Export limit exceeded: 364152 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26297 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-9721 | 1 Zeromq | 1 Zeromq | 2025-04-12 | N/A |
| libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to conduct downgrade attacks and bypass ZMTP v3 protocol security mechanisms via a ZMTP v2 or earlier header. | ||||
| CVE-2014-5325 | 1 Directwebremoting | 1 Direct Web Remoting | 2025-04-12 | N/A |
| The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) XOMConverter functions in Direct Web Remoting (DWR) through 2.0.10 and 3.x through 3.0.RC2 allow remote attackers to read arbitrary files via DOM data containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-6624 | 1 Arubanetworks | 1 Clearpass | 2025-04-12 | N/A |
| The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to read arbitrary files via unspecified vectors. | ||||
| CVE-2012-5497 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. | ||||
| CVE-2014-5320 | 1 Bump Project | 1 Bump | 2025-04-12 | N/A |
| The Bump application for Android does not properly handle implicit intents, which allows attackers to obtain sensitive owner-name information via a crafted application. | ||||
| CVE-2014-6611 | 1 Blackberry | 2 Blackberry Os, Blackberry World | 2025-04-12 | N/A |
| The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, before 5.0.0.263 on BlackBerry 10 OS 10.2.1, and before 5.1.0.53 on BlackBerry 10 OS 10.3.0 does not properly validate download/update requests, which allows user-assisted man-in-the-middle attackers to spoof servers and trigger the download of a crafted app by modifying the client-server data stream. | ||||
| CVE-2014-8834 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF document's password in a printing preference file, which allows local users to obtain sensitive information by reading a file. | ||||
| CVE-2014-3216 | 1 Gomlab | 1 Gom Media Player | 2025-04-12 | N/A |
| GOM Media Player 2.2.57.5189 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file. | ||||
| CVE-2014-5177 | 2 Opensuse, Redhat | 4 Opensuse, Enterprise Linux, Enterprise Virtualization and 1 more | 2025-04-12 | N/A |
| libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declaration in conjunction with an entity reference to the (1) virDomainDefineXML, (2) virNetworkCreateXML, (3) virNetworkDefineXML, (4) virStoragePoolCreateXML, (5) virStoragePoolDefineXML, (6) virStorageVolCreateXML, (7) virDomainCreateXML, (8) virNodeDeviceCreateXML, (9) virInterfaceDefineXML, (10) virStorageVolCreateXMLFrom, (11) virConnectDomainXMLFromNative, (12) virConnectDomainXMLToNative, (13) virSecretDefineXML, (14) virNWFilterDefineXML, (15) virDomainSnapshotCreateXML, (16) virDomainSaveImageDefineXML, (17) virDomainCreateXMLWithFiles, (18) virConnectCompareCPU, or (19) virConnectBaselineCPU API method, related to an XML External Entity (XXE) issue. NOTE: this issue was SPLIT from CVE-2014-0179 per ADT3 due to different affected versions of some vectors. | ||||
| CVE-2014-2522 | 2 Haxx, Microsoft | 3 Curl, Libcurl, Windows | 2025-04-12 | N/A |
| curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate. | ||||
| CVE-2014-8832 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive. | ||||
| CVE-2016-0862 | 1 Ge | 5 Snmp\/web Adapter 1024746, Snmp\/web Adapter 1024747, Snmp\/web Adapter 1024748 and 2 more | 2025-04-12 | N/A |
| General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors. | ||||
| CVE-2016-0864 | 1 Tollgrade | 1 Smartgrid Lighthouse Sensor Management System | 2025-04-12 | N/A |
| Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software EMS before 5.1, and 4.1.0 Build 16, allows remote attackers to obtain sensitive report and username information via unspecified vectors. | ||||
| CVE-2016-4535 | 1 Mcafee | 1 Livesafe | 2025-04-12 | N/A |
| Integer signedness error in the AV engine before DAT 8145, as used in McAfee LiveSafe 14.0, allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted packed executable. | ||||
| CVE-2016-4530 | 1 Osisoft | 1 Pi Sql Data Access Server 2016 | 2025-04-12 | 6.5 Medium |
| OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote authenticated users to cause a denial of service (service outage and data loss) via a message. | ||||
| CVE-2016-4421 | 1 Wireshark | 1 Wireshark | 2025-04-12 | N/A |
| epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.12.x before 1.12.10 and 2.x before 2.0.2 allows remote attackers to cause a denial of service (deep recursion, stack consumption, and application crash) via a packet that specifies deeply nested data. | ||||
| CVE-2016-4420 | 1 Wireshark | 1 Wireshark | 2025-04-12 | N/A |
| The NFS dissector in Wireshark 2.x before 2.0.2 allows remote attackers to cause a denial of service (application crash) via a crafted packet. | ||||
| CVE-2016-4253 | 1 Adobe | 1 Experience Manager | 2025-04-12 | N/A |
| The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-4085 | 3 Debian, Oracle, Wireshark | 3 Debian Linux, Solaris, Wireshark | 2025-04-12 | N/A |
| Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark 1.12.x before 1.12.11 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a packet. | ||||
| CVE-2016-3950 | 1 Huawei | 2 Ar3200, Ar3200 Firmware | 2025-04-12 | N/A |
| Huawei AR3200 routers with software before V200R006C10SPC300 allow remote authenticated users to cause a denial of service (restart) via crafted packets. | ||||