Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-9424 1 Openbsd 1 Libressl 2025-04-12 N/A
Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering a certain length-verification error during processing of a DTLS handshake.
CVE-2014-9473 1 Deliciousdays 1 Cformsii 2025-04-12 N/A
Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, then accessing the file via a direct request to the file in the default upload directory.
CVE-2014-9647 1 Google 1 Chrome 2025-04-12 N/A
Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a different vulnerability than CVE-2015-1205.
CVE-2015-0328 5 Adobe, Apple, Linux and 2 more 5 Flash Player, Mac Os X, Linux Kernel and 2 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2015-0325 and CVE-2015-0326.
CVE-2015-0341 5 Adobe, Apple, Linux and 2 more 5 Flash Player, Mac Os X, Linux Kernel and 2 more 2025-04-12 N/A
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0342.
CVE-2015-0342 5 Adobe, Apple, Linux and 2 more 5 Flash Player, Mac Os X, Linux Kernel and 2 more 2025-04-12 N/A
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0341.
CVE-2015-0349 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2025-04-12 N/A
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039.
CVE-2015-0536 1 Dell 2 Bsafe, Bsafe Ssl-c 2025-04-12 7.5 High
EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allow remote attackers to cause a denial of service (daemon crash) via a ClientKeyExchange message with a length of zero, a similar issue to CVE-2015-1787.
CVE-2015-0544 1 Emc 1 Secure Remote Services 2025-04-12 N/A
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.
CVE-2015-1042 1 Mantisbt 1 Mantisbt 2025-04-12 N/A
The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing attacks via a URL with a ":/" (colon slash) separator in the return parameter to login_page.php, a different vulnerability than CVE-2014-6316.
CVE-2015-1051 2 Context Project, Fedoraproject 2 Context, Fedora 2025-04-12 N/A
Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter.
CVE-2015-1137 1 Apple 1 Mac Os X 2025-04-12 N/A
The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type.
CVE-2015-1143 1 Apple 1 Mac Os X 2025-04-12 N/A
LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a "type confusion" issue.
CVE-2015-1188 1 Swisscom 2 Centro Grande, Centro Grande Firmware 2025-04-12 N/A
The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors.
CVE-2015-1993 1 Ibm 1 Security Qradar Incident Forensics 2025-04-12 N/A
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session.
CVE-2015-2014 1 Ibm 1 Domino 2025-04-12 N/A
Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or cross-site scripting (XSS) attacks via a crafted URL, aka SPR SJAR9DNGDA.
CVE-2015-2713 4 Mozilla, Novell, Opensuse and 1 more 8 Firefox, Firefox Esr, Thunderbird and 5 more 2025-04-12 N/A
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text.
CVE-2015-2812 1 Sap 1 Netweaver Enterprise Portal 2025-04-12 N/A
XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2093966.
CVE-2015-2811 1 Sap 1 Netweaver Enterprise Portal 2025-04-12 N/A
XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2111939.
CVE-2015-2813 1 Sap 1 Mobile Platform 2025-04-12 N/A
XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358.