Export limit exceeded: 23173 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23173 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2808 | 9 Canonical, Debian, Fujitsu and 6 more | 102 Ubuntu Linux, Debian Linux, Sparc Enterprise M3000 and 99 more | 2025-04-12 | N/A |
| The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue. | ||||
| CVE-2015-3195 | 9 Apple, Canonical, Debian and 6 more | 28 Mac Os X, Ubuntu Linux, Debian Linux and 25 more | 2025-04-12 | 5.3 Medium |
| The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application. | ||||
| CVE-2016-2183 | 6 Cisco, Nodejs, Openssl and 3 more | 14 Content Security Management Appliance, Node.js, Openssl and 11 more | 2025-04-12 | 7.5 High |
| The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. | ||||
| CVE-2016-4182 | 6 Adobe, Apple, Google and 3 more | 9 Flash Player, Flash Player Desktop Runtime, Mac Os X and 6 more | 2025-04-12 | 8.8 High |
| Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. | ||||
| CVE-2016-8864 | 4 Debian, Isc, Netapp and 1 more | 16 Debian Linux, Bind, Data Ontap Edge and 13 more | 2025-04-12 | 7.5 High |
| named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record in the answer section of a response to a recursive query, related to db.c and resolver.c. | ||||
| CVE-2012-2682 | 1 Redhat | 1 Enterprise Mrg | 2025-04-12 | N/A |
| Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, allows attackers with certain database privileges to cause a denial of service (inaccessible page) via a non-ASCII character in the name of a link. | ||||
| CVE-2014-5077 | 4 Canonical, Linux, Redhat and 1 more | 12 Ubuntu Linux, Linux Kernel, Enterprise Linux and 9 more | 2025-04-12 | N/A |
| The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. | ||||
| CVE-2016-3723 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints. | ||||
| CVE-2012-5488 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. | ||||
| CVE-2014-3530 | 1 Redhat | 10 Jboss Bpms, Jboss Brms, Jboss Data Grid and 7 more | 2025-04-12 | N/A |
| The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-2483 | 3 Debian, Oracle, Redhat | 6 Debian Linux, Jdk, Jre and 3 more | 2025-04-12 | N/A |
| Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u60 and OpenJDK 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-4223. NOTE: the previous information is from the July 2014 CPU. Oracle has not commented on another vendor's claim that the issue is related to improper restriction of the "use of privileged annotations." | ||||
| CVE-2014-1904 | 2 Pivotal Software, Redhat | 3 Spring Framework, Jboss Amq, Jboss Fuse | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in web/servlet/tags/form/FormTag.java in Spring MVC in Spring Framework 3.0.0 before 3.2.8 and 4.0.0 before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the requested URI in a default action. | ||||
| CVE-2012-5498 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection. | ||||
| CVE-2012-5497 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL. | ||||
| CVE-2012-5499 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns. | ||||
| CVE-2012-5500 | 2 Plone, Redhat | 2 Plone, Rhel Cluster | 2025-04-12 | N/A |
| The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request. | ||||
| CVE-2014-8121 | 4 Canonical, Gnu, Redhat and 1 more | 5 Ubuntu Linux, Glibc, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) 2.21 and earlier does not properly check if a file is open, which allows remote attackers to cause a denial of service (infinite loop) by performing a look-up on a database while iterating over it, which triggers the file pointer to be reset. | ||||
| CVE-2016-3737 | 1 Redhat | 1 Jboss Operations Network | 2025-04-12 | N/A |
| The server in Red Hat JBoss Operations Network (JON) before 3.3.6 allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. | ||||
| CVE-2014-0473 | 3 Canonical, Djangoproject, Redhat | 3 Ubuntu Linux, Django, Openstack | 2025-04-12 | N/A |
| The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, 1.6.x before 1.6.3, and 1.7.x before 1.7 beta 2 reuses a cached CSRF token for all anonymous users, which allows remote attackers to bypass CSRF protections by reading the CSRF cookie for anonymous users. | ||||
| CVE-2014-0150 | 2 Qemu, Redhat | 3 Qemu, Enterprise Linux, Openstack | 2025-04-12 | N/A |
| Integer overflow in the virtio_net_handle_mac function in hw/net/virtio-net.c in QEMU 2.0 and earlier allows local guest users to execute arbitrary code via a MAC addresses table update request, which triggers a heap-based buffer overflow. | ||||