Export limit exceeded: 363318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (2195 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-36315 1 Mozilla 1 Firefox 2025-04-15 4.3 Medium
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox < 103.
CVE-2022-34471 1 Mozilla 1 Firefox 2025-04-15 6.5 Medium
When downloading an update for an addon, the downloaded addon update's version was not verified to match the version selected from the manifest. If the manifest had been tampered with on the server, an attacker could trick the browser into downgrading the addon to a prior version. This vulnerability affects Firefox < 102.
CVE-2022-26510 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2025-04-15 6.5 Medium
A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-34845 1 Robustel 2 R1510, R1510 Firmware 2025-04-15 2.7 Low
A firmware update vulnerability exists in the sysupgrade functionality of Robustel R1510 3.1.16 and 3.3.0. A specially-crafted network packet can lead to arbitrary firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-38472 2 Mozilla, Redhat 5 Firefox, Thunderbird, Enterprise Linux and 2 more 2025-04-15 6.5 Medium
An attacker could have abused XSLT error handling to associate attacker-controlled content with another origin which was displayed in the address bar. This could have been used to fool the user into submitting data intended for the spoofed origin. This vulnerability affects Thunderbird < 102.2, Thunderbird < 91.13, Firefox ESR < 91.13, Firefox ESR < 102.2, and Firefox < 104.
CVE-2022-42927 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2025-04-15 8.1 High
A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.
CVE-2022-29915 1 Mozilla 1 Firefox 2025-04-15 4.3 Medium
The Performance API did not properly hide the fact whether a request cross-origin resource has observed redirects. This vulnerability affects Firefox < 100.
CVE-2022-23556 1 Codeigniter 1 Codeigniter 2025-04-15 7 High
CodeIgniter is a PHP full-stack web framework. This vulnerability may allow attackers to spoof their IP address when the server is behind a reverse proxy. This issue has been patched, please upgrade to version 4.2.11 or later, and configure `Config\App::$proxyIPs`. As a workaround, do not use `$request->getIPAddress()`.
CVE-2022-3347 1 Go-resolver Project 1 Go-resolver 2025-04-14 7.5 High
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain.
CVE-2022-3346 1 Go-resolver Project 1 Go-resolver 2025-04-14 6.5 Medium
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for any other domain.
CVE-2015-4020 2 Oracle, Rubygems 2 Solaris, Rubygems 2025-04-12 N/A
RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.
CVE-2015-8254 1 Rsi Video Technologies 1 Frontel Protocol 2025-04-12 N/A
The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream.
CVE-2014-1498 5 Mozilla, Opensuse, Opensuse Project and 2 more 8 Firefox, Seamonkey, Opensuse and 5 more 2025-04-12 N/A
The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not properly validate a certain key type, which allows remote attackers to cause a denial of service (application crash) via vectors that trigger generation of a key that supports the Elliptic Curve ec-dual-use algorithm.
CVE-2014-6439 1 Elasticsearch 1 Elasticsearch 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2014-6512 2 Oracle, Redhat 7 Jdk, Jre, Jrockit and 4 more 2025-04-12 N/A
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.
CVE-2014-8143 1 Samba 1 Samba 2025-04-12 N/A
Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before 4.2rc4, when an Active Directory Domain Controller (AD DC) is configured, allows remote authenticated users to set the LDB userAccountControl UF_SERVER_TRUST_ACCOUNT bit, and consequently gain privileges, by leveraging delegation of authority for user-account or computer-account creation.
CVE-2014-8165 2 Powerpc-utils Project, Redhat 2 Powerpc-utils, Enterprise Linux 2025-04-12 N/A
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
CVE-2014-1502 5 Mozilla, Opensuse, Opensuse Project and 2 more 8 Firefox, Seamonkey, Opensuse and 5 more 2025-04-12 N/A
The (1) WebGL.compressedTexImage2D and (2) WebGL.compressedTexSubImage2D functions in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to bypass the Same Origin Policy and render content in a different domain via unspecified vectors.
CVE-2015-2908 1 Mobile Devices 1 C4 Obd-ii Dongle Firmware 2025-04-12 N/A
Mobile Devices (aka MDI) C4 OBD-II dongles with firmware 2.x and 3.4.x, as used in Metromile Pulse and other products, do not validate firmware updates, which allows remote attackers to execute arbitrary code by specifying an update server.
CVE-2014-0364 2 Igniterealtime, Redhat 4 Smack, Jboss Bpms, Jboss Brms and 1 more 2025-04-12 N/A
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.