Export limit exceeded: 345525 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345525 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345525 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-1823 | 1 Google | 1 Android | 2026-04-21 | 7.8 High |
| The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local users to execute arbitrary code and gain root privileges via a negative index that bypasses a maximum-only signed integer check in the DirectVolume::handlePartitionAdded method, which triggers memory corruption, as demonstrated by Gingerbreak. | ||||
| CVE-2011-1889 | 1 Microsoft | 1 Forefront Threat Management Gateway | 2026-04-21 | 9.8 Critical |
| The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability." | ||||
| CVE-2011-2005 | 1 Microsoft | 2 Windows Server 2003, Windows Xp | 2026-04-21 | 7.8 High |
| afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability." | ||||
| CVE-2011-3402 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-21 | 8.8 High |
| Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability." | ||||
| CVE-2011-3544 | 4 Canonical, Oracle, Redhat and 1 more | 9 Ubuntu Linux, Jdk, Jre and 6 more | 2026-04-21 | 9.8 Critical |
| Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting. | ||||
| CVE-2011-4723 | 1 Dlink | 1 Dir-300 | 2026-04-21 | 5.7 Medium |
| The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2012-0151 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2026-04-21 | 7.8 High |
| The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability." | ||||
| CVE-2012-0158 | 1 Microsoft | 10 Biztalk Server, Commerce Server, Commerce Server 2009 and 7 more | 2026-04-21 | 8.8 High |
| The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Office 2003 Web Components SP3; SQL Server 2000 SP4, 2005 SP4, and 2008 SP2, SP3, and R2; BizTalk Server 2002 SP1; Commerce Server 2002 SP4, 2007 SP2, and 2009 Gold and R2; Visual FoxPro 8.0 SP1 and 9.0 SP2; and Visual Basic 6.0 Runtime allow remote attackers to execute arbitrary code via a crafted (a) web site, (b) Office document, or (c) .rtf file that triggers "system state" corruption, as exploited in the wild in April 2012, aka "MSCOMCTL.OCX RCE Vulnerability." | ||||
| CVE-2012-0391 | 1 Apache | 1 Struts | 2026-04-21 | 9.8 Critical |
| The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL expressions during certain exception handling for mismatched data types of properties, which allows remote attackers to execute arbitrary Java code via a crafted parameter. | ||||
| CVE-2012-0507 | 5 Debian, Oracle, Redhat and 2 more | 10 Debian Linux, Jre, Enterprise Linux and 7 more | 2026-04-21 | 9.8 Critical |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Concurrency. NOTE: the previous information was obtained from the February 2012 Oracle CPU. Oracle has not commented on claims from a downstream vendor and third party researchers that this issue occurs because the AtomicReferenceArray class implementation does not ensure that the array is of the Object[] type, which allows attackers to cause a denial of service (JVM crash) or bypass Java sandbox restrictions. NOTE: this issue was originally mapped to CVE-2011-3571, but that identifier was already assigned to a different issue. | ||||
| CVE-2012-0518 | 1 Oracle | 1 Fusion Middleware | 2026-04-21 | 4.7 Medium |
| Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175. | ||||
| CVE-2012-0767 | 7 Adobe, Apple, Google and 4 more | 7 Flash Player, Mac Os X, Android and 4 more | 2026-04-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.6 on Android 2.x and 3.x; and before 11.1.115.6 on Android 4.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)," as exploited in the wild in February 2012. | ||||
| CVE-2012-1535 | 7 Adobe, Apple, Linux and 4 more | 10 Flash Player, Mac Os X, Linux Kernel and 7 more | 2026-04-21 | 7.8 High |
| Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document. | ||||
| CVE-2012-1710 | 1 Oracle | 1 Fusion Middleware | 2026-04-21 | 9.8 Critical |
| Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709. | ||||
| CVE-2007-0671 | 1 Microsoft | 14 Access, Excel, Excel Viewer and 11 more | 2026-04-21 | 8.8 High |
| Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks. | ||||
| CVE-2007-3010 | 1 Al-enterprise | 1 Omnipcx Enterprise Communication Server | 2026-04-21 | 9.8 Critical |
| masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action. | ||||
| CVE-2007-5659 | 2 Adobe, Redhat | 3 Acrobat, Acrobat Reader, Rhel Extras | 2026-04-21 | 7.8 High |
| Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655. | ||||
| CVE-2008-2992 | 3 Adobe, Oracle, Redhat | 4 Acrobat, Acrobat Reader, Solaris and 1 more | 2026-04-21 | 7.8 High |
| Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. | ||||
| CVE-2008-3431 | 1 Oracle | 1 Virtualbox | 2026-04-21 | 8.8 High |
| The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM VirtualBox before 1.6.4 uses the METHOD_NEITHER communication method for IOCTLs and does not properly validate a buffer associated with the Irp object, which allows local users to gain privileges by opening the \\.\VBoxDrv device and calling DeviceIoControl to send a crafted kernel address. | ||||
| CVE-2009-0557 | 1 Microsoft | 5 Office, Office Compatibility Pack, Office Excel Viewer and 2 more | 2026-04-21 | 7.8 High |
| Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability." | ||||