Export limit exceeded: 20960 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 23069 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 26076 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26076 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-6122 | 1 Ibm | 1 Kenexa Lms On Cloud | 2025-04-20 | N/A |
| IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to security questions in a response to authenticated users. | ||||
| CVE-2016-10347 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. | ||||
| CVE-2016-5212 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-20 | N/A |
| Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insufficiently sanitized DevTools URLs, which allowed a remote attacker to read local files via a crafted HTML page. | ||||
| CVE-2017-8442 | 1 Elastic | 1 X-pack | 2025-04-20 | N/A |
| Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, can result in the Elasticsearch _nodes API leaking sensitive configuration information, such as the paths and passphrases of SSL keys that were configured as part of an authentication realm. This could allow an authenticated Elasticsearch user to improperly view these details. | ||||
| CVE-2016-3024 | 1 Ibm | 5 Security Access Manager 9.0 Firmware, Security Access Manager For Mobile 8.0 Firmware, Security Access Manager For Mobile Appliance and 2 more | 2025-04-20 | N/A |
| IBM Security Access Manager for Web allows web pages to be stored locally which can be read by another user on the system. | ||||
| CVE-2016-0726 | 1 Nagios | 1 Nagios | 2025-04-20 | N/A |
| The Fedora Nagios package uses "nagiosadmin" as the default password for the "nagiosadmin" administrator account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials. | ||||
| CVE-2017-9938 | 1 Siemens | 1 Simatic Logon | 2025-04-20 | N/A |
| A vulnerability was discovered in Siemens SIMATIC Logon (All versions before V1.6) that could allow specially crafted packets sent to the SIMATIC Logon Remote Access service on port 16389/tcp to cause a Denial-of-Service condition. The service restarts automatically. | ||||
| CVE-2017-9982 | 1 Teamspeak | 1 Teamspeak Client | 2025-04-20 | N/A |
| TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of service (application crash) via the ᗪ Unicode character followed by the ༿ Unicode character. | ||||
| CVE-2016-5045 | 1 Netapp | 1 Oncommand System Manager | 2025-04-20 | N/A |
| NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials via vectors related to cluster peering setup. | ||||
| CVE-2017-9978 | 1 Osnexus | 1 Quantastor | 2025-04-20 | N/A |
| On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw was found with the error message sent as a response for users that don't exist on the system. An attacker could leverage this information to fine-tune and enumerate valid accounts on the system by searching for common usernames. | ||||
| CVE-2016-6816 | 2 Apache, Redhat | 4 Tomcat, Enterprise Linux, Jboss Enterprise Application Platform and 1 more | 2025-04-20 | N/A |
| The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, 8.0.0.RC1 to 8.0.38, 7.0.0 to 7.0.72, and 6.0.0 to 6.0.47 that parsed the HTTP request line permitted invalid characters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack and/or obtain sensitive information from requests other then their own. | ||||
| CVE-2014-9962 | 1 Google | 1 Android | 2025-04-20 | N/A |
| In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command. | ||||
| CVE-2015-1612 | 1 Opendaylight | 1 Openflow | 2025-04-20 | N/A |
| OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to the reuse of LLDP packets, aka "LLDP Relay." | ||||
| CVE-2014-9810 | 1 Imagemagick | 1 Imagemagick | 2025-04-20 | 5.5 Medium |
| The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file. | ||||
| CVE-2017-9368 | 1 Blackberry | 2 Workspaces Appliance-x, Workspaces Vapp | 2025-04-20 | N/A |
| An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files. | ||||
| CVE-2014-8570 | 1 Huawei | 52 5300hi, 5300hi Firmware, 5310ei and 49 more | 2025-04-20 | N/A |
| Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, S7703, S7706, S7712 with software V100R003, V100R006, V200R001, V200R002, V200R003, V200R005; S9300E, S9303E, S9306E, S9312E with software V200R001; S9700, S9703, S9706, S9712 with software V200R002, V200R003, V200R005; S12708, S12712 with software V200R005; 5700HI, 5300HI with software V100R006, V200R001, V200R002, V200R003, V200R005; 5710EI, 5310EI with software V200R002, V200R003, V200R005; 5710HI, 5310HI with software V200R003, V200R005; 6700EI, 6300EI with software V200R005 could cause a leak of IP addresses of devices, related to unintended interface support for VRP MPLS LSP Ping. | ||||
| CVE-2015-1800 | 1 Samsung | 2 Galaxy S4, Galaxy S4 Firmware | 2025-04-20 | N/A |
| The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. | ||||
| CVE-2014-8572 | 1 Huawei | 25 Ac6605, Ac6605 Firmware, Acu and 22 more | 2025-04-20 | N/A |
| Huawei AC6605 with software V200R001C00; AC6605 with software V200R002C00; ACU with software V200R001C00; ACU with software V200R002C00; S2300, S3300, S2700, S3700 with software V100R006C05 and earlier versions; S5300, S5700, S6300, S6700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions; S7700, S9300, S9300E, S9700 with software V100R006, V200R001, V200R002, V200R003, V200R005C00SPC300 and earlier versions could allow remote attackers to send a special SSH packet to the VRP device to cause a denial of service. | ||||
| CVE-2012-1301 | 1 Umbraco | 1 Umbraco Cms | 2025-04-20 | 9.8 Critical |
| The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to proxy requests on their behalf via the "url" parameter. | ||||
| CVE-2014-9754 | 1 Viprinet | 2 Multichannel Vpn Router 300, Multichannel Vpn Router 300 Firmware | 2025-04-20 | N/A |
| The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before initiating the exchange, which allows an attacker to perform a Man in the Middle attack. | ||||