Total
6255 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2010-2208 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Mac Os X and 2 more | 2025-04-11 | N/A |
| Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, dereference a heap object after this object's deletion, which allows attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2013-5093 | 1 Graphite Project | 1 Graphite | 2025-04-11 | N/A |
| The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object. | ||||
| CVE-2010-3329 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2025-04-11 | N/A |
| mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability." | ||||
| CVE-2011-4791 | 1 Hp | 1 Data Protector Media Operations | 2025-04-11 | N/A |
| DBServer.exe in HP Data Protector Media Operations 6.11 and earlier allows remote attackers to execute arbitrary code via a crafted request containing a large value in a length field. | ||||
| CVE-2010-1256 | 1 Microsoft | 5 Internet Information Server, Windows 2003 Server, Windows 7 and 2 more | 2025-04-11 | N/A |
| Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability." | ||||
| CVE-2010-1737 | 1 Carlos Eduardo Sotelo Pinto | 1 0.1.0 | 2025-04-11 | N/A |
| PHP remote file inclusion vulnerability in core/includes/gfw_smarty.php in Gallo 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[gfwroot] parameter. | ||||
| CVE-2013-2134 | 1 Apache | 1 Struts | 2025-04-11 | N/A |
| Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135. | ||||
| CVE-2010-1360 | 1 Boesch-it | 1 Faqengine | 2025-04-11 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in FAQEngine 4.24.00 allow remote attackers to execute arbitrary PHP code via a URL in the path_faqe parameter to (1) attachs.php, (2) backup.php, (3) badwords.php, (4) categories.php, (5) changepw.php, (6) colorchooser.php, (7) colorwheel.php, (8) dbfiles.php, (9) diraccess.php, (10) faq.php, (11) index.php, (12) kb.php, and (13) stats.php. | ||||
| CVE-2013-3129 | 1 Microsoft | 14 .net Framework, Lync, Lync Basic and 11 more | 2025-04-11 | 7.8 High |
| Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight 5 before 5.1.20513.0; win32k.sys in the kernel-mode drivers, and GDI+, DirectWrite, and Journal, in Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT; GDI+ in Office 2003 SP3, 2007 SP3, and 2010 SP1; GDI+ in Visual Studio .NET 2003 SP1; and GDI+ in Lync 2010, 2010 Attendee, 2013, and Basic 2013 allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability." | ||||
| CVE-2013-1777 | 2 Apache, Ibm | 2 Geronimo, Websphere Application Server | 2025-04-11 | N/A |
| The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object. | ||||
| CVE-2010-1261 | 1 Microsoft | 6 Internet Explorer, Windows 2003 Server, Windows 7 and 3 more | 2025-04-11 | N/A |
| The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, and SP3 allows user-assisted remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | ||||
| CVE-2013-2950 | 1 Ibm | 1 Websphere Portal | 2025-04-11 | N/A |
| CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before 6.1.0.3 CF26, 6.1.5.x before 6.1.5 CF26, 7.0.0.x before 7.0.0.2 CF21, and 8.0.0.x through 8.0.0.1 CF5, when home substitution (aka uri.home.substitution) is enabled, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | ||||
| CVE-2011-3231 | 1 Apple | 3 Mac Os X, Mac Os X Server, Safari | 2025-04-11 | N/A |
| The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before 10.7 accesses uninitialized memory during the processing of X.509 certificates, which allows remote web servers to execute arbitrary code via a crafted certificate. | ||||
| CVE-2010-4572 | 1 Mozilla | 1 Bugzilla | 2025-04-11 | N/A |
| CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and 4.0.x before 4.0rc2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the query string, a different vulnerability than CVE-2010-2761 and CVE-2010-4411. | ||||
| CVE-2014-1202 | 2 Eviware, Smartbear | 2 Soapui, Soapui | 2025-04-11 | N/A |
| The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. | ||||
| CVE-2011-4256 | 1 Realnetworks | 1 Realplayer | 2025-04-11 | N/A |
| The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors. | ||||
| CVE-2011-3397 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2025-04-11 | N/A |
| The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability." | ||||
| CVE-2010-1259 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | ||||
| CVE-2012-0011 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2025-04-11 | N/A |
| Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "HTML Layout Remote Code Execution Vulnerability." | ||||
| CVE-2012-0014 | 2 Apple, Microsoft | 9 Mac Os X, .net Framework, Silverlight and 6 more | 2025-04-11 | 7.8 High |
| Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability." | ||||