Export limit exceeded: 364021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26291 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-7045 3 Canonical, Debian, Irssi 3 Ubuntu Linux, Debian Linux, Irssi 2025-04-12 N/A
The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string.
CVE-2015-5022 1 Ibm 1 B2b Advanced Communications 2025-04-12 N/A
IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B Advanced Communications 1.0.0.2 and 1.0.0.3 before 1.0.0.3_2, when access by guests is enabled, place an internal hostname and a payload path in a response, which allows remote authenticated users to obtain sensitive information by leveraging a trading-partner relationship and reading response fields.
CVE-2015-4534 1 Emc 1 Documentum Content Server 2025-04-12 N/A
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter.
CVE-2016-3894 1 Google 1 Android 2025-04-12 N/A
The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29618014 and Qualcomm internal bug CR1042033.
CVE-2016-3920 1 Google 1 Android 2025-04-12 N/A
id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (device hang or reboot) via a crafted file, aka internal bug 30744884.
CVE-2015-3192 4 Fedoraproject, Pivotal Software, Redhat and 1 more 8 Fedora, Spring Framework, Jboss Amq and 5 more 2025-04-12 N/A
Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD declarations when DTD is not entirely disabled, which allows remote attackers to cause a denial of service (memory consumption and out-of-memory errors) via a crafted XML file.
CVE-2016-3924 1 Google 1 Android 2025-04-12 N/A
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate EFFECT_CMD_SET_PARAM and EFFECT_CMD_SET_PARAM_DEFERRED commands, which allows attackers to obtain sensitive information via a crafted application, aka internal bug 30204301.
CVE-2016-4474 1 Redhat 2 Openstack, Openstack-director 2025-04-12 N/A
The image build process for the overcloud images in Red Hat OpenStack Platform 8.0 (Liberty) director and Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) director (aka overcloud-full) use a default root password of ROOTPW, which allows attackers to gain access via unspecified vectors.
CVE-2016-4476 2 Canonical, W1.fi 3 Ubuntu Linux, Hostapd, Wpa Supplicant 2025-04-12 7.5 High
hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.
CVE-2016-3979 1 Sap 1 Java As 2025-04-12 N/A
Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (heap memory corruption and process crash) via a crafted HTTP request, related to the IctParseCookies function, aka SAP Security Note 2256185.
CVE-2016-3980 1 Sap 1 Application Server Java 2025-04-12 N/A
The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 allows remote attackers to cause a denial of service (process crash) via a crafted HTTP request, aka SAP Security Note 2259547.
CVE-2016-7091 1 Redhat 5 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 2 more 2025-04-12 N/A
sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files with elevated privileges provided by sudo.
CVE-2015-3981 1 Sap 1 Netweaver Rfc Sdk 2025-04-12 N/A
SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037.
CVE-2015-3949 1 Sinapsi 2 Esolar Light, Esolar Light Firmware 2025-04-12 N/A
Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page.
CVE-2015-4263 1 Cisco 1 Mobility Services Engine 2025-04-12 N/A
The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851.
CVE-2014-0086 1 Redhat 4 Jboss Enterprise Portal Platform, Jboss Enterprise Web Framework, Jboss Web Framework Kit and 1 more 2025-04-12 N/A
The doFilter function in webapp/PushHandlerFilter.java in JBoss RichFaces 4.3.4, 4.3.5, and 5.x allows remote attackers to cause a denial of service (memory consumption and out-of-memory error) via a large number of malformed atmosphere push requests.
CVE-2015-3912 1 Huawei 3 E355s Mobile Wifi, E355s Mobile Wifi Firmware, Webui 2025-04-12 N/A
Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands.
CVE-2014-2108 1 Cisco 2 Ios, Ios Xe 2025-04-12 N/A
Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed IKEv2 packet, aka Bug ID CSCui88426.
CVE-2014-2109 1 Cisco 1 Ios 2025-04-12 N/A
The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (memory consumption or device reload) via crafted TCP packets, aka Bug IDs CSCuh33843 and CSCuj41494.
CVE-2014-2111 1 Cisco 1 Ios 2025-04-12 N/A
The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through 12.4 and 15.0 through 15.4, when NAT is used, allows remote attackers to cause a denial of service (device reload) via crafted DNS packets, aka Bug ID CSCue00996.