Export limit exceeded: 26335 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26335 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1361 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, and Apple TV before 6.1.2 does not ensure that a DTLS message is accepted only for a DTLS connection, which allows remote attackers to obtain potentially sensitive information from uninitialized process memory by providing a DTLS message within a TLS connection.
CVE-2014-3410 1 Cisco 1 Adaptive Security Appliance Software 2025-04-12 N/A
The syslog-management subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to obtain an administrator password by waiting for an administrator to copy a file, and then (1) sniffing the network for a syslog message or (2) reading a syslog message in a file on a syslog server, aka Bug IDs CSCuq22357 and CSCur41860.
CVE-2014-9750 4 Debian, Ntp, Oracle and 1 more 7 Debian Linux, Ntp, Linux and 4 more 2025-04-12 N/A
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
CVE-2015-5386 1 Siemens 2 Sicam Mic, Sicam Mic Firmware 2025-04-12 N/A
Siemens SICAM MIC devices with firmware before 2404 allow remote attackers to bypass authentication and obtain administrative access via unspecified HTTP requests.
CVE-2015-2045 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2025-04-12 N/A
The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors.
CVE-2014-9584 7 Canonical, Debian, Linux and 4 more 22 Ubuntu Linux, Debian Linux, Linux Kernel and 19 more 2025-04-12 N/A
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.
CVE-2015-5299 4 Canonical, Debian, Redhat and 1 more 5 Ubuntu Linux, Debian Linux, Enterprise Linux and 2 more 2025-04-12 5.3 Medium
The shadow_copy2_get_shadow_copy_data function in modules/vfs_shadow_copy2.c in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 does not verify that the DIRECTORY_LIST access right has been granted, which allows remote attackers to access snapshots by visiting a shadow copy directory.
CVE-2013-6887 1 Uclouvain 1 Openjpeg 2025-04-12 N/A
OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.
CVE-2015-7047 1 Apple 4 Iphone Os, Mac Os X, Tvos and 1 more 2025-04-12 N/A
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed.
CVE-2016-2848 2 Isc, Redhat 6 Bind, Enterprise Linux, Rhel Aus and 3 more 2025-04-12 N/A
ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via malformed options data in an OPT resource record.
CVE-2016-2844 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google Chrome before 49.0.2623.75, does not properly determine when anonymous block wrappers may exist, which allows remote attackers to cause a denial of service (incorrect cast and assertion failure) or possibly have unspecified other impact via crafted JavaScript code.
CVE-2014-3859 1 Isc 1 Bind 2025-04-12 N/A
libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.
CVE-2015-6161 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass."
CVE-2014-1571 2 Fedoraproject, Mozilla 2 Fedora, Bugzilla 2025-04-12 N/A
Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before 4.2.11, 4.3.x and 4.4.x before 4.4.6, and 4.5.x before 4.5.6 allows remote authenticated users to obtain sensitive private-comment information by leveraging a role as a flag recipient, related to Bug.pm, Flag.pm, and a mail template.
CVE-2014-7185 3 Apple, Python, Redhat 4 Mac Os X, Python, Enterprise Linux and 1 more 2025-04-12 N/A
Integer overflow in bufferobject.c in Python before 2.7.8 allows context-dependent attackers to obtain sensitive information from process memory via a large size and offset in a "buffer" function.
CVE-2016-9185 2 Openstack, Redhat 2 Heat, Openstack 2025-04-12 N/A
In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0 <=6.1.0, and ==7.0.0.
CVE-2016-9375 2 Debian, Wireshark 2 Debian Linux, Wireshark 2025-04-12 N/A
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
CVE-2015-6046 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2013-7110 1 Transifex 1 Transifex 2025-04-12 N/A
Transifex command-line client before 0.10 does not validate X.509 certificates for data transfer connections, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-2073.
CVE-2014-3517 2 Openstack, Redhat 2 Nova, Openstack 2025-04-12 N/A
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attackers to guess instance ID signatures via a brute-force attack that relies on timing differences in responses to instance metadata requests.