Search Results (26300 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-0075 1 Microsoft 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more 2025-04-12 N/A
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073.
CVE-2015-7789 1 Asus 2 Wl-330nul, Wl-33nul Firmware 2025-04-12 N/A
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.
CVE-2016-7949 2 Fedoraproject, X.org 2 Fedora, Libxrender 2025-04-12 N/A
Multiple buffer overflows in the (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXrender before 0.9.10 allow remote X servers to trigger out-of-bounds write operations via vectors involving length fields.
CVE-2016-0050 1 Microsoft 2 Windows Server 2008, Windows Server 2012 2025-04-12 N/A
Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS authentication outage) via crafted requests, aka "Network Policy Server RADIUS Implementation Denial of Service Vulnerability."
CVE-2016-0363 3 Ibm, Novell, Redhat 15 Java Sdk, Suse Linux Enterprise Module For Legacy Software, Suse Linux Enterprise Server and 12 more 2025-04-12 N/A
The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java Technology Edition 6 before SR16 FP25 (6.0.16.25), 6 R1 before SR8 FP25 (6.1.8.25), 7 before SR9 FP40 (7.0.9.40), 7 R1 before SR3 FP40 (7.1.3.40), and 8 before SR3 (8.0.3.0) uses the invoke method of the java.lang.reflect.Method class in an AccessController doPrivileged block, which allows remote attackers to call setSecurityManager and bypass a sandbox protection mechanism via vectors related to a Proxy object instance implementing the java.lang.reflect.InvocationHandler interface. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3009.
CVE-2015-8562 1 Joomla 1 Joomla\! 2025-04-12 N/A
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015.
CVE-2015-8481 1 Atlassian 3 Jira Core, Jira Server, Jira Service Desk 2025-04-12 N/A
Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup referencing an image attachment, which might allow remote attackers to obtain sensitive information by updating a different issue that includes wiki markup for an external image reference.
CVE-2016-9193 1 Cisco 2 Firesight System Software, Secure Firewall Management Center 2025-04-12 N/A
A vulnerability in the malicious file detection and blocking features of Cisco Firepower Management Center and Cisco FireSIGHT System Software could allow an unauthenticated, remote attacker to bypass malware detection mechanisms on an affected system. Affected Products: Cisco Firepower Management Center and FireSIGHT System Software are affected when they are configured to use a file policy that has the Block Malware action. More Information: CSCvb27494. Known Affected Releases: 6.0.1.1 6.1.0.
CVE-2016-9191 1 Linux 1 Linux Kernel 2025-04-12 N/A
The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service (system hang) by leveraging access to a container environment for executing a crafted application, as demonstrated by trinity.
CVE-2015-8466 2 Fedoraproject, Openstack 2 Fedora, Swift3 2025-04-12 N/A
Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header.
CVE-2016-9190 2 Debian, Python 2 Debian Linux, Pillow 2025-04-12 N/A
Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in Storage.c component.
CVE-2016-9183 1 Exponentcms 1 Exponent Cms 2025-04-12 N/A
In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses the injectProof method to prevent SQL injection, but this filter can be bypassed easily: it only sanitizes user input if there are odd numbers of ' or " characters. Impact is Information Disclosure.
CVE-2015-2187 2 Opensuse, Wireshark 2 Opensuse, Wireshark 2025-04-12 N/A
The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet.
CVE-2015-4519 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow user-assisted remote attackers to bypass intended access restrictions and discover a redirect's target URL via crafted JavaScript code that executes after a drag-and-drop action of an image into a TEXTBOX element.
CVE-2015-0899 1 Apache 1 Struts 2025-04-12 N/A
The MultiPageValidator implementation in Apache Struts 1 1.1 through 1.3.10 allows remote attackers to bypass intended access restrictions via a modified page parameter.
CVE-2015-3183 2 Apache, Redhat 5 Http Server, Enterprise Linux, Jboss Enterprise Application Platform and 2 more 2025-04-12 N/A
The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.
CVE-2015-8360 1 Atlassian 1 Bamboo 2025-04-12 N/A
An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port.
CVE-2016-3110 2 Fedoraproject, Redhat 4 Fedora, Enterprise Linux, Jboss Enterprise Application Platform and 1 more 2025-04-12 N/A
mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote attackers to cause a denial of service (Apache http server crash) via an MCMP message containing a series of = (equals) characters after a legitimate element.
CVE-2015-8268 1 Idera 1 Uptime Infrastructure Monitor 2025-04-12 N/A
The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2015-8265 1 Huawei 4 E5151, E5151 Firmware, E5186 and 1 more 2025-04-12 N/A
Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source port, which makes it easier for remote attackers to spoof responses via unspecified vectors.