Export limit exceeded: 364872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 26342 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26342 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-0043 1 Microsoft 4 Windows 10, Windows Server 2008, Windows Server 2012 and 1 more 2025-04-20 N/A
Active Directory Federation Services in Microsoft Windows 10 1607, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 Gold and R2, and Windows Server 2016 allows local users to obtain sensitive information via a crafted application, aka "Microsoft Active Directory Federation Services Information Disclosure Vulnerability."
CVE-2017-0033 1 Microsoft 2 Edge, Internet Explorer 2025-04-20 N/A
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069.
CVE-2017-0027 1 Microsoft 3 Excel, Office Compatibility Pack, Sharepoint Server 2025-04-20 N/A
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
CVE-2015-0783 1 Novell 1 Zenworks Configuration Management 2025-04-20 N/A
The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable.
CVE-2016-9459 2 Nextcloud, Owncloud 2 Nextcloud Server, Owncloud 2025-04-20 N/A
Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a log pollution vulnerability potentially leading to a local XSS. The download log functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the browser as an HTML document. Thus any injected data in the log would be executed.
CVE-2016-9414 1 Mybb 2 Merge System, Mybb 2025-04-20 N/A
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allow remote attackers to obtain sensitive information by leveraging missing directory listing protection in upload directories.
CVE-2016-9411 1 Mybb 2 Merge System, Mybb 2025-04-20 N/A
The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 allows remote attackers to obtain the installation path via vectors involving sending mails.
CVE-2016-9410 1 Mybb 2 Merge System, Mybb 2025-04-20 N/A
MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before 1.8.7 might allow remote attackers to obtain sensitive database information via vectors involving templates.
CVE-2016-9395 1 Jasper Project 1 Jasper 2025-04-20 N/A
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2016-9394 2 Jasper Project, Redhat 2 Jasper, Enterprise Linux 2025-04-20 N/A
The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 allows remote attackers to cause a denial of service (assertion failure) via a crafted file.
CVE-2015-1027 1 Percona 2 Toolkit, Xtrabackup 2025-04-20 N/A
The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HTTP downgrade attacks and Man In The Middle attacks in which the server response could be modified to allow the attacker to respond with modified command payload and have the client return additional running configuration information leading to an information disclosure of running configuration of MySQL.
CVE-2016-9384 1 Xen 1 Xen 2025-04-20 N/A
Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.
CVE-2016-9380 2 Citrix, Xen 2 Xenserver, Xen 2025-04-20 N/A
The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.
CVE-2016-9349 1 Advantech 1 Susiaccess 2025-04-20 N/A
An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.
CVE-2016-9317 1 Libgd 1 Libgd 2025-04-20 N/A
The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.
CVE-2016-9314 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2025-04-20 N/A
Sensitive Information Disclosure in com.trend.iwss.gui.servlet.ConfigBackup in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allows authenticated, remote users with least privileges to backup the system configuration and download it onto their local machine. This backup file contains sensitive information like passwd/shadow files, RSA certificates, Private Keys and Default Passphrase, etc. This was resolved in Version 6.5 CP 1737.
CVE-2016-9278 1 Samsung 1 Exynos Fimg2d Driver 2025-04-20 N/A
The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736.
CVE-2016-9253 1 F5 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more 2025-04-20 N/A
In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic patterns may cause a disruption of service for virtual servers configured to use the websocket profile.
CVE-2016-9263 1 Wordpress 1 Wordpress 2025-04-20 N/A
WordPress through 4.8.2, when domain-based flashmediaelement.swf sandboxing is not used, allows remote attackers to conduct cross-domain Flash injection (XSF) attacks by leveraging code contained within the wp-includes/js/mediaelement/flashmediaelement.swf file.
CVE-2016-9249 1 F5 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 7 more 2025-04-20 N/A
An undisclosed traffic pattern received by a BIG-IP Virtual Server with TCP Fast Open enabled may cause the Traffic Management Microkernel (TMM) to restart, resulting in a Denial-of-Service (DoS).