Export limit exceeded: 366372 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366372 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3626 | 1 Fortinet | 1 Fortios | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary web script or HTML via a crafted hostname. | ||||
| CVE-2015-3627 | 2 Docker, Redhat | 3 Docker, Libcontainer, Rhel Extras Other | 2025-04-12 | N/A |
| Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. | ||||
| CVE-2015-3628 | 1 F5 | 18 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 15 more | 2025-04-12 | N/A |
| The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6, BIG-IP PSM 11.3.0 through 11.4.1, Enterprise Manager 3.1.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote authenticated users with the "Resource Administrator" role to gain privileges via an iCall (1) script or (2) handler in a SOAP request to iControl/iControlPortal.cgi. | ||||
| CVE-2015-3629 | 3 Docker, Opensuse, Redhat | 3 Libcontainer, Opensuse, Rhel Extras Other | 2025-04-12 | 7.8 High |
| Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount namespace breakout") and write to arbitrary file on the host system via a symlink attack in an image when respawning a container. | ||||
| CVE-2015-3630 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2025-04-12 | N/A |
| Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /proc/latency_stats, and (4) /proc/fs, which allows local users to modify the host, obtain sensitive information, and perform protocol downgrade attacks via a crafted image. | ||||
| CVE-2015-3675 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. | ||||
| CVE-2015-3631 | 2 Docker, Redhat | 2 Docker, Rhel Extras Other | 2025-04-12 | N/A |
| Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and docker_t policies via an image that allows volumes to override files in /proc. | ||||
| CVE-2015-3632 | 1 Foxitsoftware | 3 Enterprise Reader, Foxit Reader, Phantompdf | 2025-04-12 | N/A |
| Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. | ||||
| CVE-2015-3633 | 1 Foxitsoftware | 3 Enterprise Reader, Foxit Reader, Phantompdf | 2025-04-12 | N/A |
| Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. | ||||
| CVE-2015-3636 | 4 Canonical, Debian, Linux and 1 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2025-04-12 | N/A |
| The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. | ||||
| CVE-2015-3676 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app. | ||||
| CVE-2015-3644 | 1 Stunnel | 1 Stunnel | 2025-04-12 | N/A |
| Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication. | ||||
| CVE-2015-3646 | 2 Openstack, Oracle | 2 Keystone, Solaris | 2025-04-12 | N/A |
| OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. | ||||
| CVE-2015-3647 | 1 Wppa.opajaap | 1 Wp-photo-album-plus | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) comemail or (2) comname parameter in a wppa do-comment action. | ||||
| CVE-2015-3648 | 1 Montala | 1 Resourcespace | 2025-04-12 | N/A |
| Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter. | ||||
| CVE-2015-3650 | 1 Vmware | 3 Horizon View Client, Player, Workstation | 2025-04-12 | N/A |
| vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread. | ||||
| CVE-2015-3658 | 1 Apple | 3 Iphone Os, Mac Os X, Safari | 2025-04-12 | N/A |
| The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects during decisions about sending an Origin header, which makes it easier for remote attackers to bypass CSRF protection mechanisms via a crafted web site. | ||||
| CVE-2015-3659 | 1 Apple | 3 Iphone Os, Mac Os X, Safari | 2025-04-12 | N/A |
| The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict access to SQL functions, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site. | ||||
| CVE-2015-3660 | 1 Apple | 1 Safari | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content. | ||||
| CVE-2015-3661 | 1 Apple | 2 Mac Os X, Quicktime | 2025-04-12 | N/A |
| QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability than CVE-2015-3662, CVE-2015-3663, CVE-2015-3666, CVE-2015-3667, and CVE-2015-3668. | ||||