Search Results (2329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3693 1 Apple 1 Mac Os X 2025-04-12 N/A
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
CVE-2015-4196 1 Cisco 1 Unified Communications Domain Manager 2025-04-12 N/A
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.
CVE-2015-4319 1 Cisco 1 Telepresence Video Communication Server Software 2025-04-12 N/A
The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authenticated users to reset arbitrary active-user passwords via unspecified vectors, aka Bug ID CSCuv12338.
CVE-2015-5178 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Wildfly Application Server 2025-04-12 N/A
The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web page that contains a (1) FRAME or (2) IFRAME element.
CVE-2015-5207 1 Apache 1 Cordova 2025-04-12 N/A
Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.
CVE-2015-5267 1 Moodle 1 Moodle 2025-04-12 N/A
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
CVE-2015-5303 2 Openstack, Redhat 2 Tripleo Heat Templates, Openstack-director 2025-04-12 N/A
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
CVE-2015-5331 1 Moodle 1 Moodle 2025-04-12 N/A
Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.
CVE-2015-5833 1 Apple 1 Mac Os X 2025-04-12 N/A
The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.
CVE-2014-0920 1 Ibm 1 Spss Analytic Server 2025-04-12 N/A
IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2015-5839 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.
CVE-2015-5850 1 Apple 1 Iphone Os 2025-04-12 N/A
AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.
CVE-2015-5856 1 Apple 1 Iphone Os 2025-04-12 N/A
The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL.
CVE-2015-5857 1 Apple 1 Iphone Os 2025-04-12 N/A
Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.
CVE-2015-5900 1 Apple 1 Mac Os X 2025-04-12 N/A
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
CVE-2015-5904 1 Apple 1 Iphone Os 2025-04-12 N/A
Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site.
CVE-2015-5905 1 Apple 1 Iphone Os 2025-04-12 N/A
Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site.
CVE-2014-0694 1 Cisco 1 Cloud Portal 2025-04-12 N/A
Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from an arbitrary IAC installation by leveraging knowledge of this key, aka Bug IDs CSCui34764, CSCui34772, CSCui34776, CSCui34798, CSCui34800, CSCui34805, CSCui34809, CSCui34810, CSCui34813, CSCui34814, and CSCui34818.
CVE-2015-6424 1 Cisco 1 Application Policy Infrastructure Controller 2025-04-12 N/A
The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.
CVE-2015-6427 1 Cisco 1 Firesight System Software 2025-04-12 N/A
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.