Search Results (26284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-2157 1 Cisco 13 Tandberg 2000 Mxp, Tandberg 550 Mxp, Tandberg 770 Mxp and 10 more 2025-04-12 N/A
Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45733.
CVE-2014-2107 1 Cisco 1 Ios 2025-04-12 N/A
Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA before 2.6 on RSP720-3C-10GE and RSP720-3CXL-10GE devices, allows remote attackers to cause a denial of service (route switch processor outage) via crafted IP packets, aka Bug ID CSCug84789.
CVE-2012-5497 2 Plone, Redhat 2 Plone, Rhel Cluster 2025-04-12 N/A
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
CVE-2014-3494 2 Kde, Opensuse 2 Kdelibs, Opensuse 2025-04-12 N/A
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive information via an invalid certificate.
CVE-2014-2106 1 Cisco 2 Ios, Ios Xe 2025-04-12 N/A
Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S allow remote attackers to cause a denial of service (device reload) via crafted SIP messages, aka Bug ID CSCug45898.
CVE-2014-2855 1 Samba 1 Rsync 2025-04-12 N/A
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.
CVE-2014-3081 1 Ibm 2 Global Console Manager 16 Firmware, Global Console Manager 32 Firmware 2025-04-12 N/A
prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.
CVE-2014-0244 2 Redhat, Samba 2 Enterprise Linux, Samba 2025-04-12 N/A
The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x before 4.0.19, and 4.1.x before 4.1.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a malformed UDP packet.
CVE-2014-3941 1 Typo3 1 Typo3 2025-04-12 N/A
TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allows remote attackers to have unspecified impact via a crafted HTTP Host header, related to "Host Spoofing."
CVE-2012-5492 1 Plone 1 Plone 2025-04-12 N/A
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
CVE-2013-2014 2 Fedoraproject, Openstack 2 Fedora, Keystone 2025-04-12 N/A
OpenStack Identity (Keystone) before 2013.1 allows remote attackers to cause a denial of service (memory consumption and crash) via multiple long requests.
CVE-2014-3528 5 Apache, Apple, Canonical and 2 more 10 Subversion, Xcode, Ubuntu Linux and 7 more 2025-04-12 N/A
Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before 1.8.10 uses an MD5 hash of the URL and authentication realm to store cached credentials, which makes it easier for remote servers to obtain the credentials via a crafted authentication realm.
CVE-2016-1707 1 Google 1 Chrome 2025-04-12 N/A
ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.
CVE-2012-5491 1 Plone 1 Plone 2025-04-12 N/A
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.
CVE-2014-0857 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
The Administrative Console in IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote authenticated users to obtain sensitive information via a crafted request.
CVE-2015-2748 1 Websense 4 Triton Ap Data, Triton Ap Email, Triton Ap Web and 1 more 2025-04-12 N/A
Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file.
CVE-2014-0919 1 Ibm 1 Db2 2025-04-12 N/A
IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users to obtain sensitive information via commands associated with these facilities.
CVE-2014-3087 1 Ibm 2 Business Process Manager, Websphere Application Server 2025-04-12 N/A
callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 and WebSphere Lombardi Edition 7.2 through 7.2.0.5 allows remote authenticated users to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
CVE-2015-4148 3 Apple, Php, Redhat 10 Mac Os X, Php, Enterprise Linux and 7 more 2025-04-12 N/A
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue.
CVE-2014-0871 1 Ibm 2 Algo Credit Limits, Algorithmics 2025-04-12 N/A
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character.