Export limit exceeded: 364535 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26323 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-5947 1 Ibm 2 Spectrum Control, Tivoli Storage Productivity Center 2025-04-12 N/A
IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.
CVE-2015-7248 1 Zte 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware 2025-04-12 N/A
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703.
CVE-2015-6485 1 Schneider-electric 8 Sage 1410, Sage 1430, Sage 1450 and 5 more 2025-04-12 N/A
Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, allow remote attackers to obtain sensitive information from device memory by reading a padding field of an Ethernet packet.
CVE-2016-1637 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in Skia, as used in Google Chrome before 49.0.2623.75, mishandles arctangent calculations, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2015-7794 1 Corega 1 Cg-wlncm4g Firmware 2025-04-12 N/A
Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.
CVE-2016-1570 1 Xen 1 Xen 2025-04-12 N/A
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.
CVE-2016-1582 1 Canonical 2 Lxd, Ubuntu Linux 2025-04-12 N/A
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container directory via unspecified vectors.
CVE-2015-6546 1 F5 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more 2025-04-12 N/A
The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11.0.0 through 11.4.1 allows remote attackers to cause a denial of service via "malicious traffic."
CVE-2016-0754 2 Haxx, Microsoft 2 Curl, Windows 2025-04-12 N/A
cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.
CVE-2016-0753 5 Debian, Fedoraproject, Opensuse and 2 more 5 Debian Linux, Fedora, Leap and 2 more 2025-04-12 5.3 Medium
Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 supports the use of instance-level writers for class accessors, which allows remote attackers to bypass intended validation steps via crafted parameters.
CVE-2015-6557 1 Ibm 3 Tivoli Storage Flashcopy Manager, Tivoli Storage Manager For Databases Data Protection For Microsoft Sql Server, Tivoli Storage Manager For Mail Data Protection For Microsoft Exchange Server 2025-04-12 N/A
IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 5.5 before 5.5.1.1, 6.1 before 6.1.3.7, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; and Tivoli Storage FlashCopy Manager 3.1 before 3.1.1.5, 3.2 before 3.2.1.7, and 4.1 before 4.1.2, when application tracing is used, place cleartext passwords in exception messages, which allows physically proximate attackers to obtain sensitive information by reading trace output, a different vulnerability than CVE-2015-4949.
CVE-2016-4516 1 Abb 1 Pcm600 2025-04-12 N/A
ABB PCM600 before 2.7 improperly stores the main application password after a password change, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2016-4518 1 Osisoft 1 Pi Af Server 2016 2025-04-12 N/A
OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated users to cause a denial of service (service outage) via a message.
CVE-2015-7699 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore."
CVE-2016-4521 1 Sixnet 4 Bt-5 Series Cellular Router, Bt-5 Series Cellular Router Firmware, Bt-6 Series Cellular Router and 1 more 2025-04-12 N/A
Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before 3.9.8 have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors.
CVE-2016-4553 4 Canonical, Oracle, Redhat and 1 more 4 Ubuntu Linux, Linux, Enterprise Linux and 1 more 2025-04-12 N/A
client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not properly ignore the Host header when absolute-URI is provided, which allows remote attackers to conduct cache-poisoning attacks via an HTTP request.
CVE-2015-7686 1 Email-address Project 1 Email-address 2025-04-12 N/A
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments.
CVE-2015-7677 1 Ipswitch 1 Moveit Dmz 2025-04-12 N/A
The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the X-siLock-FileID parameter in a download action to MOVEitISAPI/MOVEitISAPI.dll.
CVE-2016-4568 1 Linux 1 Linux Kernel 2025-04-12 7.8 High
drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call.
CVE-2015-7624 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-04-12 N/A
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5583, CVE-2015-6705, and CVE-2015-6706.