Export limit exceeded: 21036 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21036 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3665 | 1 Axiosys | 1 Bento4 | 2025-04-14 | 7.3 High |
| A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is an unknown functionality of the file AvcInfo.cpp of the component avcinfo. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212005 was assigned to this vulnerability. | ||||
| CVE-2022-3667 | 1 Axiosys | 1 Bento4 | 2025-04-14 | 7.3 High |
| A vulnerability, which was classified as critical, was found in Axiomatic Bento4. This affects the function AP4_MemoryByteStream::WritePartial of the file Ap4ByteStream.cpp of the component mp42aac. The manipulation leads to heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212007. | ||||
| CVE-2022-3670 | 1 Axiosys | 1 Bento4 | 2025-04-14 | 7.3 High |
| A vulnerability was found in Axiomatic Bento4. It has been classified as critical. Affected is the function WriteSample of the component mp42hevc. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-212010 is the identifier assigned to this vulnerability. | ||||
| CVE-2014-3883 | 1 Webmin | 1 Usermin | 2025-04-12 | N/A |
| Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. | ||||
| CVE-2013-2642 | 1 Sophos | 2 Web Appliance, Web Appliance Firmware | 2025-04-12 | N/A |
| Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation variable in a customized template, and remote authenticated users to execute arbitrary commands via shell metacharacters in the (2) url parameter to the Diagnostic Tools functionality or (3) entries parameter to the Local Site List functionality. | ||||
| CVE-2014-9284 | 1 Buffalotech | 14 Bhr-4grv2, Bhr-4grv2 Firmware, Wex-300 and 11 more | 2025-04-12 | N/A |
| The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, WHR-600D 1.60 and earlier, WHR-300HP2 1.60 and earlier, WMR-300 1.60 and earlier, WEX-300 1.60 and earlier, and BHR-4GRV2 1.04 and earlier routers allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2014-3085 | 1 Ibm | 2 Global Console Manager 16 Firmware, Global Console Manager 32 Firmware | 2025-04-12 | N/A |
| systest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the lpres parameter. | ||||
| CVE-2013-4151 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2025-04-12 | N/A |
| The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image, which triggers an out-of-bounds write. | ||||
| CVE-2014-1525 | 4 Canonical, Fedoraproject, Mozilla and 1 more | 5 Ubuntu Linux, Fedora, Firefox and 2 more | 2025-04-12 | N/A |
| The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before 29.0 and SeaMonkey before 2.26 does not properly perform garbage collection for Text Track Manager variables, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) via a crafted VIDEO element in an HTML document. | ||||
| CVE-2014-0210 | 3 Canonical, Redhat, X | 3 Ubuntu Linux, Enterprise Linux, Libxfont | 2025-04-12 | N/A |
| Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs protocol reply to the (1) _fs_recv_conn_setup, (2) fs_read_open_font, (3) fs_read_query_info, (4) fs_read_extent_info, (5) fs_read_glyphs, (6) fs_read_list, or (7) fs_read_list_info function. | ||||
| CVE-2014-4345 | 2 Mit, Redhat | 2 Kerberos 5, Enterprise Linux | 2025-04-12 | N/A |
| Off-by-one error in the krb5_encode_krbsecretkey function in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the LDAP KDB module in kadmind in MIT Kerberos 5 (aka krb5) 1.6.x through 1.11.x before 1.11.6 and 1.12.x before 1.12.2 allows remote authenticated users to cause a denial of service (buffer overflow) or possibly execute arbitrary code via a series of "cpw -keepold" commands. | ||||
| CVE-2014-4326 | 1 Elastic | 1 Logstash | 2025-04-12 | N/A |
| Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/. | ||||
| CVE-2014-2874 | 1 Paperthin | 1 Commonspot Content Server | 2025-04-12 | N/A |
| PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context. | ||||
| CVE-2014-1578 | 2 Mozilla, Redhat | 3 Firefox, Thunderbird, Enterprise Linux | 2025-04-12 | N/A |
| The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird 31.x before 31.2 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly execute arbitrary code via WebM frames with invalid tile sizes that are improperly handled in buffering operations during video playback. | ||||
| CVE-2014-3181 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Enterprise Mrg | 2025-04-12 | N/A |
| Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. | ||||
| CVE-2014-3183 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| Heap-based buffer overflow in the logi_dj_ll_raw_request function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that specifies a large report size for an LED report. | ||||
| CVE-2014-3357 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | N/A |
| Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allow remote attackers to cause a denial of service (device reload) via malformed mDNS packets, aka Bug ID CSCul90866. | ||||
| CVE-2014-3358 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | N/A |
| Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before 3.3.2SE, 3.3.xXO before 3.3.1XO, 3.5.xE before 3.5.2E, and 3.11.xS before 3.11.1S allows remote attackers to cause a denial of service (memory consumption, and interface queue wedge or device reload) via malformed mDNS packets, aka Bug ID CSCuj58950. | ||||
| CVE-2014-0211 | 3 Canonical, Redhat, X | 3 Ubuntu Linux, Enterprise Linux, Libxfont | 2025-04-12 | N/A |
| Multiple integer overflows in the (1) fs_get_reply, (2) fs_alloc_glyphs, and (3) fs_read_extent_info functions in X.Org libXfont before 1.4.8 and 1.4.9x before 1.4.99.901 allow remote font servers to execute arbitrary code via a crafted xfs reply, which triggers a buffer overflow. | ||||
| CVE-2014-3121 | 1 Marc Lehmann | 1 Rxvt-unicode | 2025-04-12 | N/A |
| rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands. | ||||