Export limit exceeded: 12813 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12813 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-7967 1 Kde 1 Kmail 2025-04-12 N/A
KMail since version 5.3.0 used a QWebEngine based viewer that had JavaScript enabled. Since the generated html is executed in the local file security context by default access to remote and local URLs was enabled.
CVE-2014-9901 1 Google 1 Android 2025-04-12 N/A
The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711.
CVE-2016-5581 1 Oracle 1 Irecruitment 2025-04-12 N/A
Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2016-8285 1 Oracle 1 Peoplesoft Enterprise Human Capital Management Candidate Gateway 2025-04-12 N/A
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway.
CVE-2016-8288 2 Oracle, Redhat 2 Mysql, Rhel Software Collections 2025-04-12 N/A
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.
CVE-2016-8291 1 Oracle 1 Peoplesoft Enterprise Peopletools 2025-04-12 N/A
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Mobile Application Platform.
CVE-2016-8292 1 Oracle 1 Peoplesoft Enterprise Human Capital Management Talent Acquisition Manager 2025-04-12 N/A
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Talent Acquisition Manager.
CVE-2016-8293 1 Oracle 1 Peoplesoft Enterprise Peopletools 2025-04-12 N/A
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-5530.
CVE-2016-8296 1 Oracle 1 Peoplesoft Enterprise Peopletools 2025-04-12 N/A
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to LDAP.
CVE-2016-10030 1 Schedmd 1 Slurm 2025-04-12 N/A
The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, 16.x before 16.05.7, and 17.x before 17.02.0-pre4 has a vulnerability in how the slurmd daemon informs users of a Prolog failure on a compute node. That vulnerability could allow a user to assume control of an arbitrary file on the system. Any exploitation of this is dependent on the user being able to cause or anticipate the failure (non-zero return code) of a Prolog script that their job would run on. This issue affects all Slurm versions from 0.6.0 (September 2005) to present. Workarounds to prevent exploitation of this are to either disable your Prolog script, or modify it such that it always returns 0 ("success") and adjust it to set the node as down using scontrol instead of relying on the slurmd to handle that automatically. If you do not have a Prolog set you are unaffected by this issue.
CVE-2016-10082 1 S9y 1 Serendipity 2025-04-12 N/A
include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.
CVE-2015-0119 1 Ibm 1 Tivoli Storage Manager Fastback 2025-04-12 N/A
FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port.
CVE-2016-10084 1 Piwigo 1 Piwigo 2025-04-12 N/A
admin/batch_manager.php in Piwigo through 2.8.3 allows remote authenticated administrators to conduct File Inclusion attacks via the $page['tab'] variable (aka the mode parameter).
CVE-2014-3277 1 Cisco 1 Unified Communications Domain Manager 2025-04-12 N/A
The Administration GUI in the web framework in VOSS in Cisco Unified Communications Domain Manager (CDM) 9.0(.1) and earlier does not properly implement access control, which allows remote authenticated users to obtain sensitive user and group information by leveraging Location Administrator privileges and entering a crafted URL, aka Bug ID CSCum77005.
CVE-2012-5158 2 Puppet, Puppetlabs 2 Puppet Enterprise, Puppet 2025-04-12 N/A
Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.
CVE-2014-6626 1 Arubanetworks 1 Clearpass 2025-04-12 N/A
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.
CVE-2014-6627 1 Arubanetworks 1 Clearpass 2025-04-12 N/A
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.
CVE-2016-8565 1 Siemens 1 Automation License Manager 2025-04-12 N/A
Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote attackers to write to files, rename files, create directories, or delete directories via crafted packets.
CVE-2016-8580 1 Alienvault 2 Open Source Security Information And Event Management, Unified Security Management 2025-04-12 N/A
PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes.
CVE-2016-5580 1 Oracle 1 Secure Global Desktop 2025-04-12 N/A
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services.