Search Results (2329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4262 1 Cisco 1 Unified Meetingplace Web Conferencing 2025-04-12 N/A
The password-change feature in Cisco Unified MeetingPlace Web Conferencing before 8.5(5) MR3 and 8.6 before 8.6(2) does not check the session ID or require entry of the current password, which allows remote attackers to reset arbitrary passwords via a crafted HTTP request, aka Bug ID CSCuu51839.
CVE-2015-4196 1 Cisco 1 Unified Communications Domain Manager 2025-04-12 N/A
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.
CVE-2015-4112 1 Blackberry 1 Enterprise Server 2025-04-12 N/A
The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site, related to a "cross frame scripting" issue.
CVE-2015-3996 1 Afnetworking Project 1 Afnetworking 2025-04-12 N/A
The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2015-3974 1 Easyio 2 Easyio-30p-sf, Easyio-30p-sf Firmware 2025-04-12 N/A
EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a hardcoded password, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2015-3973 1 Janitza 5 Umg 508, Umg 509, Umg 511 and 2 more 2025-04-12 N/A
Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token values.
CVE-2015-3972 1 Janitza 5 Umg 508, Umg 509, Umg 511 and 2 more 2025-04-12 N/A
The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2015-3968 1 Janitza 5 Umg 508, Umg 509, Umg 511 and 2 more 2025-04-12 N/A
The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21.
CVE-2015-3230 2 Fedoraproject, Redhat 2 389 Directory Server, Enterprise Linux 2025-04-12 N/A
389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified impact by requesting to use a disabled cipher.
CVE-2015-2362 1 Microsoft 4 Windows 8, Windows 8.1, Windows Server 2008 and 1 more 2025-04-12 N/A
Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V System Data Structure Vulnerability."
CVE-2015-1950 1 Ibm 1 Powervc 2025-04-12 N/A
IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain PowerVC credentials and bypass intended access restrictions via unspecified Python code.
CVE-2015-1842 1 Redhat 2 Openstack, Openstack-installer 2025-04-12 N/A
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
CVE-2015-1796 2 Redhat, Shibboleth 4 Jboss Amq, Jboss Fuse, Identity Provider and 1 more 2025-04-12 N/A
The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) before 2.6.5 trust candidate X.509 credentials when no trusted names are available for the entityID, which allows remote attackers to impersonate an entity via a certificate issued by a shibmd:KeyAuthority trust anchor.
CVE-2015-1793 2 Openssl, Oracle 4 Openssl, Jd Edwards Enterpriseone Tools, Opus 10g Ethernet Switch Family and 1 more 2025-04-12 N/A
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
CVE-2015-1774 6 Apache, Canonical, Debian and 3 more 9 Openoffice, Ubuntu Linux, Debian Linux and 6 more 2025-04-12 N/A
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.
CVE-2015-0201 2 Pivotal Software, Vmware 2 Spring Framework, Spring Framework 2025-04-12 N/A
The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.
CVE-2015-0127 1 Ibm 1 Leads 2025-04-12 N/A
IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks via a crafted web site.
CVE-2015-0084 1 Microsoft 7 Windows 7, Windows 8, Windows 8.1 and 4 more 2025-04-12 N/A
The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka "Task Scheduler Security Feature Bypass Vulnerability."
CVE-2014-9793 1 Google 1 Android 2025-04-12 N/A
platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567.
CVE-2014-9736 1 Gehealthcare 1 Centricity Clinical Archive Audit Trail Repository 2025-04-12 N/A
GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password of initinit for the (1) SSL key manager and (2) server keystore; (3) keystore_password for the server truststore; and atna for the (4) primary storage database and (5) archive storage database, which has unspecified impact and attack vectors.