Export limit exceeded: 364251 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364251 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 26302 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26302 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-4279 1 Imapsync Project 1 Imapsync 2025-04-12 N/A
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.
CVE-2014-0823 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x before 8.5.5.2 allows remote attackers to read arbitrary files via a crafted URL.
CVE-2014-2513 1 Emc 1 Documentum Content Server 2025-04-12 N/A
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, 7.0 before P15, and 7.1 before P06 does not properly check authorization after creation of an object, which allows remote authenticated users to execute arbitrary code with super-user privileges via a custom script.
CVE-2016-4578 5 Canonical, Debian, Linux and 2 more 13 Ubuntu Linux, Debian Linux, Linux Kernel and 10 more 2025-04-12 N/A
sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kernel stack memory via crafted use of the ALSA timer interface, related to the (1) snd_timer_user_ccallback and (2) snd_timer_user_tinterrupt functions.
CVE-2014-1360 1 Apple 1 Iphone Os 2025-04-12 N/A
Lockdown in Apple iOS before 7.1.2 does not properly verify data from activation servers, which makes it easier for physically proximate attackers to bypass the Activation Lock protection mechanism via unspecified vectors.
CVE-2014-2642 1 Hp 1 System Management Homepage 2025-04-12 N/A
HP System Management Homepage (SMH) before 7.4 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2016-6153 3 Fedoraproject, Opensuse, Sqlite 3 Fedora, Leap, Sqlite 2025-04-12 N/A
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
CVE-2012-1111 1 Robert Ancell 1 Lightdm 2025-04-12 N/A
lightdm before 1.0.9 does not properly close file descriptors before opening a child process, which allows local users to write to the lightdm log or have other unspecified impact.
CVE-2014-2733 1 Siemens 1 Sinema Server 2025-04-12 N/A
Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.
CVE-2014-0748 1 Cray 1 Cray Linux Environment 2025-04-12 N/A
apinit on Cray devices with CLE before 4.2.UP02 and 5.x before 5.1.UP00 does not use alpsauth data to validate the UID in a launch message, which allows local users to gain privileges via a modified aprun program, aka ID FN5912.
CVE-2013-6418 1 Pywbem Project 1 Pywbem 2025-04-12 N/A
PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.
CVE-2014-2739 1 Linux 1 Linux Kernel 2025-04-12 N/A
The cma_req_handler function in drivers/infiniband/core/cma.c in the Linux kernel 3.14.x through 3.14.1 attempts to resolve an RDMA over Converged Ethernet (aka RoCE) address that is properly resolved within a different module, which allows remote attackers to cause a denial of service (incorrect pointer dereference and system crash) via crafted network traffic.
CVE-2016-4020 4 Canonical, Debian, Qemu and 1 more 12 Ubuntu Linux, Debian Linux, Qemu and 9 more 2025-04-12 6.5 Medium
The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not initialize the imm32 variable, which allows local guest OS administrators to obtain sensitive information from host stack memory by accessing the Task Priority Register (TPR).
CVE-2014-0954 1 Ibm 1 Websphere Portal 2025-04-12 N/A
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.
CVE-2014-0747 1 Cisco 1 Unified Communications Manager 2025-04-12 N/A
The Certificate Authority Proxy Function (CAPF) CLI implementation in Cisco Unified Communications Manager (Unified CM) 10.0(1) and earlier allows local users to inject commands via unspecified CAPF programs, aka Bug ID CSCum95493.
CVE-2014-2585 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration.
CVE-2014-0684 1 Cisco 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more 2025-04-12 N/A
Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136.
CVE-2016-0785 1 Apache 1 Struts 2025-04-12 N/A
Apache Struts 2.x before 2.3.28 allows remote attackers to execute arbitrary code via a "%{}" sequence in a tag attribute, aka forced double OGNL evaluation.
CVE-2014-6159 1 Ibm 1 Db2 2025-04-12 N/A
IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 through FP4 on Linux, UNIX, and Windows, when immediate AUTO_REVAL is enabled, allows remote authenticated users to cause a denial of service (daemon crash) via a crafted ALTER TABLE statement.
CVE-2015-5208 1 Apache 1 Cordova 2025-04-12 N/A
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.