Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-2361 | 1 Microsoft | 2 Windows 8.1, Windows Server 2012 | 2025-04-12 | 7.2 HIGH | N/A |
|
Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (buffer overflow) by leveraging guest OS privileges, aka "Hyper-V Buffer Overflow Vulnerability."
|
|||||
| CVE-2016-4097 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1077, CVE-2016-1078, CVE-2016-1080, CVE ...
Show More |
|||||
| CVE-2014-4337 | 1 Linuxfoundation | 1 Cups-filters | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The process_browse_data function in utils/cups-browsed.c in cups-browsed in cups-filters before 1.0.53 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted packet data.
|
|||||
| CVE-2014-3952 | 1 Freebsd | 1 Freebsd | 2025-04-12 | 4.9 MEDIUM | N/A |
|
FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 before p7 does not properly initialize the buffer between the header and data of a control message, which allows local users to obtain sensitive information from kernel memory via unspecified vectors.
|
|||||
| CVE-2014-9765 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Opensuse and 1 more | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
Buffer overflow in the main_get_appheader function in xdelta3-main.h in xdelta3 before 3.0.9 allows remote attackers to execute arbitrary code via a crafted input file.
|
|||||
| CVE-2013-6474 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Heap-based buffer overflow in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows remote attackers to execute arbitrary code via a crafted PDF file.
|
|||||
| CVE-2015-3796 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | 7.5 HIGH | N/A |
|
The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted regular expression, a different vulnerability than CVE-2015-3797 and CVE-2015-3798.
|
|||||
| CVE-2016-1765 | 1 Apple | 1 Xcode | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
|
otool in Apple Xcode before 7.3 allows local users to gain privileges or cause a denial of service (memory corruption and application crash) via unspecified vectors.
|
|||||
| CVE-2016-3191 | 1 Pcre | 2 Pcre, Pcre2 | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.
|
|||||
| CVE-2015-6678 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676.
|
|||||
| CVE-2016-0154 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
|
|||||
| CVE-2016-6940 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE ...
Show More |
|||||
| CVE-2014-3583 | 3 Apache, Apple, Canonical | 4 Http Server, Mac Os X, Os X Server and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi module in the Apache HTTP Server 2.4.10 allows remote FastCGI servers to cause a denial of service (buffer over-read and daemon crash) via long response headers.
|
|||||
| CVE-2016-1007 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC Classic before 15.006.30121, and Acrobat and Acrobat Reader DC Continuous before 15.010.20060 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1009.
|
|||||
| CVE-2014-4086 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
|
|||||
| CVE-2015-3724 | 1 Apple | 1 Iphone Os | 2025-04-12 | 6.8 MEDIUM | N/A |
|
CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.
|
|||||
| CVE-2015-5816 | 1 Apple | 3 Iphone Os, Itunes, Safari | 2025-04-12 | 6.8 MEDIUM | N/A |
|
WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3.
|
|||||
| CVE-2015-2712 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | 7.5 HIGH | N/A |
|
The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript.
|
|||||
| CVE-2016-6977 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE ...
Show More |
|||||
| CVE-2014-4080 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4089, CVE-2014-4091, and CVE-2014-4102.
|
|||||
| CVE-2014-2808 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-2796, CVE-2014-2825, CVE-2014-4050, CVE-2014-4055, and CVE-2014-4067.
|
|||||
| CVE-2016-1503 | 2 Dhcpcd Project, Google | 2 Dhcpcd, Android | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 and other products, mismanages option lengths, which allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a malformed DHCP response, aka internal bug 26461634.
|
|||||
| CVE-2016-0084 | 1 Microsoft | 1 Edge | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
|
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
|
|||||
| CVE-2015-7053 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2025-04-12 | 6.8 MEDIUM | N/A |
|
ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.
|
|||||
| CVE-2015-2372 | 1 Microsoft | 2 Internet Explorer, Vbscript | 2025-04-12 | 9.3 HIGH | N/A |
|
vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
|
|||||
| CVE-2016-2807 | 3 Mozilla, Opensuse, Suse | 4 Firefox, Leap, Opensuse and 1 more | 2025-04-12 | 10.0 HIGH | 8.8 HIGH |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR 45.x before 45.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
|
|||||
| CVE-2014-4158 | 1 Senkas | 1 Kolibri | 2025-04-12 | 7.5 HIGH | N/A |
|
Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a GET request.
|
|||||
| CVE-2016-3990 | 2 Libtiff, Oracle | 2 Libtiff, Vm Server | 2025-04-12 | 6.8 MEDIUM | 7.8 HIGH |
|
Heap-based buffer overflow in the horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted TIFF image to tiffcp.
|
|||||
| CVE-2013-5365 | 1 Autodesk | 4 Sketchbook, Sketchbook Express, Sketchbook For Enterprise 2014 and 1 more | 2025-04-12 | 9.3 HIGH | N/A |
|
Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, Pro, and Express before 6.25, and Copic Edition before 2.0.2 allows remote attackers to execute arbitrary code via RLE-compressed channel data in a PSD file.
|
|||||
| CVE-2014-9448 | 1 Mini-stream | 1 Rm-mp3 Converter | 2025-04-12 | 7.5 HIGH | N/A |
|
Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file.
|
|||||
| CVE-2016-4602 | 1 Apple | 1 Mac Os X | 2025-04-12 | 6.8 MEDIUM | 8.8 HIGH |
|
QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600.
|
|||||
| CVE-2016-4092 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4091.
|
|||||
| CVE-2014-3976 | 1 A10networks | 1 Advanced Core Operating System | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) before 2.7.0-p6 and 2.7.1 before 2.7.1-P1_55 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long session id in the URI to sys_reboot.html. NOTE: some of these details are obtained from third party information.
|
|||||
| CVE-2014-9265 | 1 Samsung | 1 Smartviewer | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
|
|||||
| CVE-2014-4049 | 3 Debian, Opensuse, Php | 3 Debian Linux, Opensuse, Php | 2025-04-12 | 5.1 MEDIUM | N/A |
|
Heap-based buffer overflow in the php_parserr function in ext/standard/dns.c in PHP 5.6.0beta4 and earlier allows remote servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS TXT record, related to the dns_get_record function.
|
|||||
| CVE-2014-4342 | 3 Debian, Mit, Redhat | 7 Debian Linux, Kerberos, Kerberos 5 and 4 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows remote attackers to cause a denial of service (buffer over-read or NULL pointer dereference, and application crash) by injecting invalid tokens into a GSSAPI application session.
|
|||||
| CVE-2015-6066 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6070, CVE-2015-6071, CVE-2015-6074, CVE-2015-6076, and CVE-2015-6087.
|
|||||
| CVE-2010-1442 | 1 Videolan | 1 Vlc Media Player | 2025-04-12 | 7.5 HIGH | N/A |
|
VideoLAN VLC media player before 1.0.6 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly execute arbitrary code via a crafted byte stream to the (1) AVI, (2) ASF, or (3) Matroska (aka MKV) demuxer.
|
|||||
| CVE-2014-2766 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1773, CVE-2014-1783, CVE-2014-1784, CVE-2014-1786, CVE-2014-1795, CVE-2014-1805, CVE-2014-2758, CVE-2014-2759, CVE-2014-2765, and CVE-2014-2775.
|
|||||
| CVE-2015-7829 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | 1.9 LOW | N/A |
|
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows mishandle junctions in the Synchronizer directory, which allows attackers to delete arbitrary files via Adobe Collaboration Sync, a related issue to CVE-2015-2428.
|
|||||