Export limit exceeded: 29863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29863 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1309 | 1 Sap | 1 Netweaver Abap | 2025-04-12 | N/A |
| XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638. | ||||
| CVE-2015-1317 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2025-04-12 | N/A |
| Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists. | ||||
| CVE-2015-1321 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2025-04-12 | N/A |
| Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage. | ||||
| CVE-2015-1352 | 3 Apple, Php, Redhat | 3 Mac Os X, Php, Rhel Software Collections | 2025-04-12 | N/A |
| The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted name. | ||||
| CVE-2015-1370 | 1 Marked Project | 1 Marked | 2025-04-12 | N/A |
| Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. | ||||
| CVE-2015-1414 | 3 Debian, Freebsd, Netgate | 3 Debian Linux, Freebsd, Pfsense | 2025-04-12 | N/A |
| Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which triggers an incorrect size calculation and allocation of insufficient memory. | ||||
| CVE-2015-1484 | 1 Symantec | 1 Workspace Streaming | 2025-04-12 | N/A |
| Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | ||||
| CVE-2015-1545 | 1 Openldap | 1 Openldap | 2025-04-12 | N/A |
| The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in a deref control in a search request. | ||||
| CVE-2015-1546 | 3 Apple, Openldap, Opensuse | 3 Mac Os X, Openldap, Opensuse | 2025-04-12 | N/A |
| Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched values control. | ||||
| CVE-2015-2087 | 1 Avatar Uploader Project | 1 Avatar Uploader | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via unspecified vectors. | ||||
| CVE-2015-2096 | 1 Webgateinc | 1 Edvr Manager | 2025-04-12 | N/A |
| Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP address and a page reload. | ||||
| CVE-2015-2167 | 1 Ericsson | 1 Drutt Mobile Service Delivery Platform | 2025-04-12 | N/A |
| Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter to jsp/start-3pi-manager.jsp. | ||||
| CVE-2015-2194 | 1 Digitalnature | 1 Fusion | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension in a fusion_save action, then accessing it via unspecified vectors. | ||||
| CVE-2015-2215 | 1 Services Single Sign-on Server Helper Project | 1 Services Single Sign-on Server Helper | 2025-04-12 | N/A |
| Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified parameters. | ||||
| CVE-2015-2296 | 3 Canonical, Mageia Project, Python | 3 Ubuntu Linux, Mageia, Requests | 2025-04-12 | N/A |
| The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks via a cookie without a host value in a redirect. | ||||
| CVE-2015-2346 | 1 Huawei | 1 Seq Analyst | 2025-04-12 | N/A |
| XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. | ||||
| CVE-2015-2876 | 2 Lacie, Seagate | 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more | 2025-04-12 | N/A |
| Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows remote attackers to execute arbitrary code by uploading a file to /media/sda2 during a Wi-Fi session. | ||||
| CVE-2015-2904 | 1 Actiontec | 2 Ncs01 Firmware, Gt784wn Wireless N Dsl Modem | 2025-04-12 | N/A |
| Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interface. | ||||
| CVE-2015-2906 | 1 Mobile Devices | 1 C4 Obd-ii Dongle Firmware | 2025-04-12 | N/A |
| Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, store SSH private keys that are the same across different customers' installations, which makes it easier for remote attackers to obtain access by leveraging knowledge of a private key from another installation. | ||||
| CVE-2015-2903 | 1 Hp | 1 Arcsight Smartconnectors | 2025-04-12 | N/A |
| The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 has a hardcoded password, which makes it easier for remote attackers to obtain administrative access by leveraging knowledge of this password. | ||||