Export limit exceeded: 344151 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344151 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344151 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0205 | 1 Ibm | 1 Cloud Orchestrator | 2024-11-21 | N/A |
| A vulnerability has been identified in IBM Cloud Orchestrator 2.3, 2.3.0.1, 2.4, and 2.4.0.1 that could allow an attacker after authentication to enumerate valid users of the system. IBM X-Force ID: 109394. | ||||
| CVE-2015-9551 | 1 Totolink | 16 A850r-v1, A850r-v1 Firmware, F1-v2 and 13 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter. | ||||
| CVE-2015-9550 | 1 Totolink | 16 A850r-v1, A850r-v1 Firmware, F1-v2 and 13 more | 2024-11-21 | 7.5 High |
| An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface. | ||||
| CVE-2015-9549 | 1 Ocportal | 1 Ocportal | 2024-11-21 | 6.1 Medium |
| A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php. | ||||
| CVE-2015-9548 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed. | ||||
| CVE-2015-9547 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is "Unhandled exception in Dalvik VM," "Application not responding ANR event," or "Crash on an application's native code." The Samsung ID is SVE-2015-2885 (October 2015). | ||||
| CVE-2015-9546 | 1 Google | 1 Android | 2024-11-21 | 4.8 Medium |
| An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16. In some cases, HTTP is used for an Inputmethod, rather than HTTPS. A man-in-the-middle attacker can modify the client-server data stream to insert directory traversal sequences into an extracted file path. The Samsung ID is SVE-2015-4363 (November 2015). | ||||
| CVE-2015-9545 | 1 Cross Domain Local Storage Project | 1 Cross Domain Local Storage | 2024-11-21 | 7.1 High |
| An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStorage.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages. | ||||
| CVE-2015-9544 | 1 Cross Domain Local Storage Project | 1 Cross Domain Local Storage | 2024-11-21 | 7.1 High |
| An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages. | ||||
| CVE-2015-9543 | 1 Openstack | 1 Nova | 2024-11-21 | 3.3 Low |
| An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. | ||||
| CVE-2015-9542 | 3 Canonical, Debian, Freeradius | 3 Ubuntu Linux, Debian Linux, Pam Radius | 2024-11-21 | 7.5 High |
| add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. | ||||
| CVE-2015-9541 | 3 Fedoraproject, Qt, Redhat | 3 Fedora, Qt, Enterprise Linux | 2024-11-21 | 7.5 High |
| Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. | ||||
| CVE-2015-9540 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 6.1 Medium |
| Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. | ||||
| CVE-2015-9539 | 1 Fast Secure Contact Form Project | 1 Fast Secure Contact Form | 2024-11-21 | 6.1 Medium |
| The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS. | ||||
| CVE-2015-9538 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 6.5 Medium |
| The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. | ||||
| CVE-2015-9537 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 5.4 Medium |
| The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. | ||||
| CVE-2015-9504 | 1 Weeklynews Theme Project | 1 Weeklynews Theme | 2024-11-21 | 6.1 Medium |
| The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. | ||||
| CVE-2015-9503 | 1 Webmandesign | 1 Modern Theme | 2024-11-21 | 6.1 Medium |
| The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier. | ||||
| CVE-2015-9502 | 1 Webmandesign | 1 Auberge Theme | 2024-11-21 | 6.1 Medium |
| The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier. | ||||
| CVE-2015-9501 | 1 Artificial Intelligence Project | 1 Artificial Intelligence | 2024-11-21 | 6.1 Medium |
| The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root. | ||||