Export limit exceeded: 343783 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343783 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5278 | 4 Arista, Canonical, Fedoraproject and 1 more | 4 Eos, Ubuntu Linux, Fedora and 1 more | 2024-11-21 | 6.5 Medium |
| The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors related to receiving packets. | ||||
| CVE-2015-5243 | 1 Phpwhois Project | 1 Phpwhois | 2024-11-21 | N/A |
| phpWhois allows remote attackers to execute arbitrary code via a crafted whois record. | ||||
| CVE-2015-5239 | 5 Arista, Canonical, Fedoraproject and 2 more | 8 Eos, Ubuntu Linux, Fedora and 5 more | 2024-11-21 | 6.5 Medium |
| Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | ||||
| CVE-2015-5236 | 1 Icedtea-web Project | 1 Icedtea-web | 2024-11-21 | 7.5 High |
| It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value. | ||||
| CVE-2015-5230 | 2 Debian, Powerdns | 2 Debian Linux, Authoritative | 2024-11-21 | 7.5 High |
| The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. | ||||
| CVE-2015-5216 | 1 Ipsilon-project | 1 Ipsilon | 2024-11-21 | 6.1 Medium |
| The Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly escape certain characters in a Python exception-message template, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via an HTTP response. | ||||
| CVE-2015-5215 | 1 Ipsilon-project | 1 Ipsilon | 2024-11-21 | 6.1 Medium |
| The default configuration of the Jinja templating engine used in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not enable auto-escaping, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via template variables. NOTE: This may be a duplicate of CVE-2015-5216. Moreover, the Jinja development team does not enable auto-escape by default for performance issues as explained in https://jinja.palletsprojects.com/en/master/faq/#why-is-autoescaping-not-the-default. | ||||
| CVE-2015-5201 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization, Enterprise Virtualization Hypervisor | 2024-11-21 | 7.5 High |
| VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors. | ||||
| CVE-2015-5160 | 2 Libvirt, Redhat | 11 Libvirt, Enterprise Linux, Enterprise Linux Desktop and 8 more | 2024-11-21 | N/A |
| libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. | ||||
| CVE-2015-5159 | 1 Kdcproxy Project | 1 Kdcproxy | 2024-11-21 | N/A |
| python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request. | ||||
| CVE-2015-5079 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | N/A |
| Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter. | ||||
| CVE-2015-5072 | 1 Bmc | 1 Remedy Ar System Server | 2024-11-21 | 6.5 Medium |
| The BIRT Engine servlet in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary local files via the __imageid parameter. | ||||
| CVE-2015-5071 | 1 Bmc | 1 Remedy Ar System Server | 2024-11-21 | 6.5 Medium |
| AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 for BMC Remedy AR System Server allows remote authenticated users to "navigate" to arbitrary files via the __report parameter of the BIRT viewer servlet. | ||||
| CVE-2015-5045 | 1 Ibm | 1 Rational License Key Server | 2024-11-21 | N/A |
| The Administration and Reporting tool in IBM Rational License Key Server (RLKS) before 8.1.4.9 iFix 04 allows local users to obtain sensitive information via unspecified vectors. IBM X-Force ID: 106938. | ||||
| CVE-2015-5039 | 1 Ibm | 1 Rational Clearcase | 2024-11-21 | N/A |
| The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715. | ||||
| CVE-2015-5016 | 1 Ibm | 14 Change And Configuration Management Database, Control Desk, Maximo Asset Management and 11 more | 2024-11-21 | N/A |
| IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management Essentials 7.1 and 7.5; Control Desk 7.5 and 7.6; Tivoli Asset Management for IT 7.1 and 7.2; and certain other IBM products allow remote authenticated users to bypass intended access restrictions and read arbitrary ticket worklog entries via unspecified vectors. IBM X-Force ID: 106460. | ||||
| CVE-2015-4987 | 1 Ibm | 1 Tealeaf Customer Experience | 2024-11-21 | N/A |
| The search and replay servers in IBM Tealeaf Customer Experience 8.0 through 9.0.2 allow remote attackers to bypass authentication via unspecified vectors. IBM X-Force ID: 105896. | ||||
| CVE-2015-4954 | 1 Ibm | 1 Bigfix Remote Control | 2024-11-21 | N/A |
| IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 improperly allows self-signed certificates, which might allow remote attackers to conduct spoofing attacks via unspecified vectors. IBM X-Force ID: 105200. | ||||
| CVE-2015-4953 | 1 Ibm | 1 Bigfix Remote Control | 2024-11-21 | N/A |
| IBM BigFix Remote Control before Interim Fix pack 9.1.2-TIV-IBRC912-IF0001 makes it easier for man-in-the-middle attackers to decrypt traffic by leveraging a weakness in its encryption protocol. IBM X-Force ID: 105197. | ||||
| CVE-2015-4952 | 1 Ibm | 1 Endpoint Manager For Remote Control | 2024-11-21 | N/A |
| The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 and 9.1.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. IBM X-Force ID: 105196. | ||||