Export limit exceeded: 11932 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347327 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-8039 | 1 Samsung | 1 Smartviewer | 2025-04-12 | N/A |
| Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference. | ||||
| CVE-2012-5877 | 1 Nero | 1 Mediahome | 2025-04-12 | N/A |
| Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name. | ||||
| CVE-2015-7988 | 1 Apple | 6 Airport Base Station, Airport Base Station Firmware, Iphone Os and 3 more | 2025-04-12 | N/A |
| The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vectors. | ||||
| CVE-2015-3047 | 3 Adobe, Apple, Microsoft | 4 Acrobat, Acrobat Reader, Mac Os X and 1 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. | ||||
| CVE-2015-3039 | 7 Adobe, Apple, Linux and 4 more | 12 Flash Player, Mac Os X, Linux Kernel and 9 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358. | ||||
| CVE-2016-4556 | 4 Canonical, Oracle, Redhat and 1 more | 4 Ubuntu Linux, Linux, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x before 4.0.10 allows remote servers to cause a denial of service (crash) via a crafted Edge Side Includes (ESI) response. | ||||
| CVE-2015-3026 | 3 Debian, Opensuse, Xiph | 3 Debian Linux, Opensuse, Icecast | 2025-04-12 | N/A |
| Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg." | ||||
| CVE-2015-2994 | 1 Sysaid | 1 Sysaid | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/. | ||||
| CVE-2015-2378 | 1 Microsoft | 3 Excel, Excel Viewer, Office Compatibility Pack | 2025-04-12 | N/A |
| Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Microsoft Excel DLL Remote Code Execution Vulnerability." | ||||
| CVE-2015-2368 | 1 Microsoft | 5 Windows 7, Windows 8.1, Windows Rt 8.1 and 2 more | 2025-04-12 | N/A |
| Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Windows DLL Remote Code Execution Vulnerability." | ||||
| CVE-2016-4541 | 4 Fedoraproject, Opensuse, Php and 1 more | 4 Fedora, Leap, Php and 1 more | 2025-04-12 | N/A |
| The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | ||||
| CVE-2015-2346 | 1 Huawei | 1 Seq Analyst | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. | ||||
| CVE-2013-0250 | 1 Corosync | 1 Corosync | 2025-04-12 | N/A |
| The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet. | ||||
| CVE-2015-2296 | 3 Canonical, Mageia Project, Python | 3 Ubuntu Linux, Mageia, Requests | 2025-04-12 | N/A |
| The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. | ||||
| CVE-2015-2215 | 1 Services Single Sign-on Server Helper Project | 1 Services Single Sign-on Server Helper | 2025-04-12 | N/A |
| Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | ||||
| CVE-2016-4540 | 4 Fedoraproject, Opensuse, Php and 1 more | 4 Fedora, Leap, Php and 1 more | 2025-04-12 | N/A |
| The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c in PHP before 5.5.35, 5.6.x before 5.6.21, and 7.x before 7.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a negative offset. | ||||
| CVE-2015-2194 | 1 Digitalnature | 1 Fusion | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors. | ||||
| CVE-2015-2167 | 1 Ericsson | 1 Drutt Mobile Service Delivery Platform | 2025-04-12 | N/A |
| Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp. | ||||
| CVE-2015-1587 | 1 Maarch | 2 Gec\/ged, Letterbox | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/. | ||||
| CVE-2015-7924 | 1 Ewon | 1 Ewon Firmware | 2025-04-12 | N/A |
| eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. | ||||