Export limit exceeded: 26300 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26300 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2025 | 1 Ibm | 1 Websphere Extreme Scale | 2025-04-12 | N/A |
| IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2015-0602 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2025-04-12 | N/A |
| The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. | ||||
| CVE-2015-1094 | 1 Apple | 2 Iphone Os, Tvos | 2025-04-12 | N/A |
| IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. | ||||
| CVE-2015-2018 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-12 | N/A |
| IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2016-9134 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure. | ||||
| CVE-2016-9135 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure. | ||||
| CVE-2016-9157 | 1 Siemens | 1 Sicam Pas\/pqs | 2025-04-12 | 9.8 Critical |
| A vulnerability in Siemens SICAM PAS (all versions before V8.09) could allow a remote attacker to cause a Denial of Service condition and potentially lead to unauthenticated remote code execution by sending specially crafted packets to port 19234/TCP. | ||||
| CVE-2015-6428 | 1 Cisco | 1 Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter | 2025-04-12 | N/A |
| Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958. | ||||
| CVE-2013-0174 | 1 Theforeman | 1 Foreman | 2025-04-12 | N/A |
| The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request. | ||||
| CVE-2015-6426 | 1 Cisco | 1 Prime Network Services Controller | 2025-04-12 | N/A |
| Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427. | ||||
| CVE-2016-9178 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel before 4.7.5 does not initialize a certain integer variable, which allows local users to obtain sensitive information from kernel stack memory by triggering failure of a get_user_ex call. | ||||
| CVE-2016-9184 | 1 Exponentcms | 1 Exponent Cms | 2025-04-12 | N/A |
| In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table names are wrapped with a character that common filters do not filter, allowing for SQL Injection. Impact is Information Disclosure. | ||||
| CVE-2016-9207 | 1 Cisco | 1 Expressway | 2025-04-12 | N/A |
| A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthenticated, remote attacker to initiate TCP connections to arbitrary hosts. This does not allow for full traffic proxy through the Expressway. Affected Products: This vulnerability affects Cisco Expressway Series Software and Cisco TelePresence Video Communication Server (VCS). More Information: CSCvc10834. Known Affected Releases: X8.7.2 X8.8.3. Known Fixed Releases: X8.9. | ||||
| CVE-2016-9211 | 1 Cisco | 2 Ons 15454 Sdh Multiservice Platform, Ons 15454 Sdh Multiservice Platform Software | 2025-04-12 | N/A |
| A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms could allow an unauthenticated, remote attacker to cause the controller card to unexpectedly reload. More Information: CSCuw26032. Known Affected Releases: 10.51. | ||||
| CVE-2016-9212 | 1 Cisco | 1 Web Security Appliance | 2025-04-12 | N/A |
| A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS Software for Cisco Web Security Appliances could allow an unauthenticated, remote attacker to connect to a secure website over Secure Sockets Layer (SSL) or Transport Layer Security (TLS), even if the WSA is configured to block connections to the website. Affected Products: This vulnerability affects Cisco Web Security Appliances if the HTTPS decryption options are enabled and configured for the device to block connections to certain websites. More Information: CSCvb49012. Known Affected Releases: 9.0.1-162 9.1.1-074. | ||||
| CVE-2016-9224 | 1 Cisco | 1 Jabber Guest | 2025-04-12 | N/A |
| A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to initiate connections to arbitrary hosts. More Information: CSCvc31635. Known Affected Releases: 10.6(9). Known Fixed Releases: 11.0(0). | ||||
| CVE-2015-2684 | 2 Debian, Shibboleth | 2 Debian Linux, Service Provider | 2025-04-12 | N/A |
| Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. | ||||
| CVE-2015-2977 | 1 Webservice-dic | 1 Yoyaku | 2025-04-12 | N/A |
| Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors. | ||||
| CVE-2015-1096 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2025-04-12 | N/A |
| IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. | ||||
| CVE-2016-9839 | 1 Osgeo | 1 Mapserver | 2025-04-12 | 7.5 High |
| In MapServer before 7.0.3, OGR driver error messages are too verbose and may leak sensitive information if data connection fails. | ||||