Export limit exceeded: 25305 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25305 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1000008 | 1 Mp3-jplayer Project | 1 Mp3-jplayer | 2025-04-12 | N/A |
| Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 | ||||
| CVE-2015-1000012 | 1 Mypixs Project | 1 Mypixs | 2025-04-12 | N/A |
| Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin | ||||
| CVE-2014-7821 | 3 Fedoraproject, Openstack, Redhat | 3 Fedora, Neutron, Openstack | 2025-04-12 | N/A |
| OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration. | ||||
| CVE-2014-7818 | 2 Opensuse, Rubyonrails | 3 Opensuse, Rails, Ruby On Rails | 2025-04-12 | N/A |
| Directory traversal vulnerability in actionpack/lib/action_dispatch/middleware/static.rb in Action Pack in Ruby on Rails 3.x before 3.2.20, 4.0.x before 4.0.11, 4.1.x before 4.1.7, and 4.2.x before 4.2.0.beta3, when serve_static_assets is enabled, allows remote attackers to determine the existence of files outside the application root via a /..%2F sequence. | ||||
| CVE-2015-1810 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name. | ||||
| CVE-2015-1808 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data. | ||||
| CVE-2015-0683 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. | ||||
| CVE-2014-7817 | 5 Canonical, Debian, Gnu and 2 more | 5 Ubuntu Linux, Debian Linux, Glibc and 2 more | 2025-04-12 | N/A |
| The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containing "$((`...`))". | ||||
| CVE-2014-7816 | 2 Microsoft, Redhat | 2 Windows, Undertow | 2025-04-12 | N/A |
| Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI. | ||||
| CVE-2014-7815 | 5 Canonical, Debian, Qemu and 2 more | 12 Ubuntu Linux, Debian Linux, Qemu and 9 more | 2025-04-12 | N/A |
| The set_pixel_format function in ui/vnc.c in QEMU allows remote attackers to cause a denial of service (crash) via a small bytes_per_pixel value. | ||||
| CVE-2014-9721 | 1 Zeromq | 1 Zeromq | 2025-04-12 | N/A |
| libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. | ||||
| CVE-2014-7883 | 1 Hp | 1 Universal Configuration Management Database | 2025-04-12 | N/A |
| HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response. | ||||
| CVE-2015-0764 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | N/A |
| Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. | ||||
| CVE-2015-0763 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | N/A |
| Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. | ||||
| CVE-2015-1883 | 1 Ibm | 1 Db2 | 2025-04-12 | N/A |
| IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure. | ||||
| CVE-2015-2449 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass." | ||||
| CVE-2015-2464 | 1 Microsoft | 15 .net Framework, Live Meeting, Lync and 12 more | 2025-04-12 | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463. | ||||
| CVE-2015-2483 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Information Disclosure Vulnerability." | ||||
| CVE-2015-2530 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | N/A |
| Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted .jnt file, aka "Windows Journal RCE Vulnerability," a different vulnerability than CVE-2015-2513 and CVE-2015-2514. | ||||
| CVE-2015-2556 | 1 Microsoft | 1 Sharepoint Server | 2025-04-12 | N/A |
| The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "Microsoft SharePoint Information Disclosure Vulnerability." | ||||