Export limit exceeded: 25404 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25404 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5440 | 1 Hp | 1 Universal Configuration Management Database | 2025-04-12 | N/A |
| HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-5166 | 3 Google, Opensuse, Redhat | 3 Chrome, Leap, Rhel Extras | 2025-04-12 | N/A |
| The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly restrict saving a file:// URL that is referenced by an http:// URL, which makes it easier for user-assisted remote attackers to discover NetNTLM hashes and conduct SMB relay attacks via a crafted web page that is accessed with the "Save page as" menu choice. | ||||
| CVE-2014-2106 | 1 Cisco | 2 Ios, Ios Xe | 2025-04-12 | N/A |
| Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898. | ||||
| CVE-2014-1361 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection. | ||||
| CVE-2015-5589 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-12 | N/A |
| The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted TAR archive that is mishandled in a Phar::convertToData call. | ||||
| CVE-2014-4942 | 1 Levelfourdevelopment | 1 Wp-easycart | 2025-04-12 | N/A |
| The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2016-5174 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not process fullscreen toggle requests during a fullscreen transition, which allows remote attackers to cause a denial of service (unsuppressed popup) via a crafted web site. | ||||
| CVE-2015-6241 | 2 Oracle, Wireshark | 2 Solaris, Wireshark | 2025-04-12 | N/A |
| The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | ||||
| CVE-2015-6242 | 2 Oracle, Wireshark | 2 Solaris, Wireshark | 2025-04-12 | N/A |
| The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. | ||||
| CVE-2015-6243 | 3 Oracle, Redhat, Wireshark | 4 Linux, Solaris, Enterprise Linux and 1 more | 2025-04-12 | N/A |
| The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. | ||||
| CVE-2014-2065 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to inject arbitrary web script or HTML via the iconSize cookie. | ||||
| CVE-2014-2064 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| The loadUserByUsername function in hudson/security/HudsonPrivateSecurityRealm.java in Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to determine whether a user exists via vectors related to failed login attempts. | ||||
| CVE-2016-5188 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a remote attacker to spoof various parts of browser UI via crafted HTML pages. | ||||
| CVE-2016-4579 | 3 Canonical, Gnupg, Opensuse | 3 Ubuntu Linux, Libksba, Leap | 2025-04-12 | N/A |
| Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via unspecified vectors, related to the "returned length of the object from _ksba_ber_parse_tl." | ||||
| CVE-2016-5193 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, which allowed a remote attacker to bypass restrictions on navigation to certain URL schemes via crafted HTML pages. | ||||
| CVE-2015-0620 | 1 Cisco | 1 Telepresence Management Suite | 2025-04-12 | N/A |
| The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494. | ||||
| CVE-2016-4580 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | N/A |
| The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory via an X.25 Call Request. | ||||
| CVE-2016-4758 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2025-04-12 | N/A |
| WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. | ||||
| CVE-2016-4913 | 5 Canonical, Linux, Novell and 2 more | 8 Ubuntu Linux, Linux Kernel, Suse Linux Enterprise Debuginfo and 5 more | 2025-04-12 | 7.8 High |
| The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem. | ||||
| CVE-2016-5105 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2025-04-12 | 4.4 Medium |
| The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emulation support, uses an uninitialized variable, which allows local guest administrators to read host memory via vectors involving a MegaRAID Firmware Interface (MFI) command. | ||||