Export limit exceeded: 344145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9262 | 4 Canonical, Debian, Redhat and 1 more | 8 Ubuntu Linux, Debian Linux, Ansible Tower and 5 more | 2024-11-21 | N/A |
| _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. | ||||
| CVE-2015-9261 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2024-11-21 | 5.5 Medium |
| huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | ||||
| CVE-2015-9260 | 1 Bedita | 1 Bedita | 2024-11-21 | 5.4 Medium |
| An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI. | ||||
| CVE-2015-9259 | 1 Docker | 1 Notary | 2024-11-21 | N/A |
| In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json file after a key compromise, an attacker can produce update files referring to an old root.json file. | ||||
| CVE-2015-9258 | 1 Docker | 1 Notary | 2024-11-21 | N/A |
| In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature Algorithm Not Matched to Key vulnerability. Because an attacker controls the field specifying the signature algorithm, they might (for example) be able to forge a signature by forcing a misinterpretation of an RSA-PSS key as Ed25519 elliptic-curve data. | ||||
| CVE-2015-9257 | 1 Bmc | 1 Remedy Action Request System | 2024-11-21 | N/A |
| BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. | ||||
| CVE-2015-9256 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2024-11-21 | N/A |
| Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information via access to device/VM restore mount points, because they do not have ACLs by default. | ||||
| CVE-2015-9255 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2024-11-21 | N/A |
| Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive information about data, software versions, configuration, and virtual machines via a request to a Web Virtual Directory. | ||||
| CVE-2015-9254 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2024-11-21 | N/A |
| Datto ALTO and SIRIS devices have a default VNC password. | ||||
| CVE-2015-9253 | 1 Php | 1 Php | 2024-11-21 | N/A |
| An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility. | ||||
| CVE-2015-9252 | 1 Qpdf Project | 1 Qpdf | 2024-11-21 | N/A |
| An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc. | ||||
| CVE-2015-9251 | 3 Jquery, Oracle, Redhat | 51 Jquery, Agile Product Lifecycle Management For Process, Banking Platform and 48 more | 2024-11-21 | N/A |
| jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | ||||
| CVE-2015-9250 | 1 Skyboxsecurity | 1 Skybox Platform | 2024-11-21 | N/A |
| An issue was discovered in Skybox Platform before 7.5.201. Directory Traversal exists in /skyboxview/webskybox/attachmentdownload and /skyboxview/webskybox/filedownload via the tempFileName parameter. | ||||
| CVE-2015-9249 | 1 Skyboxsecurity | 1 Skybox Platform | 2024-11-21 | N/A |
| An issue was discovered in Skybox Platform before 7.5.201. SQL Injection exists in /skyboxview/webservice/services/VersionWebService via a soapenv:Body element. | ||||
| CVE-2015-9248 | 1 Skyboxsecurity | 1 Skybox Platform | 2024-11-21 | N/A |
| An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager. | ||||
| CVE-2015-9247 | 1 Skyboxsecurity | 1 Skybox Platform | 2024-11-21 | N/A |
| An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html. | ||||
| CVE-2015-9246 | 1 Skyboxsecurity | 1 Skybox Platform | 2024-11-21 | N/A |
| An issue was discovered in Skybox Platform before 7.5.201. Remote Unauthenticated Code Execution exists via a WAR archive containing a JSP file. The WAR file is sent to /skyboxview-softwareupdate/services/CollectorSoftwareUpdate and the JSP file is reached at /opt/skyboxview/thirdparty/jboss/server/web/work/jboss.web/localhost. | ||||
| CVE-2015-9244 | 1 Mysqljs | 1 Mysql | 2024-11-21 | 9.8 Critical |
| Keys of objects in mysql node module v2.0.0-alpha7 and earlier are not escaped with `mysql.escape()` which could lead to SQL Injection. | ||||
| CVE-2015-9243 | 1 Hapijs | 1 Hapi | 2024-11-21 | N/A |
| When server level, connection level or route level CORS configurations in hapi node module before 11.1.4 are combined and when a higher level config included security restrictions (like origin), a higher level config that included security restrictions (like origin) would have those restrictions overridden by less restrictive defaults (e.g. origin defaults to all origins `*`). | ||||
| CVE-2015-9242 | 1 Ecstatic Project | 1 Ecstatic | 2024-11-21 | N/A |
| Certain input strings when passed to new Date() or Date.parse() in ecstatic node module before 1.4.0 will cause v8 to raise an exception. This leads to a crash and denial of service in ecstatic when this input is passed into the server via the If-Modified-Since header. | ||||