Export limit exceeded: 366753 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366753 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-5165 7 Arista, Debian, Fedoraproject and 4 more 25 Eos, Debian Linux, Fedora and 22 more 2025-04-12 N/A
The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors.
CVE-2015-5166 2 Fedoraproject, Xen 2 Fedora, Xen 2025-04-12 N/A
Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not completely unplug emulated block devices, which allows local HVM guest users to gain privileges by unplugging a block device twice.
CVE-2015-5167 1 Apache 1 Ranger 2025-04-12 N/A
The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote authenticated users to bypass intended access restrictions via the REST API.
CVE-2015-5174 4 Apache, Canonical, Debian and 1 more 6 Tomcat, Ubuntu Linux, Debian Linux and 3 more 2025-04-12 N/A
Directory traversal vulnerability in RequestUtil.java in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.65, and 8.x before 8.0.27 allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via a /.. (slash dot dot) in a pathname used by a web application in a getResource, getResourceAsStream, or getResourcePaths call, as demonstrated by the $CATALINA_BASE/webapps directory.
CVE-2015-5176 1 Redhat 2 Jboss Enterprise Portal Platform, Jboss Portal 2025-04-12 N/A
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
CVE-2015-5185 2 Opensuse, Standards Based Linux Instrumentation 2 Opensuse, Sblim-sfcb 2025-04-12 N/A
The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty className in a packet.
CVE-2015-5188 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.CR9 allows remote attackers to hijack the authentication of administrators for requests that make arbitrary changes to an instance via vectors involving a file upload using a multipart/form-data submission.
CVE-2015-5189 2 Pacemaker\/corosync Configuration System Project, Redhat 2 Pacemaker\/corosync Configuration System, Enterprise Linux 2025-04-12 N/A
Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated.
CVE-2015-5190 2 Pacemaker\/corosync Configuration System Project, Redhat 2 Pacemaker\/corosync Configuration System, Enterprise Linux 2025-04-12 N/A
The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL.
CVE-2015-5198 2 Canonical, Libvdpau Project 2 Ubuntu Linux, Libvdpau 2025-04-12 N/A
libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.
CVE-2015-5199 2 Canonical, Libvdpau Project 2 Ubuntu Linux, Libvdpau 2025-04-12 N/A
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.
CVE-2015-5200 2 Canonical, Libvdpau Project 2 Ubuntu Linux, Libvdpau 2025-04-12 N/A
The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.
CVE-2015-5204 1 Apache 1 Cordova File Transfer 2025-04-12 N/A
CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences in the filename of an uploaded file.
CVE-2015-5207 1 Apache 1 Cordova 2025-04-12 N/A
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.
CVE-2015-5208 1 Apache 1 Cordova 2025-04-12 N/A
Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link.
CVE-2015-5210 1 Apache 1 Ambari 2025-04-12 N/A
Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter.
CVE-2015-5212 5 Apache, Canonical, Debian and 2 more 5 Openoffice, Ubuntu Linux, Debian Linux and 2 more 2025-04-12 N/A
Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via crafted PrinterSetup data in an ODF document.
CVE-2015-5213 5 Apache, Canonical, Debian and 2 more 5 Openoffice, Ubuntu Linux, Debian Linux and 2 more 2025-04-12 N/A
Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow.
CVE-2015-5214 5 Apache, Canonical, Debian and 2 more 5 Openoffice, Ubuntu Linux, Debian Linux and 2 more 2025-04-12 N/A
LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via an index to a non-existent bookmark in a DOC file.
CVE-2015-5217 1 Ipsilon Project 1 Ipsilon 2025-04-12 N/A
providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name.