Search Results (24238 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-3859 1 Isc 1 Bind 2025-04-12 N/A
libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet, as demonstrated by an attack against named, dig, or delv.
CVE-2015-4284 1 Cisco 7 Asr 9001, Asr 9006, Asr 9010 and 4 more 2025-04-12 N/A
The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka Bug ID CSCur70670.
CVE-2015-6563 3 Apple, Openbsd, Redhat 3 Mac Os X, Openssh, Enterprise Linux 2025-04-12 N/A
The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation attacks by leveraging any SSH login access in conjunction with control of the sshd uid to send a crafted MONITOR_REQ_PWNAM request, related to monitor.c and monitor_wrap.c.
CVE-2016-5386 4 Fedoraproject, Golang, Oracle and 1 more 7 Fedora, Go, Linux and 4 more 2025-04-12 8.1 High
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
CVE-2013-6769 2 Google, Koushik Dutta 2 Android, Superuser 2025-04-12 N/A
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su.
CVE-2016-2168 1 Apache 1 Subversion 2025-04-12 N/A
The req_check_access function in the mod_authz_svn module in the httpd server in Apache Subversion before 1.8.16 and 1.9.x before 1.9.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) via a crafted header in a (1) MOVE or (2) COPY request, involving an authorization check.
CVE-2015-3153 5 Apple, Canonical, Debian and 2 more 6 Mac Os X, Ubuntu Linux, Debian Linux and 3 more 2025-04-12 N/A
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.
CVE-2014-3081 1 Ibm 2 Global Console Manager 16 Firmware, Global Console Manager 32 Firmware 2025-04-12 N/A
prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches with firmware before 1.20.20.23447 allows remote authenticated users to read arbitrary files via the filename parameter.
CVE-2014-6107 1 Ibm 1 Security Identity Manager 2025-04-12 N/A
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to obtain sensitive cookie information by sniffing the network during an HTTP session.
CVE-2016-0298 1 Ibm 1 Security Guardium 2025-04-12 N/A
Directory traversal vulnerability in IBM Security Guardium Database Activity Monitor 10 before 10.0p100 allows remote authenticated users to read arbitrary files via a crafted URL.
CVE-2016-1342 1 Cisco 1 Secure Firewall Management Center 2025-04-12 N/A
The device login page in Cisco FirePOWER Management Center 5.3 through 6.0.0.1 allows remote attackers to obtain potentially sensitive software-version information by reading help files, aka Bug ID CSCuy36654.
CVE-2014-0684 1 Cisco 5 Nexus 7000, Nexus 7000 10-slot, Nexus 7000 18-slot and 2 more 2025-04-12 N/A
Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136.
CVE-2015-5340 1 Moodle 1 Moodle 2025-04-12 N/A
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not consider the moodle/badges:viewbadges capability, which allows remote authenticated users to obtain sensitive badge information via a request involving (1) badges/overview.php or (2) badges/view.php.
CVE-2016-1501 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote authenticated users to obtain sensitive information via unspecified vectors, which reveals the installation path in the resulting exception messages.
CVE-2015-6086 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2014-6105 1 Ibm 1 Security Identity Manager 2025-04-12 N/A
IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
CVE-2016-1494 3 Fedoraproject, Opensuse, Python 4 Fedora, Leap, Opensuse and 1 more 2025-04-12 N/A
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
CVE-2015-2381 1 Microsoft 6 Windows 7, Windows 8, Windows 8.1 and 3 more 2025-04-12 N/A
win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Win32k Information Disclosure Vulnerability," a different vulnerability than CVE-2015-2382.
CVE-2015-3097 2 Adobe, Microsoft 5 Air, Air Sdk, Air Sdk \& Compiler and 2 more 2025-04-12 N/A
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Windows 7 systems do not properly select a random memory address for the Flash heap, which makes it easier for attackers to conduct unspecified attacks by predicting this address.
CVE-2016-8100 1 Intel 1 Integrated Performance Primitives 2025-04-12 N/A
Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack.