Total
29869 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3232 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter.
|
|||||
| CVE-2015-0868 | 1 Shiromuku | 1 Bu2 Bbs | 2025-04-12 | 7.5 HIGH | N/A |
|
Unrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS before 2.91 allows remote attackers to execute arbitrary code by uploading an executable file.
|
|||||
| CVE-2015-5557 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE- ...
Show More |
|||||
| CVE-2015-3047 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors.
|
|||||
| CVE-2015-3118 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015- ...
Show More |
|||||
| CVE-2016-5655 | 1 Misys | 1 Fusioncapital Opics Plus | 2025-04-12 | 4.3 MEDIUM | 5.9 MEDIUM |
|
Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.
|
|||||
| CVE-2013-4489 | 1 Gitlab | 1 Gitlab | 2025-04-12 | 6.5 MEDIUM | N/A |
|
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.
|
|||||
| CVE-2015-7639 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK & Compiler before 19.0.0.213 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-7629, CVE-2015-7631, CVE-2015-7635, CVE-2015-7636, CVE-2015-7637, CVE-2015-7638, CVE-2015-7640, CVE-2015-7641, CVE-2015-7642, CVE-201 ...
Show More |
|||||
| CVE-2014-2247 | 1 Siemens | 1 Simatic S7-1500 Cpu Firmware | 2025-04-12 | 5.8 MEDIUM | N/A |
|
The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 allows remote attackers to inject headers via unspecified vectors.
|
|||||
| CVE-2015-2925 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2025-04-12 | 6.9 MEDIUM | N/A |
|
The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a "double-chroot attack."
|
|||||
| CVE-2014-3574 | 1 Apache | 1 Poi | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) attack.
|
|||||
| CVE-2015-4091 | 1 Sap | 1 Sap Netweaver Application Server Java | 2025-04-12 | 7.5 HIGH | N/A |
|
XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to tc~sld~wd~main/Main, related to "CIM UPLOAD," aka SAP Security Note 2090851.
|
|||||
| CVE-2014-4419 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | 1.9 LOW | N/A |
|
The network-statistics interface in the kernel in Apple iOS before 8 and Apple TV before 7 does not properly initialize memory, which allows attackers to obtain sensitive memory-content and memory-layout information via a crafted application, a different vulnerability than CVE-2014-4371, CVE-2014-4420, and CVE-2014-4421.
|
|||||
| CVE-2015-3084 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3077 and CVE-2015-3086.
|
|||||
| CVE-2015-1295 | 1 Google | 1 Chrome | 2025-04-12 | 7.5 HIGH | N/A |
|
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities.
|
|||||
| CVE-2014-0925 | 1 Ibm | 1 Sterling Control Center | 2025-04-12 | 3.5 LOW | N/A |
|
Open redirect vulnerability in IBM Sterling Control Center 5.4.0 before 5.4.0.1 iFix 3 and 5.4.1 before 5.4.1.0 iFix 2 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL.
|
|||||
| CVE-2014-8894 | 1 Ibm | 1 Tririga Application Platform | 2025-04-12 | 4.9 MEDIUM | N/A |
|
Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via the out parameter.
|
|||||
| CVE-2016-4102 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1045, CVE-2016-1046, CVE-2016-1047, CVE-2016-1048, CVE-2016-1049, CVE-2016-1050, CVE-2016-1051, CVE-2016-1052, CVE-2016-1053, CVE-2016-1054, CVE-2016-1055, CVE-2016-1056, CVE- ...
Show More |
|||||
| CVE-2015-0512 | 1 Emc | 1 Unisphere Central | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter.
|
|||||
| CVE-2016-3951 | 4 Canonical, Linux, Novell and 1 more | 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 7 more | 2025-04-12 | 4.9 MEDIUM | 4.6 MEDIUM |
|
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
|
|||||
| CVE-2015-3326 | 1 Trend Micro | 1 Scanmail | 2025-04-12 | 5.0 MEDIUM | N/A |
|
Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predictable values, which makes it easier for remote attackers to bypass authentication via a brute force attack.
|
|||||
| CVE-2015-1051 | 2 Context Project, Fedoraproject | 2 Context, Fedora | 2025-04-12 | 5.8 MEDIUM | N/A |
|
Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
|
|||||
| CVE-2016-2003 | 1 Hp | 2 P9000 Command View Advanced Edition Software, Xp7 Command View Advanced Edition Suite | 2025-04-12 | 7.5 HIGH | 9.8 CRITICAL |
|
HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x before 8.4.0-00 and XP7 CVAE 7.x and 8.x before 8.4.0-00 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
|
|||||
| CVE-2015-2264 | 1 Telerik | 1 Analytics Monitor Library | 2025-04-12 | 6.9 MEDIUM | N/A |
|
Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Telerik Analytics Monitor Library before 3.2.125 allow local users to gain privileges via a Trojan horse (a) csunsapi.dll, (b) swift.dll, (c) nfhwcrhk.dll, or (d) surewarehook.dll file in an unspecified directory.
|
|||||
| CVE-2015-5570 | 5 Adobe, Apple, Google and 2 more | 8 Air, Air Sdk, Air Sdk \& Compiler and 5 more | 2025-04-12 | 10.0 HIGH | N/A |
|
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5574, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682.
|
|||||
| CVE-2016-2175 | 2 Apache, Debian | 2 Pdfbox, Debian Linux | 2025-04-12 | 7.5 HIGH | 7.8 HIGH |
|
Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted PDF.
|
|||||
| CVE-2015-8042 | 5 Adobe, Apple, Google and 2 more | 9 Air, Air Sdk, Air Sdk \& Compiler and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
|
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK & Compiler before 19.0.0.241 allows attackers to execute arbitrary code via a crafted loadSound call, a different vulnerability than CVE-2015-7651, CVE-2015-7652, CVE-2015-7653, CVE-2015-7654, CVE-2015-7655, CVE-2015-7656, CVE-2015-7657, CVE-2015-7658, CVE-2015-7660, CV ...
Show More |
|||||
| CVE-2014-2054 | 2 Owncloud, Phpexcel Project | 2 Owncloud Server, Phpexcel | 2025-04-12 | 7.5 HIGH | N/A |
|
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
|
|||||
| CVE-2014-9326 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more | 2025-04-12 | 4.3 MEDIUM | N/A |
|
The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0, and PEM 11.3.0 through 11.6.0 and the (2) Call Home feature in ASM 10.0.0 through 11.6.0 and PEM 11.3.0 through 11.6.0 does not properly validate server SSL certificates, which allows remote attackers to conduct man-in-the-middle attacks via a crafted certificate.
|
|||||
| CVE-2014-3069 | 1 Ibm | 1 Curam Social Program Management | 2025-04-12 | 3.5 LOW | N/A |
|
Multiple CRLF injection vulnerabilities in the Universal Access component in IBM Curam Social Program Management (SPM) 6.0.5.5, when WebSphere Application Server is not used, allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified parameters.
|
|||||
| CVE-2014-5354 | 1 Mit | 2 Kerberos, Kerberos 5 | 2025-04-12 | 3.5 LOW | N/A |
|
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) by creating a database entry for a keyless principal, as demonstrated by a kadmin "add_principal -nokey" or "purgekeys -all" command.
|
|||||
| CVE-2014-3389 | 1 Cisco | 1 Asa | 2025-04-12 | 9.0 HIGH | N/A |
|
The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 before 8.2(5.51), 8.3 before 8.3(2.42), 8.4 before 8.4(7.23), 8.6 before 8.6(1.15), 9.0 before 9.0(4.24), 9.1 before 9.1(5.12), 9.2 before 9.2(2.6), and 9.3 before 9.3(1.1) does not properly implement a tunnel filter, which allows remote authenticated users to obtain failover-unit access via crafted packets, aka Bug ID CSCuq28582.
|
|||||
| CVE-2016-2099 | 2 Apache, Opensuse | 2 Xerces-c\+\+, Opensuse | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 3.1.3 and earlier allows context-dependent attackers to have unspecified impact via an invalid character in an XML document.
|
|||||
| CVE-2014-1956 | 1 Fortinet | 1 Fortiweb | 2025-04-12 | 5.0 MEDIUM | N/A |
|
CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
|
|||||
| CVE-2015-5458 | 1 Pivotx | 1 Pivotx | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter.
|
|||||
| CVE-2013-4546 | 1 Gitlab | 2 Gitlab, Gitlab-shell | 2025-04-12 | 6.5 MEDIUM | N/A |
|
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
|
|||||
| CVE-2016-4014 | 1 Sap | 1 Netweaver | 2025-04-12 | 9.0 HIGH | 8.6 HIGH |
|
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.
|
|||||
| CVE-2015-8474 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2025-04-12 | 5.8 MEDIUM | 7.4 HIGH |
|
Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted back_url parameter, as demonstrated by "@attacker.com," a different vulnerability than CVE-2014-1985.
|
|||||
| CVE-2016-2780 | 1 Huawei | 1 Utps Firmware | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
|
Untrusted search path vulnerability in Huawei UTPS before UTPS-V200R003B015D15SP00C983 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL in an unspecified directory.
|
|||||
| CVE-2015-4603 | 2 Php, Redhat | 8 Php, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2025-04-12 | 10.0 HIGH | 9.8 CRITICAL |
|
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
|
|||||