Search Results (5636 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-0648 7 Adobe, Apple, Linux and 4 more 12 Flash Player, Mac Os X, Linux Kernel and 9 more 2026-04-21 8.8 High
Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, allows remote attackers to execute arbitrary code via crafted SWF content, as exploited in the wild in February 2013.
CVE-2013-0629 4 Adobe, Apple, Microsoft and 1 more 4 Coldfusion, Mac Os X, Windows and 1 more 2026-04-21 7.5 High
Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified vectors, as exploited in the wild in January 2013.
CVE-2013-0625 4 Adobe, Apple, Microsoft and 1 more 4 Coldfusion, Mac Os X, Windows and 1 more 2026-04-21 9.8 Critical
Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute arbitrary code via unspecified vectors, as exploited in the wild in January 2013.
CVE-2011-0609 9 Adobe, Apple, Google and 6 more 15 Acrobat, Acrobat Reader, Air and 12 more 2026-04-21 7.8 High
Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and earlier on Windows, Mac OS X, Linux, and Solaris; 10.1.106.16 and earlier on Android; Adobe AIR 2.5.1 and earlier; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader and Acrobat 9.x through 9.4.2 and 10.x through 10.0.1 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content, as demonstrated by a .swf file embedded in an Excel spreadsheet, and as exploited in the wild in March 2011.
CVE-2011-0611 9 Adobe, Apple, Google and 6 more 16 Acrobat, Acrobat Reader, Adobe Air and 13 more 2026-04-21 8.8 High
Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and Solaris and 10.2.156.12 and earlier on Android; Adobe AIR before 2.6.19140; and Authplay.dll (aka AuthPlayLib.bundle) in Adobe Reader 9.x before 9.4.4 and 10.x through 10.0.1 on Windows, Adobe Reader 9.x before 9.4.4 and 10.x before 10.0.3 on Mac OS X, and Adobe Acrobat 9.x before 9.4.4 and 10.x before 10.0.3 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content; as demonstrated by a Microsoft Office document with an embedded .swf file that has a size inconsistency in a "group of included constants," object type confusion, ActionScript that adds custom functions to prototypes, and Date objects; and as exploited in the wild in April 2011.
CVE-2012-1823 8 Apple, Debian, Fedoraproject and 5 more 20 Mac Os X, Debian Linux, Fedora and 17 more 2026-04-21 9.8 Critical
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
CVE-2014-4404 1 Apple 3 Iphone Os, Mac Os X, Tvos 2026-04-21 7.8 High
Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties.
CVE-2015-1130 1 Apple 1 Mac Os X 2026-04-21 7.8 High
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors.
CVE-2021-22925 8 Apple, Fedoraproject, Haxx and 5 more 28 Mac Os X, Macos, Fedora and 25 more 2026-04-16 5.3 Medium
curl supports the `-t` command line option, known as `CURLOPT_TELNETOPTIONS`in libcurl. This rarely used option is used to send variable=content pairs toTELNET servers.Due to flaw in the option parser for sending `NEW_ENV` variables, libcurlcould be made to pass on uninitialized data from a stack based buffer to theserver. Therefore potentially revealing sensitive internal information to theserver using a clear-text network protocol.This could happen because curl did not call and use sscanf() correctly whenparsing the string provided by the application.
CVE-2020-8285 10 Apple, Debian, Fedoraproject and 7 more 32 Mac Os X, Macos, Debian Linux and 29 more 2026-04-16 7.5 High
curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.
CVE-2020-8284 10 Apple, Debian, Fedoraproject and 7 more 31 Mac Os X, Macos, Debian Linux and 28 more 2026-04-16 3.7 Low
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
CVE-2002-1371 3 Apple, Easy Software Products, Redhat 3 Mac Os X, Cups, Linux 2026-04-16 N/A
filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.
CVE-2005-0125 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.
CVE-2004-0925 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate.
CVE-2002-0676 1 Apple 1 Mac Os X 2026-04-16 N/A
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
CVE-2004-1088 1 Apple 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more 2026-04-16 N/A
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
CVE-2006-2277 1 Apple 1 Mac Os X 2026-04-16 N/A
Multiple Apple Mac OS X 10.4 applications might allow context-dependent attackers to cause a denial of service (application crash) via a crafted OpenEXR (.exr) image file, which triggers the crash when opening a folder using Finder, displaying the image in Safari, or using Preview to open the file.
CVE-2006-1983 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for TIFF or (2) CFAllocatorAllocate function for GIF, as used in applications that use ImageIO or AppKit. NOTE: the BMP vector has been re-assigned to CVE-2006-2238 because it affects a separate product family.
CVE-2006-1985 1 Apple 3 Mac Os X, Mac Os X Server, Safari 2026-04-16 N/A
Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.
CVE-2005-2751 1 Apple 2 Mac Os X, Mac Os X Server 2026-04-16 N/A
memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.