Total
13110 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-2462 | 5 Adobe, Apple, Microsoft and 2 more | 6 Acrobat, Acrobat Reader, Mac Os X and 3 more | 2025-10-22 | 9.8 Critical |
| Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011. | ||||
| CVE-2010-4398 | 1 Microsoft | 5 Windows 7, Windows Server 2003, Windows Server 2008 and 2 more | 2025-10-22 | 7.8 High |
| Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability." | ||||
| CVE-2010-4344 | 5 Canonical, Debian, Exim and 2 more | 6 Ubuntu Linux, Debian Linux, Exim and 3 more | 2025-10-22 | 9.8 Critical |
| Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging. | ||||
| CVE-2010-3333 | 1 Microsoft | 2 Office, Open Xml File Format Converter | 2025-10-22 | 7.8 High |
| Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability." | ||||
| CVE-2010-2883 | 4 Adobe, Apple, Microsoft and 1 more | 5 Acrobat, Acrobat Reader, Macos and 2 more | 2025-10-22 | 7.3 High |
| Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information. | ||||
| CVE-2010-1297 | 6 Adobe, Apple, Microsoft and 3 more | 8 Acrobat, Air, Flash Player and 5 more | 2025-10-22 | 7.8 High |
| Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010. | ||||
| CVE-2009-3953 | 6 Adobe, Apple, Microsoft and 3 more | 7 Acrobat, Mac Os X, Windows and 4 more | 2025-10-22 | 8.8 High |
| The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994. | ||||
| CVE-2009-3129 | 1 Microsoft | 4 Excel, Excel Viewer, Office and 1 more | 2025-10-22 | 7.8 High |
| Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability." | ||||
| CVE-2009-1862 | 2 Adobe, Redhat | 4 Acrobat, Acrobat Reader, Flash Player and 1 more | 2025-10-22 | 7.8 High |
| Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009. | ||||
| CVE-2009-0563 | 1 Microsoft | 4 Office, Office Compatibility Pack, Office Word Viewer and 1 more | 2025-10-22 | 7.8 High |
| Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability." | ||||
| CVE-2008-2992 | 3 Adobe, Oracle, Redhat | 4 Acrobat, Acrobat Reader, Solaris and 1 more | 2025-10-22 | 7.8 High |
| Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104. | ||||
| CVE-2021-4034 | 7 Canonical, Oracle, Polkit Project and 4 more | 37 Ubuntu Linux, Http Server, Zfs Storage Appliance Kit and 34 more | 2025-10-22 | 7.8 High |
| A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this by crafting environment variables in such a way it'll induce pkexec to execute arbitrary code. When successfully executed the attack can cause a local privilege escalation given unprivileged users administrative rights on the target machine. | ||||
| CVE-2021-31755 | 1 Tenda | 2 Ac11, Ac11 Firmware | 2025-10-22 | 9.8 Critical |
| An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request. | ||||
| CVE-2021-28664 | 1 Arm | 3 Bifrost Gpu Kernel Driver, Midgard Gpu Kernel Driver, Valhall Gpu Kernel Driver | 2025-10-22 | 8.8 High |
| The Arm Mali GPU kernel driver allows privilege escalation or a denial of service (memory corruption) because an unprivileged user can achieve read/write access to read-only pages. This affects Bifrost r0p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r8p0 through r30p0 before r31p0. | ||||
| CVE-2021-27562 | 1 Arm | 1 Trusted Firmware-m | 2025-10-22 | 5.5 Medium |
| In Arm Trusted Firmware M through 1.2, the NS world may trigger a system halt, an overwrite of secure data, or the printing out of secure data when calling secure functions under the NSPE handler mode. | ||||
| CVE-2021-20038 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2025-10-22 | 9.8 Critical |
| A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. | ||||
| CVE-2020-5735 | 1 Amcrest | 36 1080-lite 8ch, 1080-lite 8ch Firmware, Amdv10814-h5 and 33 more | 2025-10-22 | 8.8 High |
| Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777. An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code. | ||||
| CVE-2019-16928 | 4 Canonical, Debian, Exim and 1 more | 4 Ubuntu Linux, Debian Linux, Exim and 1 more | 2025-10-22 | 9.8 Critical |
| Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. | ||||
| CVE-2019-11043 | 6 Canonical, Debian, Fedoraproject and 3 more | 26 Ubuntu Linux, Debian Linux, Fedora and 23 more | 2025-10-22 | 8.7 High |
| In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution. | ||||
| CVE-2017-8540 | 1 Microsoft | 19 Endpoint Protection, Exchange Server, Forefront Endpoint Protection and 16 more | 2025-10-22 | 7.8 High |
| The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541. | ||||