Search Results (21035 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1528 7 Canonical, Fedoraproject, Microsoft and 4 more 8 Ubuntu Linux, Fedora, Windows and 5 more 2025-04-12 N/A
The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo in Mozilla Firefox 28.0 and SeaMonkey 2.25 on Windows, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write and application crash) by painting on a CANVAS element.
CVE-2014-3181 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-12 N/A
Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event.
CVE-2015-7426 1 Ibm 2 Spectrum Protect For Virtual Environments, Spectrum Protect Snapshot 2025-04-12 N/A
The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 and Tivoli Storage FlashCopy Manager for VMware (aka Spectrum Protect Snapshot) 4.1 before 4.1.3.0 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2016-0964 6 Adobe, Apple, Google and 3 more 14 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 11 more 2025-04-12 8.8 High
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.
CVE-2015-8024 1 Mcafee 1 Mcafee Enterprise Security Manager 2025-04-12 N/A
McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) 9.3.x before 9.3.2MR19, 9.4.x before 9.4.2MR9, and 9.5.x before 9.5.0MR8, when configured to use Active Directory or LDAP authentication sources, allow remote attackers to bypass authentication by logging in with the username "NGCP|NGCP|NGCP;" and any password.
CVE-2014-1525 4 Canonical, Fedoraproject, Mozilla and 1 more 5 Ubuntu Linux, Fedora, Firefox and 2 more 2025-04-12 N/A
The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document.
CVE-2016-2533 3 Debian, Python, Python Imaging Project 3 Debian Linux, Pillow, Python Imaging 2025-04-12 N/A
Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in Pillow before 3.1.1 and Python Imaging Library (PIL) 1.1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PhotoCD file.
CVE-2016-0981 6 Adobe, Apple, Google and 3 more 14 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 11 more 2025-04-12 8.8 High
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, and CVE-2016-0980.
CVE-2016-7127 2 Php, Redhat 2 Php, Rhel Software Collections 2025-04-12 N/A
The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact by providing different signs for the second and third arguments.
CVE-2014-6184 4 Apple, Ibm, Linux and 1 more 4 Macos, Tivoli Storage Manager, Linux Kernel and 1 more 2025-04-12 N/A
Stack-based buffer overflow in dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4 through 5.4.3.6, 5.5 through 5.5.4.3, 6.1 through 6.1.5.6, 6.2 before 6.2.5.4, and 6.3 before 6.3.2.3 on UNIX, Linux, and OS X allows local users to gain privileges via unspecified vectors.
CVE-2014-9284 1 Buffalotech 14 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 11 more 2025-04-12 N/A
The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.
CVE-2013-2090 1 Uplawski 1 Creme Fraiche 2025-04-12 N/A
The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.
CVE-2015-2845 1 Goautodial 1 Goadmin Ce 2025-04-12 N/A
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
CVE-2015-4279 1 Cisco 1 Unified Computing System 2025-04-12 N/A
The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) on B Blade Server devices allows local users to gain privileges for executing arbitrary CLI commands by leveraging access to the subordinate fabric interconnect, aka Bug ID CSCut32778.
CVE-2014-8767 2 Opensuse, Redhat 2 Opensuse, Tcpdump 2025-04-12 N/A
Integer underflow in the olsr_print function in tcpdump 3.9.6 through 4.6.2, when in verbose mode, allows remote attackers to cause a denial of service (crash) via a crafted length value in an OLSR frame.
CVE-2014-2565 1 Bluecoat 2 Content Analysis System, Content Analysis System Software 2025-04-12 N/A
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection."
CVE-2013-0662 2 Schneider-electric, Schneider Electric 13 Concept, Modbus Serial Driver, Modbuscommdtm Sl and 10 more 2025-04-12 N/A
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a Modbus Application Header.
CVE-2013-5758 1 Yealink 1 Sip-t38g 2025-04-12 N/A
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
CVE-2015-5690 1 Symantec 1 Web Gateway 2025-04-12 N/A
The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a "redirect."
CVE-2016-9675 2 Redhat, Uclouvain 5 Enterprise Linux, Enterprise Linux For Ibm Z Systems, Enterprise Linux For Power Big Endian and 2 more 2025-04-12 7.8 High
openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code.