Export limit exceeded: 10009 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10009 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0219 | 1 Ibm | 8 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 5 more | 2024-11-21 | N/A |
| XML external entity (XXE) vulnerability in IBM Rational Team Concert 3.0 before 3.0.1.6 iFix7 Interim Fix 1, 4.0 before 4.0.7 iFix10, 5.0 before 5.0.2 iFix15, and 6.0 before 6.0.1 iFix4 allows remote authenticated users to cause a denial of service via crafted XML data. IBM X-Force ID: 109693. | ||||
| CVE-2015-9550 | 1 Totolink | 16 A850r-v1, A850r-v1 Firmware, F1-v2 and 13 more | 2024-11-21 | 7.5 High |
| An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. By sending a specific hel,xasf packet to the WAN interface, it is possible to open the web management interface on the WAN interface. | ||||
| CVE-2015-9540 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 6.1 Medium |
| Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. | ||||
| CVE-2015-9280 | 1 Mailenable | 1 Mailenable | 2024-11-21 | 10.0 Critical |
| MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. | ||||
| CVE-2015-9261 | 3 Busybox, Canonical, Debian | 3 Busybox, Ubuntu Linux, Debian Linux | 2024-11-21 | 5.5 Medium |
| huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | ||||
| CVE-2015-9238 | 1 Secure-compare Project | 1 Secure-compare | 2024-11-21 | N/A |
| secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length. | ||||
| CVE-2015-8549 | 1 Pyamf | 1 Pyamf | 2024-11-21 | 7.1 High |
| XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows remote attackers to cause a denial of service or read arbitrary files via a crafted Action Message Format (AMF) payload. | ||||
| CVE-2015-8367 | 1 Libraw | 1 Libraw | 2024-11-21 | 9.8 Critical |
| The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. | ||||
| CVE-2015-8094 | 1 Cloudera | 1 Hue | 2024-11-21 | N/A |
| Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter. | ||||
| CVE-2015-8031 | 1 Eclipse | 1 Hudson | 2024-11-21 | 9.8 Critical |
| Hudson (aka org.jvnet.hudson.main:hudson-core) before 3.3.2 allows XXE attacks. | ||||
| CVE-2015-8012 | 1 Lldpd Project | 1 Lldpd | 2024-11-21 | 7.5 High |
| lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. | ||||
| CVE-2015-7968 | 1 Sap | 1 Netweaver Application Server | 2024-11-21 | 4.3 Medium |
| nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. | ||||
| CVE-2015-7461 | 1 Ibm | 1 Connections | 2024-11-21 | N/A |
| XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote authenticated users to cause a denial of service (memory consumption) via crafted XML data. IBM X-Force ID: 108357. | ||||
| CVE-2015-6964 | 1 Multibit | 1 Multibit Hd | 2024-11-21 | 5.3 Medium |
| MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC). | ||||
| CVE-2015-3907 | 1 Codeigniter-restserver Project | 1 Codeigniter-restserver | 2024-11-21 | N/A |
| CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks. | ||||
| CVE-2015-3898 | 1 Bonitasoft | 1 Bonita Bpm Portal | 2024-11-21 | N/A |
| Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving the redirectUrl parameter to (1) bonita/login.jsp or (2) bonita/loginservice. | ||||
| CVE-2015-3406 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2024-11-21 | 7.5 High |
| The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. | ||||
| CVE-2015-3207 | 1 Openshift | 1 Origin | 2024-11-21 | 5.3 Medium |
| In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes. | ||||
| CVE-2015-1811 | 2 Jenkins, Redhat | 2 Cloudbees, Openshift | 2024-11-21 | 7.5 High |
| XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via a crafted XML document. | ||||
| CVE-2015-1809 | 2 Jenkins, Redhat | 2 Cloudbees, Openshift | 2024-11-21 | 7.5 High |
| XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 allows remote attackers to read arbitrary XML files via an XPath query. | ||||