Search Results (24238 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1972 1 Ibm 1 Tivoli Directory Server 2025-04-12 N/A
IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sensitive error-log information via a crafted POST request.
CVE-2015-5178 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server 2025-04-12 N/A
The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
CVE-2015-1970 1 Ibm 1 Websphere Datapower Xc10 Appliance Firmware 2025-04-12 N/A
The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by extracting a card and attaching it elsewhere.
CVE-2013-5919 2 Oisf, Openinfosecfoundation 2 Suricata, Suricata 2025-04-12 N/A
Suricata before 1.4.6 allows remote attackers to cause a denial of service (crash) via a malformed SSL record.
CVE-2016-9564 1 Boa 1 Boa 2025-04-12 N/A
Buffer overflow in send_redirect() in Boa Webserver 0.92r allows remote attackers to DoS via an HTTP GET request requesting a long URI with only '/' and '.' characters.
CVE-2015-7444 1 Ibm 1 Websphere Commerce 2025-04-12 N/A
The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vectors.
CVE-2016-6313 4 Canonical, Debian, Gnupg and 1 more 5 Ubuntu Linux, Debian Linux, Gnupg and 2 more 2025-04-12 N/A
The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and 1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits by leveraging knowledge of the previous 4640 bits.
CVE-2013-2809 1 Osisoft 1 Pi Interface 2025-04-12 N/A
The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for DNP3 allows remote attackers to cause a denial of service (interface shutdown) via a crafted TCP packet.
CVE-2014-6345 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 9 and 10 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."
CVE-2015-6864 1 Hp 1 Arcsight Logger 2025-04-12 N/A
HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
CVE-2015-6863 1 Hp 1 Arcsight Logger 2025-04-12 N/A
HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component.
CVE-2015-2136 1 Hp 1 Arcsight Logger 2025-04-12 N/A
HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.
CVE-2016-9863 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
An issue was discovered in phpMyAdmin. With a very large request to table partitioning function, it is possible to invoke a Denial of Service (DoS) attack. All 4.6.x versions (prior to 4.6.5) are affected.
CVE-2016-3698 4 Canonical, Debian, Libndp and 1 more 11 Ubuntu Linux, Debian Linux, Libndp and 8 more 2025-04-12 N/A
libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network.
CVE-2016-7220 1 Microsoft 1 Windows 10 2025-04-12 N/A
Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka "Virtual Secure Mode Information Disclosure Vulnerability."
CVE-2016-4758 2 Apple, Microsoft 4 Iphone Os, Itunes, Safari and 1 more 2025-04-12 N/A
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2014-6340 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information Disclosure Vulnerability."
CVE-2015-1000007 1 Wptf-image-gallery Project 1 Wptf-image-gallery 2025-04-12 N/A
Remote file download vulnerability in wptf-image-gallery v1.03
CVE-2014-2957 1 Exim 1 Exim 2025-04-12 N/A
The dmarc_process function in dmarc.c in Exim before 4.82.1, when EXPERIMENTAL_DMARC is enabled, allows remote attackers to execute arbitrary code via the From header in an email, which is passed to the expand_string function.
CVE-2015-6790 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.