Export limit exceeded: 328772 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (73318 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-5333 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2024-11-21 | 7.5 High |
| Memory leak in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (memory consumption) via a large number of ASN.1 object identifiers in X.509 certificates. | ||||
| CVE-2015-5290 | 1 Ratbox | 1 Ircd-ratbox | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability exists in ircd-ratbox 3.0.9 in the MONITOR Command Handler. | ||||
| CVE-2015-5236 | 1 Icedtea-web Project | 1 Icedtea-web | 2024-11-21 | 7.5 High |
| It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value. | ||||
| CVE-2015-5230 | 2 Debian, Powerdns | 2 Debian Linux, Authoritative | 2024-11-21 | 7.5 High |
| The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. | ||||
| CVE-2015-5201 | 1 Redhat | 3 Enterprise Linux, Enterprise Virtualization, Enterprise Virtualization Hypervisor | 2024-11-21 | 7.5 High |
| VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors. | ||||
| CVE-2015-4553 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 8.8 High |
| A file upload issue exists in DeDeCMS before 5.7-sp1, which allows malicious users getshell. | ||||
| CVE-2015-4411 | 2 Fedoraproject, Mongodb | 2 Fedora, Bson | 2024-11-21 | 7.5 High |
| The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0.4 as used in rubygem-moped allows remote attackers to cause a denial of service (worker resource consumption) via a crafted string. NOTE: This issue is due to an incomplete fix to CVE-2015-4410. | ||||
| CVE-2015-4410 | 2 Fedoraproject, Moped Project | 2 Fedora, Moped | 2024-11-21 | 7.5 High |
| The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string. | ||||
| CVE-2015-4041 | 1 Gnu | 1 Coreutils | 2024-11-21 | 7.8 High |
| The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. | ||||
| CVE-2015-3641 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-21 | 7.5 High |
| bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack. | ||||
| CVE-2015-3611 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 8.8 High |
| A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 and earlier via unspecified vectors, which could let a malicious user run systems commands when executing a report. | ||||
| CVE-2015-3424 | 1 Accentis | 1 Content Resource Management System | 2024-11-21 | 8.8 High |
| SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter. | ||||
| CVE-2015-3423 | 1 Netcracker | 1 Resource Management System | 2024-11-21 | 8.8 High |
| Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter. | ||||
| CVE-2015-3406 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2024-11-21 | 7.5 High |
| The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. | ||||
| CVE-2015-3309 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297. | ||||
| CVE-2015-3298 | 1 Yubico | 1 Ykneo-openpgp | 2024-11-21 | 8.8 High |
| Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated. | ||||
| CVE-2015-3173 | 1 Custom Content Type Manager Project | 1 Custom Content Type Manager | 2024-11-21 | 7.2 High |
| custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution. | ||||
| CVE-2015-3167 | 4 Canonical, Debian, Postgresql and 1 more | 5 Ubuntu Linux, Debian Linux, Postgresql and 2 more | 2024-11-21 | 7.5 High |
| contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | ||||
| CVE-2015-3159 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-11-21 | 7.8 High |
| The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges. | ||||
| CVE-2015-3151 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-11-21 | 7.8 High |
| Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method. | ||||