Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1220 3 Canonical, Google, Redhat 7 Ubuntu Linux, Chrome, Enterprise Linux Desktop Supplementary and 4 more 2025-04-12 N/A
Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted frame size in a GIF image.
CVE-2015-1221 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, related to the shutdown function in web/WebKit.cpp.
CVE-2015-1222 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a ServiceWorkerContextWrapper::DeleteAndStartOver call, related to the NotifyStartedCaching and NotifyFinishedCaching functions.
CVE-2012-5395 1 Mediawiki 1 Mediawiki 2025-04-12 N/A
Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centralauth_Session cookie.
CVE-2016-4831 1 Linecorp 2 Line, Line Installer 2025-04-12 N/A
Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2014-3782 1 Dotclear 1 Dotclear 2025-04-12 N/A
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) double extension or (2) .php5, (3) .phtml, or some other PHP file extension.
CVE-2014-3682 1 Redhat 3 Jboss Bpms, Jboss Brms, Jbpm-designer 2025-04-12 N/A
XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file.
CVE-2016-3951 4 Canonical, Linux, Novell and 1 more 10 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Desktop and 7 more 2025-04-12 N/A
Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified other impact by inserting a USB device with an invalid USB descriptor.
CVE-2014-2888 1 Herry 1 Sfpagent 2025-04-12 N/A
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.
CVE-2014-2891 2 Debian, Strongswan 2 Strongswan, Strongswan 2025-04-12 N/A
strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.
CVE-2014-2867 1 Paperthin 1 Commonspot Content Server 2025-04-12 N/A
Unrestricted file upload vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code by uploading a ColdFusion page, and then accessing it via unspecified vectors.
CVE-2014-2709 2 Cacti, Debian 2 Cacti, Debian Linux 2025-04-12 N/A
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.
CVE-2014-2591 1 Bmc 1 Patrol Agent 2025-04-12 N/A
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.
CVE-2014-2528 2 Kdirstat Project, Opensuse 2 Kdirstat, Opensuse 2025-04-12 N/A
kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.
CVE-2014-2516 1 Emc 1 Rsa Authentication Manager 2025-04-12 N/A
Open redirect vulnerability in EMC RSA Authentication Manager 8.x before 8.1 Patch 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
CVE-2014-2095 1 Catfish Project 1 Catfish 2025-04-12 N/A
Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under the current working directory.
CVE-2014-2096 1 Catfish Project 1 Catfish 2025-04-12 N/A
Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory.
CVE-2014-2055 2 Fruux, Owncloud 2 Sabredav, Owncloud Server 2025-04-12 N/A
SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.
CVE-2014-2042 1 Livetecs 1 Timeline 2025-04-12 N/A
Unrestricted file upload vulnerability in the Manage Project functionality in Livetecs Timelive before 6.5.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a predictable directory in Uploads/.
CVE-2014-1956 1 Fortinet 1 Fortiweb 2025-04-12 N/A
CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.