Export limit exceeded: 364156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (5494 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1254 3 Debian, Google, Redhat 3 Debian Linux, Chrome, Rhel Extras 2025-04-12 N/A
core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.
CVE-2015-4483 3 Mozilla, Opensuse, Oracle 3 Firefox, Opensuse, Solaris 2025-04-12 N/A
Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request.
CVE-2016-1773 1 Apple 1 Mac Os X 2025-04-12 N/A
The code-signing subsystem in Apple OS X before 10.11.4 does not properly verify file ownership, which allows local users to determine the existence of arbitrary files via unspecified vectors.
CVE-2015-1312 1 Sap 1 Enterprise Resource Planning 2025-04-12 N/A
The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2016-1887 1 Freebsd 1 Freebsd 2025-04-12 N/A
Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory overwrite and kernel panic) or gain privileges via a negative buflen argument, which triggers a heap-based buffer overflow.
CVE-2016-1896 1 Lexmark 28 C4150, C6160, Cs720de and 25 more 2025-04-12 N/A
Race condition in the initialization process on Lexmark printers with firmware ATL before ATL.02.049, CB before CB.02.049, PP before PP.02.049, and YK before YK.02.049 allows remote attackers to bypass authentication by leveraging incorrect detection of the security-jumper status.
CVE-2016-1990 1 Microfocus 1 Arcsight Enterprise Security Manager 2025-04-12 N/A
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows local users to gain privileges for command execution via unspecified vectors.
CVE-2015-1448 1 Siemens 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more 2025-04-12 N/A
The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors.
CVE-2016-6644 1 Emc 1 Documentum D2 2025-04-12 N/A
EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows remote attackers to read arbitrary Docbase documents by leveraging knowledge of an r_object_id value.
CVE-2016-9796 1 Alcatel-lucent 1 Omnivista 8770 Network Management System 2025-04-12 N/A
Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs interfaces, which can be queried using the GIOP protocol on TCP port 30024. An attacker can bypass authentication, and OmniVista invokes methods (AddJobSet, AddJob, and ExecuteNow) that can be used to run arbitrary commands on the server, with the privilege of NT AUTHORITY\SYSTEM on the server. NOTE: The discoverer states "The vendor position is to refer to the technical guidelines of the product security deployment to mitigate this issue, which means applying proper firewall rules to prevent unauthorised clients to connect to the OmniVista server."
CVE-2015-1496 1 Motorola 1 Motorola Scanner Sdk 2025-04-12 N/A
Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe, and (3) ScannerService.exe, which allows local users to gain privileges via unspecified vectors.
CVE-2015-1499 1 Samsung 1 Samsung Security Manager 2025-04-12 N/A
The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request.
CVE-2015-1515 1 Softsphere 1 Defensewall Personal Firewall 2025-04-12 N/A
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call.
CVE-2016-2060 1 Google 1 Android 2025-04-12 N/A
server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application.
CVE-2015-2821 1 Typo3 1 Neos 2025-04-12 N/A
TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors.
CVE-2015-2830 4 Canonical, Debian, Linux and 1 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2025-04-12 N/A
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16.
CVE-2015-5281 1 Redhat 1 Enterprise Linux 2025-04-12 N/A
The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a crafted (1) multiboot or (2) multiboot2 module in the configuration file or physically proximate attackers to bypass intended Secure Boot restrictions and execute non-verified code via the (3) boot menu.
CVE-2015-5286 2 Openstack, Redhat 2 Image Registry And Delivery Service \(glance\), Openstack 2025-04-12 N/A
OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting images that are being uploaded using a token that expires during the process. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9623.
CVE-2015-2984 1 Iodata 2 Wn-g54\/r2, Wn-g54\/r2 Firmware 2025-04-12 N/A
I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests.
CVE-2015-3003 1 Juniper 1 Junos 2025-04-12 N/A
Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R6, 13.3 before 13.3R5, 14.1 before 14.1R3, and 14.2 before 14.2R1 allows local users to gain privileges via crafted combinations of CLI commands and arguments.