TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the wps_sta_enrollee_pin parameter in the action set_sta_enrollee_pin_24g function. | ||||
| CVE-2022-40005 | 1 Intelbras | 2 Wifiber 120ac Inmesh, Wifiber 120ac Inmesh Firmware | 2025-04-14 | 8.8 High |
| Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute. | ||||
| CVE-2022-41981 | 2 Debian, Openimageio | 2 Debian Linux, Openimageio | 2025-04-14 | 8.1 High |
| A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2025-26055 | 2025-04-14 | 6.5 Medium | ||
| An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module, specifically in the tracertVal parameter of the Tracert function. | ||||
| CVE-2022-4291 | 1 Avast | 1 Script Shield | 2025-04-14 | 7.7 High |
| The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component. | ||||
| CVE-2022-4221 | 1 Asus | 2 Nas-m25, Nas-m25 Firmware | 2025-04-14 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Asus NAS-M25 allows an unauthenticated attacker to inject arbitrary OS commands via unsanitized cookie values.This issue affects NAS-M25: through 1.0.1.7. | ||||
| CVE-2025-28256 | 1 Totolink | 2 A3100r, A3100r Firmware | 2025-04-14 | 9.8 Critical |
| An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so. | ||||
| CVE-2022-3664 | 1 Axiosys | 1 Bento4 | 2025-04-14 | 7.3 High |
| A vulnerability classified as critical has been found in Axiomatic Bento4. Affected is the function AP4_BitStream::WriteBytes of the file Ap4BitStream.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212004. | ||||
| CVE-2022-3665 | 1 Axiosys | 1 Bento4 | 2025-04-14 | 7.3 High |
| A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability. | ||||
| CVE-2022-3667 | 1 Axiosys | 1 Bento4 | 2025-04-14 | 7.3 High |
| A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212007. | ||||
| CVE-2022-3670 | 1 Axiosys | 1 Bento4 | 2025-04-14 | 7.3 High |
| A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability. | ||||
| CVE-2016-1320 | 1 Cisco | 1 Prime Collaboration | 2025-04-12 | N/A |
| The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users to execute arbitrary OS commands as root by leveraging administrator privileges, aka Bug ID CSCux69286. | ||||
| CVE-2015-8820 | 6 Adobe, Apple, Google and 3 more | 16 Air, Air Desktop Runtime, Air Sdk and 13 more | 2025-04-12 | 8.8 High |
| Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8658. | ||||
| CVE-2014-1528 | 7 Canonical, Fedoraproject, Microsoft and 4 more | 8 Ubuntu Linux, Fedora, Windows and 5 more | 2025-04-12 | N/A |
| The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element. | ||||
| CVE-2015-8818 | 2 Qemu, Redhat | 2 Qemu, Openstack | 2025-04-12 | 5.5 Medium |
| The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors. | ||||
| CVE-2015-0977 | 1 Network Vision | 1 Intravue | 2025-04-12 | N/A |
| Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2015-8652 | 6 Adobe, Apple, Google and 3 more | 16 Air, Air Desktop Runtime, Air Sdk and 13 more | 2025-04-12 | 8.8 High |
| Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820. | ||||
| CVE-2016-2876 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes unspecified processes at an incorrect privilege level, which makes it easier for remote authenticated users to obtain root access by leveraging a command-injection issue. | ||||