Export limit exceeded: 364947 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364947 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364947 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-0247 4 Canonical, Debian, E2fsprogs Project and 1 more 4 Ubuntu Linux, Debian Linux, E2fsprogs and 1 more 2025-04-12 N/A
Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image.
CVE-2015-0248 5 Apache, Apple, Opensuse and 2 more 10 Subversion, Xcode, Opensuse and 7 more 2025-04-12 N/A
The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.
CVE-2015-0251 5 Apache, Apple, Opensuse and 2 more 10 Subversion, Xcode, Opensuse and 7 more 2025-04-12 N/A
The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.
CVE-2015-0253 4 Apache, Apple, Oracle and 1 more 6 Http Server, Mac Os X, Mac Os X Server and 3 more 2025-04-12 N/A
The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.
CVE-2015-0254 3 Apache, Canonical, Redhat 5 Standard Taglibs, Ubuntu Linux, Enterprise Linux and 2 more 2025-04-12 N/A
Apache Standard Taglibs before 1.2.3 allows remote attackers to execute arbitrary code or conduct external XML entity (XXE) attacks via a crafted XSLT extension in a (1) <x:parse> or (2) <x:transform> JSTL XML tag.
CVE-2015-0252 4 Apache, Debian, Fedoraproject and 1 more 4 Xerces-c\+\+, Debian Linux, Fedora and 1 more 2025-04-12 N/A
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
CVE-2015-0257 1 Redhat 2 Enterprise Virtualization Manager, Rhev Manager 2025-04-12 N/A
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.
CVE-2015-0259 2 Openstack, Redhat 2 Nova, Openstack 2025-04-12 N/A
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.
CVE-2015-0260 2 Kallithea-scm, Rhodecode 2 Kallithea, Rhodecode Enterprise 2025-04-12 N/A
RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method.
CVE-2015-0263 2 Apache, Redhat 6 Camel, Jboss Amq, Jboss Bpms and 3 more 2025-04-12 N/A
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
CVE-2015-0264 2 Apache, Redhat 6 Camel, Jboss Amq, Jboss Bpms and 3 more 2025-04-12 N/A
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
CVE-2015-0265 1 Apache 1 Ranger 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header.
CVE-2015-0266 1 Apache 1 Ranger 2025-04-12 N/A
The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote authenticated users to bypass intended access restrictions via direct access to module URLs.
CVE-2015-0267 1 Redhat 2 Enterprise Linux, Kexec-tools 2025-04-12 N/A
The Red Hat module-setup.sh script for kexec-tools, as distributed in the kexec-tools before 2.0.7-19 packages in Red Hat Enterprise Linux, allows local users to write to arbitrary files via a symlink attack on a temporary file.
CVE-2015-0268 1 Xen 1 Xen 2025-04-12 N/A
The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (host crash) by writing an invalid value to the GICD.SGIR register.
CVE-2015-0271 1 Redhat 1 Openstack 2025-04-12 N/A
The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path.
CVE-2015-0272 5 Canonical, Gnome, Oracle and 2 more 10 Ubuntu Linux, Networkmanager, Linux and 7 more 2025-04-12 N/A
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
CVE-2015-0274 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Enterprise Mrg 2025-04-12 N/A
The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access.
CVE-2015-0275 3 Linux, Oracle, Redhat 5 Linux Kernel, Linux, Enterprise Linux and 2 more 2025-04-12 N/A
The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.
CVE-2015-0277 2 Picketlink, Redhat 2 Picketlink, Jboss Enterprise Application Platform 2025-04-12 N/A
The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion.