Export limit exceeded: 23296 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23296 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5699 | 2 Python, Redhat | 3 Python, Enterprise Linux, Rhel Software Collections | 2025-04-12 | N/A |
| CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPython (aka Python) before 2.7.10 and 3.x before 3.4.4 allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in a URL. | ||||
| CVE-2016-2821 | 5 Canonical, Debian, Mozilla and 2 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-12 | N/A |
| Use-after-free vulnerability in the mozilla::dom::Element class in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2, when contenteditable mode is enabled, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by triggering deletion of DOM elements that were created in the editor. | ||||
| CVE-2016-2831 | 5 Canonical, Debian, Mozilla and 2 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2025-04-12 | N/A |
| Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (UI outage), or conduct clickjacking or spoofing attacks, via a crafted web site. | ||||
| CVE-2016-3075 | 5 Canonical, Fedoraproject, Gnu and 2 more | 5 Ubuntu Linux, Fedora, Glibc and 2 more | 2025-04-12 | N/A |
| Stack-based buffer overflow in the nss_dns implementation of the getnetbyname function in GNU C Library (aka glibc) before 2.24 allows context-dependent attackers to cause a denial of service (stack consumption and application crash) via a long name. | ||||
| CVE-2014-4199 | 2 Redhat, Vmware | 4 Enterprise Linux, Tools, Vm-support and 1 more | 2025-04-12 | N/A |
| vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp. | ||||
| CVE-2014-3676 | 1 Redhat | 2 Enterprise Linux, Shim | 2025-04-12 | N/A |
| Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option." | ||||
| CVE-2014-3675 | 1 Redhat | 2 Enterprise Linux, Shim | 2025-04-12 | N/A |
| Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet. | ||||
| CVE-2016-3500 | 2 Oracle, Redhat | 6 Jdk, Jre, Jrockit and 3 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. | ||||
| CVE-2014-3669 | 2 Php, Redhat | 4 Php, Enterprise Linux, Rhel Eus and 1 more | 2025-04-12 | N/A |
| Integer overflow in the object_custom function in ext/standard/var_unserializer.c in PHP before 5.4.34, 5.5.x before 5.5.18, and 5.6.x before 5.6.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an argument to the unserialize function that triggers calculation of a large length value. | ||||
| CVE-2016-4449 | 4 Canonical, Debian, Redhat and 1 more | 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in the xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.4, when not in validating mode, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via unspecified vectors. | ||||
| CVE-2014-4220 | 2 Oracle, Redhat | 4 Jdk, Jre, Rhel Extras and 1 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4208. | ||||
| CVE-2016-3717 | 3 Canonical, Imagemagick, Redhat | 11 Ubuntu Linux, Imagemagick, Enterprise Linux and 8 more | 2025-04-12 | N/A |
| The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image. | ||||
| CVE-2016-1838 | 6 Apple, Canonical, Debian and 3 more | 16 Iphone Os, Mac Os X, Tvos and 13 more | 2025-04-12 | N/A |
| The xmlPArserPrintFileContextInternal function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | ||||
| CVE-2014-4252 | 2 Oracle, Redhat | 6 Jdk, Jre, Enterprise Linux and 3 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Security. | ||||
| CVE-2016-1833 | 6 Apple, Canonical, Debian and 3 more | 16 Iphone Os, Mac Os X, Tvos and 13 more | 2025-04-12 | N/A |
| The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document. | ||||
| CVE-2016-0974 | 6 Adobe, Apple, Google and 3 more | 14 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 11 more | 2025-04-12 | 8.8 High |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984. | ||||
| CVE-2016-5542 | 2 Oracle, Redhat | 6 Jdk, Jre, Enterprise Linux and 3 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries. | ||||
| CVE-2014-5029 | 3 Apple, Canonical, Redhat | 3 Cups, Ubuntu Linux, Enterprise Linux | 2025-04-12 | N/A |
| The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3537. | ||||
| CVE-2014-2525 | 3 Opensuse, Pyyaml, Redhat | 6 Leap, Opensuse, Libyaml and 3 more | 2025-04-12 | N/A |
| Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. | ||||
| CVE-2016-5554 | 2 Oracle, Redhat | 6 Jdk, Jre, Enterprise Linux and 3 more | 2025-04-12 | N/A |
| Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX. | ||||