Export limit exceeded: 25075 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25075 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2045 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2025-04-12 | N/A |
| The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-2053 | 1 Mcafee | 1 Mcafee Agent | 2025-04-12 | N/A |
| The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, when the "Accept connections only from the ePO server" option is disabled, allows remote attackers to conduct clickjacking attacks via a crafted web page, aka an "http-generic-click-jacking" vulnerability. | ||||
| CVE-2015-2055 | 1 Zhone Technologies | 2 Gpon 2520, Gpon 2520 Firmware | 2025-04-12 | N/A |
| Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter. | ||||
| CVE-2015-2058 | 1 Jabberd2 | 1 Jabberd2 | 2025-04-12 | N/A |
| c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID. | ||||
| CVE-2015-2076 | 1 Sap | 1 Businessobjects Edge | 2025-04-12 | N/A |
| The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. | ||||
| CVE-2015-2077 | 1 Komodia | 1 Redirector Sdk | 2025-04-12 | N/A |
| The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5.8, and other products, uses the same X.509 certificate private key for a root CA certificate across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging knowledge of this key, as originally reported for Superfish VisualDiscovery on certain Lenovo Notebook laptop products. | ||||
| CVE-2015-2080 | 2 Eclipse, Fedoraproject | 2 Jetty, Fedora | 2025-04-12 | N/A |
| The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak. | ||||
| CVE-2015-2108 | 1 Hp | 1 Operations Orchestration | 2025-04-12 | N/A |
| Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors. | ||||
| CVE-2015-2121 | 1 Hp | 1 Network Virtualization | 2025-04-12 | N/A |
| HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569. | ||||
| CVE-2015-2136 | 1 Hp | 1 Arcsight Logger | 2025-04-12 | N/A |
| HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. | ||||
| CVE-2015-2139 | 1 Hp | 2 Matrix Operating Environment, Systems Insight Manager | 2025-04-12 | N/A |
| HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403. | ||||
| CVE-2015-2140 | 1 Hp | 2 Matrix Operating Environment, Systems Insight Manager | 2025-04-12 | N/A |
| HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | ||||
| CVE-2015-2141 | 2 Cryptopp, Opensuse | 2 Crypto\+\+ Library, Opensuse | 2025-04-12 | N/A |
| The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack. | ||||
| CVE-2015-3885 | 2 Dcraw Project, Fedoraproject | 2 Dcraw, Fedora | 2025-04-12 | N/A |
| Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to the len variable. | ||||
| CVE-2015-3900 | 4 Oracle, Redhat, Ruby-lang and 1 more | 5 Solaris, Enterprise Linux, Rhel Software Collections and 2 more | 2025-04-12 | N/A |
| RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack." | ||||
| CVE-2015-3912 | 1 Huawei | 3 E355s Mobile Wifi, E355s Mobile Wifi Firmware, Webui | 2025-04-12 | N/A |
| Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands. | ||||
| CVE-2016-9375 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2025-04-12 | N/A |
| In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful. | ||||
| CVE-2015-3923 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2025-04-12 | N/A |
| Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php. | ||||
| CVE-2015-3943 | 1 Advantech | 1 Webaccess | 2025-04-12 | N/A |
| Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. | ||||
| CVE-2015-3949 | 1 Sinapsi | 2 Esolar Light, Esolar Light Firmware | 2025-04-12 | N/A |
| Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page. | ||||