| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3106 and CVE-2015-3107. |
| SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information via an InfoStore query to a CORBA listener. |
| Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote authenticated users to obtain sensitive information via a request to the RSDU_CCMS_GET_PROFILE_PARAM RFC function. |
| XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 allows remote attackers to read arbitrary files via the xmlParameter parameter in an explorationSpaceUpdate request. |
| The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html. |
| The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request. |
| Untrusted search path vulnerability in Corel Painter 2015 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wacommt.dll file that is located in the same folder as the file being processed. |
| Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) FxManagedCommands_3.08_9.tx or (2) TD_Mgd_3.08_9.dll file in the current working directory. |
| Untrusted search path vulnerability in Corel PDF Fusion allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse quserex.dll file that is located in the same folder as the file being processed. |
| Untrusted search path vulnerability in Corel VideoStudio PRO X7 or FastFlick allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse u32ZLib.dll file that is located in the same folder as the file being processed. |
| Multiple untrusted search path vulnerabilities in Corel FastFlick allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) igfxcmrt32.dll, (2) ipl.dll, (3) MSPStyleLib.dll, (4) uFioUtil.dll, (5) uhDSPlay.dll, (6) uipl.dll, (7) uvipl.dll, (8) VC1DecDll.dll, or (9) VC1DecDll_SSE3.dll file that is located in the same folder as the file being processed. |
| Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-3077 and CVE-2015-3084. |
| Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows attackers to execute arbitrary code via unspecified vectors. |
| Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8455 and CVE-2014-9165. |
| Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8454 and CVE-2014-9165. |
| CA Cloud Service Management (CSM) before Summer 2014 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
| Untrusted search path vulnerability in CmnView.exe in CIMON CmnView 2.14.0.1 and 3.x before UltimateAccess 3.02 allows local users to gain privileges via a Trojan horse DLL in the current working directory. |
| Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. |
| Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. |
| Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via the url parameter. |
