Export limit exceeded: 328772 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 73318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (73318 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3150 | 1 Redhat | 2 Automatic Bug Reporting Tool, Enterprise Linux | 2024-11-21 | 7.1 High |
| abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method. | ||||
| CVE-2015-3140 | 1 Synametrics | 3 Synaman, Syncrify, Syntail | 2024-11-21 | 8.8 High |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567 | ||||
| CVE-2015-2929 | 1 Torproject | 1 Tor | 2024-11-21 | 7.5 High |
| The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and application exit) via a malformed HS descriptor. | ||||
| CVE-2015-2928 | 1 Torproject | 1 Tor | 2024-11-21 | 7.5 High |
| The Hidden Service (HS) server implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unspecified vectors. | ||||
| CVE-2015-2802 | 4 Hp, Linux, Microsoft and 1 more | 6 Asset Manager, Asset Manager Cloudsystem Chargeback, Sitescope and 3 more | 2024-11-21 | 7.5 High |
| An Information Disclosure vulnerability exists in HP SiteScope 11.2 and 11.3 on Windows, Linux and Solaris, HP Asset Manager 9.30 through 9.32, 9.40 through 9.41, 9.50, and Asset Manager Cloudsystem Chargeback 9.40, which could let a remote malicious user obtain sensitive information. This is the TLS vulnerability known as the RC4 cipher Bar Mitzvah vulnerability. | ||||
| CVE-2015-2689 | 1 Torproject | 1 Tor | 2024-11-21 | 7.5 High |
| Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | ||||
| CVE-2015-2688 | 1 Torproject | 1 Tor | 2024-11-21 | 7.5 High |
| buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle unexpected arrival times of buffers with invalid layouts, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets. | ||||
| CVE-2015-2325 | 5 Mariadb, Opensuse, Pcre and 2 more | 5 Mariadb, Opensuse, Pcre and 2 more | 2024-11-21 | 7.8 High |
| The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier. | ||||
| CVE-2015-2202 | 2 Arubanetworks, Hp | 2 Airwave, Airwave | 2024-11-21 | 7.2 High |
| Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS. | ||||
| CVE-2015-2201 | 2 Arubanetworks, Hp | 2 Airwave, Airwave | 2024-11-21 | 7.2 High |
| Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows VisualRF remote OS command execution and file disclosure by administrative users. | ||||
| CVE-2015-2100 | 1 Webgate | 2 Control Center, Edvr Manager | 2024-11-21 | 8.8 High |
| Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 function in the WESPDiscovery.WESPDiscoveryCtrl.1 control. | ||||
| CVE-2015-2099 | 1 Webgateinc | 1 Control Center | 2024-11-21 | 8.8 High |
| Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.LoginControllerCtrl.1 control, or (3) GetThumbnail function in the WESPPlayback.WESPPlaybackCtrl.1 control. | ||||
| CVE-2015-2098 | 1 Webgateinc | 1 Edvr Manager | 2024-11-21 | 8.8 High |
| Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control. | ||||
| CVE-2015-2074 | 1 Sap | 1 Businessobjects Edge | 2024-11-21 | 7.5 High |
| The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681. | ||||
| CVE-2015-2073 | 1 Sap | 1 Businessobjects Edge | 2024-11-21 | 7.5 High |
| The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682. | ||||
| CVE-2015-2062 | 2 Huge-it, Microsoft | 2 Huge-it Slider, Windows | 2024-11-21 | 7.2 High |
| Multiple SQL injection vulnerabilities in the Huge-IT Slider (slider-image) plugin before 2.7.0 for WordPress allow remote administrators to execute arbitrary SQL commands via the removeslide parameter in a popup_posts or edit_cat action in the sliders_huge_it_slider page to wp-admin/admin.php. | ||||
| CVE-2015-20110 | 1 Jhipster | 1 Jhipster | 2024-11-21 | 7.5 High |
| JHipster generator-jhipster before 2.23.0 allows a timing attack against validateToken due to a string comparison that stops at the first character that is different. Attackers can guess tokens by brute forcing one character at a time and observing the timing. This of course drastically reduces the search space to a linear amount of guesses based on the token length times the possible characters. | ||||
| CVE-2015-20107 | 4 Fedoraproject, Netapp, Python and 1 more | 7 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 4 more | 2024-11-21 | 7.6 High |
| In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | ||||
| CVE-2015-20067 | 1 Wp Attachment Export Project | 1 Wp Attachment Export | 2024-11-21 | 7.5 High |
| The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all the details of attachments/posts on a Wordpress | ||||
| CVE-2015-20001 | 1 Rust-lang | 1 Rust | 2024-11-21 | 7.5 High |
| In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation. | ||||