Search Results (25547 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-1297 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 6 through 8 does not properly restrict data access by VBScript, which allows remote attackers to perform cross-domain reading of JSON files via a crafted web site, aka "JSON Array Information Disclosure Vulnerability."
CVE-2012-0755 7 Adobe, Apple, Google and 4 more 7 Flash Player, Mac Os X, Android and 4 more 2025-04-11 N/A
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0756.
CVE-2010-2157 1 Microsoft 1 Windows 2025-04-11 N/A
Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, and r12.5 SP1 on Windows allows local users to obtain sensitive information via unknown vectors.
CVE-2010-1248 1 Microsoft 2 Excel, Office 2025-04-11 N/A
Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
CVE-2014-0289 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-0267 and CVE-2014-0290.
CVE-2012-0756 7 Adobe, Apple, Google and 4 more 7 Flash Player, Mac Os X, Android and 4 more 2025-04-11 N/A
Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows attackers to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2012-0755.
CVE-2010-1402 2 Apple, Microsoft 7 Mac Os X, Mac Os X Server, Safari and 4 more 2025-04-11 N/A
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.
CVE-2010-0478 1 Microsoft 1 Windows 2000 2025-04-11 N/A
Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
CVE-2010-1549 2 Hp, Microsoft 3 Loadrunner, Performance Center, Windows 2025-04-11 N/A
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.
CVE-2010-1119 2 Apple, Microsoft 5 Iphone Os, Mac Os X, Mac Os X Server and 2 more 2025-04-11 N/A
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
CVE-2010-1098 1 Microsoft 2 Windows Vista, Windows Xp 2025-04-11 N/A
The ANI parser in Microsoft Windows before 7 on the x86 platform, as used in Internet Explorer and other applications, allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted biClrUsed value in the BITMAPINFO header of a .ANI file.
CVE-2010-1127 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 6 and 7 does not initialize certain data structures during execution of the createElement method, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted JavaScript code, as demonstrated by setting the (1) outerHTML or (2) value property of an object returned by createElement.
CVE-2011-0058 3 Microsoft, Mozilla, Redhat 4 Windows, Firefox, Seamonkey and 1 more 2025-04-11 N/A
Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey before 2.0.12, on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a long string that triggers construction of a long text run.
CVE-2011-2019 1 Microsoft 3 Internet Explorer, Windows 7, Windows Server 2008 2025-04-11 N/A
Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
CVE-2013-3875 1 Microsoft 1 Internet Explorer 2025-04-11 N/A
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2012-1942 2 Microsoft, Mozilla 4 Windows, Firefox, Seamonkey and 1 more 2025-04-11 N/A
The Mozilla Updater and Windows Updater Service in Mozilla Firefox 12.0, Thunderbird 12.0, and SeaMonkey 2.9 on Windows allow local users to gain privileges by loading a DLL file in a privileged context.
CVE-2011-2425 7 Adobe, Apple, Google and 4 more 8 Adobe Air, Flash Player, Mac Os X and 5 more 2025-04-11 N/A
Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2135, CVE-2011-2140, and CVE-2011-2417.
CVE-2009-3737 2 Microsoft, Oracle 2 Internet Explorer, Siebel Option Pack Ie Activex Control 2025-04-11 N/A
The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.
CVE-2010-4368 2 Awstats, Microsoft 2 Awstats, Windows 2025-04-11 N/A
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.
CVE-2011-2004 1 Microsoft 2 Windows 7, Windows Server 2008 2025-04-11 N/A
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.