Export limit exceeded: 366299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366299 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3225 | 4 Debian, Opensuse, Rack Project and 1 more | 6 Debian Linux, Opensuse, Rack and 3 more | 2025-04-12 | N/A |
| lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.x and other products, allows remote attackers to cause a denial of service (SystemStackError) via a request with a large parameter depth. | ||||
| CVE-2015-3226 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2025-04-12 | N/A |
| Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a crafted Hash that is mishandled during JSON encoding. | ||||
| CVE-2015-3227 | 2 Opensuse, Rubyonrails | 2 Opensuse, Rails | 2025-04-12 | N/A |
| The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2.x before 4.2.2, when JDOM or REXML is enabled, allow remote attackers to cause a denial of service (SystemStackError) via a large XML document depth. | ||||
| CVE-2015-3228 | 1 Artifex | 1 Afpl Ghostscript | 2025-04-12 | N/A |
| Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file, as demonstrated by using the ps2pdf command, which triggers an out-of-bounds read or write. | ||||
| CVE-2015-3230 | 2 Fedoraproject, Redhat | 2 389 Directory Server, Enterprise Linux | 2025-04-12 | N/A |
| 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher. | ||||
| CVE-2015-3231 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
| The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache. | ||||
| CVE-2015-3232 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
| Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destinations parameter. | ||||
| CVE-2015-3233 | 1 Drupal | 1 Drupal | 2025-04-12 | N/A |
| Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | ||||
| CVE-2015-3234 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2025-04-12 | N/A |
| The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by the Verisign, LiveJournal, and StackExchange providers. | ||||
| CVE-2015-3235 | 2 Redhat, Theforeman | 3 Satellite, Satellite Capsule, Foreman | 2025-04-12 | N/A |
| Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit administrator users and change their passwords via unspecified vectors. | ||||
| CVE-2015-3236 | 1 Haxx | 2 Curl, Libcurl | 2025-04-12 | N/A |
| cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-3237 | 3 Haxx, Hp, Oracle | 5 Curl, Libcurl, System Management Homepage and 2 more | 2025-04-12 | N/A |
| The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. | ||||
| CVE-2015-3238 | 3 Linux-pam, Oracle, Redhat | 3 Linux-pam, Sparc-opl Service Processor, Enterprise Linux | 2025-04-12 | N/A |
| The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password. | ||||
| CVE-2015-3239 | 2 Libunwind Project, Redhat | 2 Libunwind, Openstack | 2025-04-12 | N/A |
| Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. | ||||
| CVE-2015-3240 | 2 Libreswan, Redhat | 2 Libreswan, Enterprise Linux | 2025-04-12 | N/A |
| The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero DH g^x value in a KE payload in a IKE packet. | ||||
| CVE-2015-3241 | 2 Openstack, Redhat | 2 Nova, Openstack | 2025-04-12 | N/A |
| OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of service (disk, network, and other resource consumption) by resizing and then deleting an instance. | ||||
| CVE-2015-3244 | 1 Redhat | 1 Jboss Enterprise Portal Platform | 2025-04-12 | N/A |
| The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID. | ||||
| CVE-2015-3247 | 2 Redhat, Spice Project | 6 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 3 more | 2025-04-12 | N/A |
| Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. | ||||
| CVE-2015-3246 | 1 Redhat | 2 Enterprise Linux, Libuser | 2025-04-12 | N/A |
| libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges. | ||||
| CVE-2015-3251 | 1 Apache | 1 Cloudstack | 2025-04-12 | N/A |
| Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API calls. | ||||