Export limit exceeded: 24693 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24693 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7545 | 4 Canonical, Git Project, Opensuse and 1 more | 6 Ubuntu Linux, Git, Opensuse and 3 more | 2025-04-12 | N/A |
| The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule. | ||||
| CVE-2014-3291 | 1 Cisco | 1 Wireless Lan Controller | 2025-04-12 | N/A |
| Cisco Wireless LAN Controller (WLC) devices allow remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a zero value in Cisco Discovery Protocol packet data that is not properly handled during SNMP polling, aka Bug ID CSCuo12321. | ||||
| CVE-2014-5351 | 1 Mit | 1 Kerberos 5 | 2025-04-12 | N/A |
| The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote authenticated users to forge tickets by leveraging administrative access. | ||||
| CVE-2016-2525 | 1 Wireshark | 1 Wireshark | 2025-04-12 | N/A |
| epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark 2.0.x before 2.0.2 does not limit the amount of header data, which allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted packet. | ||||
| CVE-2016-2776 | 4 Hp, Isc, Oracle and 1 more | 10 Hp-ux, Bind, Linux and 7 more | 2025-04-12 | N/A |
| buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before 9.10.4-P3, and 9.11.x before 9.11.0rc3 does not properly construct responses, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a crafted query. | ||||
| CVE-2011-4367 | 1 Apache | 1 Myfaces | 2025-04-12 | 7.5 High |
| Multiple directory traversal vulnerabilities in MyFaces JavaServer Faces (JSF) in Apache MyFaces Core 2.0.x before 2.0.12 and 2.1.x before 2.1.6 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ln parameter to faces/javax.faces.resource/web.xml or (2) the PATH_INFO to faces/javax.faces.resource/. | ||||
| CVE-2014-9636 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | N/A |
| unzip 6.0 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via an extra field with an uncompressed size smaller than the compressed field size in a zip archive that advertises STORED method compression. | ||||
| CVE-2016-5243 | 1 Linux | 1 Linux Kernel | 2025-04-12 | N/A |
| The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3 does not properly copy a certain string, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message. | ||||
| CVE-2016-5244 | 4 Fedoraproject, Linux, Redhat and 1 more | 11 Fedora, Linux Kernel, Enterprise Linux and 8 more | 2025-04-12 | N/A |
| The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message. | ||||
| CVE-2016-5250 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. | ||||
| CVE-2015-3288 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-12 | 7.8 High |
| mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. | ||||
| CVE-2015-6088 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass." | ||||
| CVE-2016-4706 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| cd9660 in Apple OS X before 10.12 allows local users to cause a denial of service via unspecified vectors. | ||||
| CVE-2016-4715 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Date & Time Pref Pane component in Apple OS X before 10.12 mishandles the .GlobalPreferences file, which allows attackers to discover a user's location via a crafted app. | ||||
| CVE-2016-4745 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does not use constant-time operations for determining username validity, which makes it easier for remote attackers to enumerate user accounts via a timing side-channel attack. | ||||
| CVE-2016-5279 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname information during a local-file drag-and-drop operation via crafted JavaScript code. | ||||
| CVE-2015-2187 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2025-04-12 | N/A |
| The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirements, which allows remote attackers to cause a denial of service (stack memory corruption and application crash) via a crafted packet. | ||||
| CVE-2015-6934 | 1 Vmware | 2 Vcenter Orchestrator, Vrealize Orchestrator | 2025-04-12 | N/A |
| Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. | ||||
| CVE-2015-4652 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-12 | N/A |
| epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the de_emerg_num_list and de_bcd_num functions. | ||||
| CVE-2016-5385 | 8 Debian, Drupal, Fedoraproject and 5 more | 16 Debian Linux, Drupal, Fedora and 13 more | 2025-04-12 | 8.1 High |
| PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. | ||||