Search Results (24974 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-6361 1 Microsoft 2 Excel, Office Compatibility Pack 2025-04-12 N/A
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, Excel 2013 RT Gold and SP1, and Office Compatibility Pack allow remote attackers to execute arbitrary code via a crafted Office document, aka "Excel Invalid Pointer Remote Code Execution Vulnerability."
CVE-2014-6362 1 Microsoft 1 Office 2025-04-12 N/A
Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, and 2013 Gold and SP1 allows remote attackers to bypass the ASLR protection mechanism via a crafted document, aka "Microsoft Office Component Use After Free Vulnerability."
CVE-2014-4138 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-4130 and CVE-2014-4132.
CVE-2014-4141 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2014-8445 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
CVE-2014-8446 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
CVE-2014-8447 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-8445, CVE-2014-8446, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, and CVE-2014-9158.
CVE-2014-8448 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to obtain sensitive information via unknown vectors, a different vulnerability than CVE-2014-8451.
CVE-2014-8449 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
CVE-2014-8457 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8460 and CVE-2014-9159.
CVE-2014-8643 3 Microsoft, Mozilla, Opensuse 3 Windows, Firefox, Opensuse 2025-04-12 N/A
Mozilla Firefox before 35.0 on Windows allows remote attackers to bypass the Gecko Media Plugin (GMP) sandbox protection mechanism by leveraging access to the GMP process, as demonstrated by the OpenH264 plugin's process.
CVE-2014-9159 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-8457 and CVE-2014-8460.
CVE-2014-9160 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code via unknown vectors.
CVE-2014-9161 3 Adobe, Apple, Microsoft 4 Acrobat, Acrobat Reader, Mac Os X and 1 more 2025-04-12 N/A
CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows, and 10.x through 10.1.13 and 11.x through 11.0.10 on OS X, allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted PDF document.
CVE-2015-0009 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2025-04-12 N/A
The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability."
CVE-2014-2753 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2014-1769, CVE-2014-1782, CVE-2014-1785, CVE-2014-2755, CVE-2014-2760, CVE-2014-2761, CVE-2014-2772, and CVE-2014-2776.
CVE-2015-0010 1 Microsoft 9 Windows 7, Windows 8, Windows 8.1 and 6 more 2025-04-12 N/A
The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1, when the CRYPTPROTECTMEMORY_SAME_LOGON option is used, does not check an impersonation token's level, which allows local users to bypass intended decryption restrictions by leveraging a service that (1) has a named-pipe planting vulnerability or (2) uses world-readable shared memory for encrypted data, aka "CNG Security Feature Bypass Vulnerability" or MSRC ID 20707.
CVE-2015-0011 1 Microsoft 8 Windows 7, Windows 8, Windows 8.1 and 5 more 2025-04-12 N/A
mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass an impersonation protection mechanism, and obtain privileges for redirection of WebDAV requests, via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
CVE-2015-0012 1 Microsoft 1 Virtual Machine Manager 2025-04-12 N/A
Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrative privileges by establishing a server session with Active Directory credentials, aka "Virtual Machine Manager Elevation of Privilege Vulnerability."
CVE-2015-0055 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."