Export limit exceeded: 361611 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8705 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-0875 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2025-04-12 | 7.5 High |
| Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote attackers to read configuration and log files via a crafted URL. | ||||
| CVE-2016-9566 | 2 Nagios, Redhat | 3 Nagios, Openstack, Storage | 2025-04-12 | N/A |
| base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. | ||||
| CVE-2015-6566 | 2 Fedoraproject, Zarafa | 2 Fedora, Zarafa Collaboration Platform | 2025-04-12 | N/A |
| zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | ||||
| CVE-2013-4116 | 1 Node Packaged Modules Project | 1 Node Packaged Modules | 2025-04-12 | N/A |
| lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives. | ||||
| CVE-2014-3209 | 1 Nlnetlabs | 1 Ldns | 2025-04-12 | N/A |
| The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. | ||||
| CVE-2015-5254 | 3 Apache, Fedoraproject, Redhat | 5 Activemq, Fedora, Jboss Amq and 2 more | 2025-04-12 | N/A |
| Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object. | ||||
| CVE-2016-0879 | 1 Moxa | 2 Edr-g903, Edr-g903 Firmware | 2025-04-12 | 7.5 High |
| Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies of configuration and log files after completing the import function, which allows remote attackers to obtain sensitive information by requesting these files at an unspecified URL. | ||||
| CVE-2015-8103 | 2 Jenkins, Redhat | 3 Jenkins, Openshift, Openshift Container Platform | 2025-04-12 | 9.8 Critical |
| The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before 1.625.2 allows remote attackers to execute arbitrary code via a crafted serialized Java object, related to a problematic webapps/ROOT/WEB-INF/lib/commons-collections-*.jar file and the "Groovy variant in 'ysoserial'". | ||||
| CVE-2015-1807 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts. | ||||
| CVE-2016-3096 | 2 Fedoraproject, Redhat | 2 Fedora, Ansible | 2025-04-12 | N/A |
| The create_script function in the lxc_container module in Ansible before 1.9.6-1 and 2.x before 2.0.2.0 allows local users to write to arbitrary files or gain privileges via a symlink attack on (1) /opt/.lxc-attach-script, (2) the archived container in the archive_path directory, or the (3) lxc-attach-script.log or (4) lxc-attach-script.err files in the temporary directory. | ||||
| CVE-2011-3153 | 2 Canonical, Robert Ancell | 2 Ubuntu Linux, Lightdm | 2025-04-12 | N/A |
| dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows local users to read arbitrary files via a symlink attack on ~/.dmrc. | ||||
| CVE-2014-7816 | 2 Microsoft, Redhat | 2 Windows, Undertow | 2025-04-12 | N/A |
| Directory traversal vulnerability in JBoss Undertow 1.0.x before 1.0.17, 1.1.x before 1.1.0.CR5, and 1.2.x before 1.2.0.Beta3, when running on Windows, allows remote attackers to read arbitrary files via a .. (dot dot) in a resource URI. | ||||
| CVE-2011-3154 | 1 Canonical | 2 Ubuntu Linux, Update-manager | 2025-04-12 | N/A |
| DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file content for a user via a symlink attack on the temporary file. | ||||
| CVE-2014-0035 | 2 Apache, Redhat | 7 Cxf, Jboss Amq, Jboss Bpms and 4 more | 2025-04-12 | N/A |
| The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before 2.7.10, when EncryptBeforeSigning is enabled and the UsernameToken policy is set to an EncryptedSupportingToken, transmits the UsernameToken in cleartext, which allows remote attackers to obtain sensitive information by sniffing the network. | ||||
| CVE-2014-0040 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| OpenStack Heat Templates (heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 4.0, uses an HTTP connection to download (1) packages and (2) signing keys from Yum repositories, which allows man-in-the-middle attackers to prevent updates via unspecified vectors. | ||||
| CVE-2016-1000031 | 1 Apache | 1 Commons Fileupload | 2025-04-12 | N/A |
| Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution | ||||
| CVE-2015-0271 | 1 Redhat | 1 Openstack | 2025-04-12 | N/A |
| The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path. | ||||
| CVE-2014-7231 | 2 Openstack, Redhat | 4 Cinder, Nova, Trove and 1 more | 2025-04-12 | N/A |
| The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log. | ||||
| CVE-2023-21771 | 1 Microsoft | 3 Windows 10, Windows 11, Windows Server 2022 | 2025-04-12 | 7 High |
| Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability | ||||
| CVE-2025-0273 | 1 Hcltechsw | 2 Hcl Devops Deploy, Hcl Launch | 2025-04-11 | 5.5 Medium |
| HCL DevOps Deploy / HCL Launch stores potentially sensitive authentication token information in log files that could be read by a local user. | ||||