Export limit exceeded: 26332 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26332 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3780 1 Apple 1 Mac Os X 2025-04-12 N/A
The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
CVE-2015-3778 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic.
CVE-2015-3752 2 Apple, Canonical 3 Iphone Os, Safari, Ubuntu Linux 2025-04-12 N/A
The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict cookie transmission for report requests, which allows remote attackers to obtain sensitive information via vectors involving (1) a cross-origin request or (2) a private-browsing request.
CVE-2015-3721 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.
CVE-2015-3455 4 Fedoraproject, Oracle, Redhat and 1 more 5 Fedora, Linux, Solaris and 2 more 2025-04-12 N/A
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
CVE-2015-3182 2 Redhat, Wireshark 2 Enterprise Linux, Wireshark 2025-04-12 N/A
epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
CVE-2015-3184 3 Apache, Apple, Redhat 4 Http Server, Subversion, Xcode and 1 more 2025-04-12 N/A
mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.
CVE-2015-3187 3 Apache, Apple, Redhat 3 Subversion, Xcode, Enterprise Linux 2025-04-12 N/A
The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.
CVE-2015-4053 2 Ceph, Redhat 2 Ceph-deploy, Ceph Storage 2025-04-12 N/A
The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file.
CVE-2015-3193 3 Canonical, Nodejs, Openssl 3 Ubuntu Linux, Node.js, Openssl 2025-04-12 7.5 High
The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and produces incorrect output, which makes it easier for remote attackers to obtain sensitive private-key information via an attack against use of a (1) Diffie-Hellman (DH) or (2) Diffie-Hellman Ephemeral (DHE) ciphersuite.
CVE-2015-4111 1 Blackberry 1 Blackberry Link 2025-04-12 N/A
mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file.
CVE-2015-3411 2 Php, Redhat 9 Php, Enterprise Linux, Enterprise Linux Desktop and 6 more 2025-04-12 N/A
PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls (1) a DOMDocument load method, (2) the xmlwriter_open_uri function, (3) the finfo_file function, or (4) the hash_hmac_file function, as demonstrated by a filename\0.xml attack that bypasses an intended configuration in which client users may read only .xml files.
CVE-2015-3407 2 Canonical, Module-signature Project 2 Ubuntu Linux, Module-signature 2025-04-12 N/A
Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files.
CVE-2015-3201 1 Redhat 2 Rhel Software Collections, Thermostat 2025-04-12 N/A
Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file.
CVE-2015-3202 2 Debian, Fuse Project 2 Debian Linux, Fuse 2025-04-12 N/A
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
CVE-2015-4144 2 Opensuse, W1.fi 3 Opensuse, Hostapd, Wpa Supplicant 2025-04-12 N/A
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
CVE-2015-3323 1 Lenovo 6 Thinkserver Rd350, Thinkserver Rd450, Thinkserver Rd550 and 3 more 2025-04-12 N/A
The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication.
CVE-2015-4194 1 Cisco 1 Webex Meeting Center 2025-04-12 N/A
The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861.
CVE-2015-4996 1 Ibm 1 Rational Clearquest 2025-04-12 N/A
IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors.
CVE-2015-4320 1 Cisco 1 Telepresence Video Communication Server Software 2025-04-12 N/A
The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340.