Search Results (26302 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6409 1 Cisco 1 Jabber 2025-04-12 N/A
Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.
CVE-2016-0242 1 Ibm 1 Security Guardium 2025-04-12 N/A
IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message.
CVE-2014-2519 1 Emc 1 Recoverpoint Appliance 2025-04-12 N/A
The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 before 4.1.0.1 does not enable a firewall, which allows remote attackers to obtain potentially sensitive information about open ports, or cause a denial of service, by sending packets to many ports.
CVE-2015-1043 1 Vmware 3 Fusion, Player, Workstation 2025-04-12 N/A
The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a guest OS denial of service via unspecified vectors.
CVE-2014-0923 1 Ibm 2 Messagesight, Messagesight Jms Client 2025-04-12 N/A
IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote attackers to cause a denial of service (daemon restart) via crafted MQ Telemetry Transport (MQTT) authentication data.
CVE-2015-6410 1 Cisco 1 Telepresence Video Communication Server Software 2025-04-12 N/A
The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-reception and call-setup restrictions by spoofing a user, aka Bug ID CSCuu97283.
CVE-2015-6411 1 Cisco 1 Secure Firewall Management Center 2025-04-12 N/A
Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by reading an unspecified field, aka Bug ID CSCux37061.
CVE-2014-0633 1 Emc 1 Vplex Geosynchrony 2025-04-12 N/A
The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.
CVE-2014-2523 3 Canonical, Linux, Redhat 6 Ubuntu Linux, Linux Kernel, Enterprise Linux and 3 more 2025-04-12 N/A
net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.
CVE-2014-0634 1 Emc 1 Vplex Geosynchrony 2025-04-12 N/A
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
CVE-2015-6428 1 Cisco 1 Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter 2025-04-12 N/A
Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958.
CVE-2016-6305 1 Openssl 1 Openssl 2025-04-12 N/A
The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 before 1.1.0a allows remote attackers to cause a denial of service (infinite loop) by triggering a zero-length record in an SSL_peek call.
CVE-2016-2145 2 Fedoraproject, Uninett 2 Fedora, Mod Auth Mellon 2025-04-12 N/A
The am_read_post_data function in mod_auth_mellon before 0.11.1 does not check if the ap_get_client_block function returns an error, which allows remote attackers to cause a denial of service (segmentation fault and process crash) via a crafted POST data.
CVE-2014-3707 7 Apple, Canonical, Debian and 4 more 7 Mac Os X, Ubuntu Linux, Debian Linux and 4 more 2025-04-12 N/A
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information.
CVE-2015-1049 1 Siemens 10 Scalance X-200 Series Firmware, Scalance X201-3p Irt Pro, Scalance X201-3pirt and 7 more 2025-04-12 N/A
The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors.
CVE-2015-6426 1 Cisco 1 Prime Network Services Controller 2025-04-12 N/A
Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CSCus99427.
CVE-2015-6469 1 Ibc Solar 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ 2025-04-12 N/A
The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors.
CVE-2015-6471 1 Eaton 1 Proview 2025-04-12 N/A
Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data.
CVE-2014-4362 1 Apple 1 Iphone Os 2025-04-12 N/A
The Sandbox Profiles implementation in Apple iOS before 8 does not properly restrict the third-party app sandbox profile, which allows attackers to obtain sensitive Apple ID information via a crafted app.
CVE-2015-6474 1 Ibc Solar 2 Danfoss Tlx Pro\+, Servemaster Tlp\+ 2025-04-12 N/A
IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code.