Export limit exceeded: 366485 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366485 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-3971 | 1 Janitza | 5 Umg 508, Umg 509, Umg 511 and 2 more | 2025-04-12 | N/A |
| The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239. | ||||
| CVE-2015-3972 | 1 Janitza | 5 Umg 508, Umg 509, Umg 511 and 2 more | 2025-04-12 | N/A |
| The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack. | ||||
| CVE-2015-3973 | 1 Janitza | 5 Umg 508, Umg 509, Umg 511 and 2 more | 2025-04-12 | N/A |
| Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token values. | ||||
| CVE-2015-3974 | 1 Easyio | 2 Easyio-30p-sf, Easyio-30p-sf Firmware | 2025-04-12 | N/A |
| EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Accutrol, Bar-Tech Automation, Infocon/EasyIO, Honeywell Automation India, Johnson Controls, SyxthSENSE, Transformative Wave Technologies, Tridium Asia Pacific, and Tridium Europe products, have a hardcoded password, which makes it easier for remote attackers to obtain access via unspecified vectors. | ||||
| CVE-2015-3977 | 1 Schneider-electric | 1 Imt25 Magnetic Flow Dtm | 2025-04-12 | N/A |
| Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol allows remote authenticated users to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HART reply. | ||||
| CVE-2015-3978 | 1 Sap | 1 Sybase Unwired Platform Online Data Proxy | 2025-04-12 | N/A |
| SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. | ||||
| CVE-2015-3979 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | N/A |
| Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | ||||
| CVE-2015-3980 | 1 Sap | 1 Customer Relationship Management | 2025-04-12 | N/A |
| SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | ||||
| CVE-2015-3981 | 1 Sap | 1 Netweaver Rfc Sdk | 2025-04-12 | N/A |
| SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | ||||
| CVE-2015-3982 | 1 Djangoproject | 1 Django | 2025-04-12 | N/A |
| The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key. | ||||
| CVE-2015-3983 | 2 Fedora, Redhat | 2 Pacemaker Configuration System, Enterprise Linux | 2025-04-12 | N/A |
| The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to different vulnerability types. | ||||
| CVE-2015-3986 | 1 Thecartpress | 1 Thecartpress Ecommerce Shopping Cart | 2025-04-12 | N/A |
| Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php. | ||||
| CVE-2015-3987 | 1 Mcafee | 1 Epo Deep Command | 2025-04-12 | N/A |
| Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway in McAfee ePO Deep Command 2.1 and 2.2 before HF 1058831 allow local users to gain privileges via unspecified vectors. | ||||
| CVE-2015-3988 | 3 Openstack, Oracle, Redhat | 3 Horizon, Solaris, Openstack | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. | ||||
| CVE-2015-3989 | 1 Concrete5 | 1 Concrete5 | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to private messages or other unspecified vectors. | ||||
| CVE-2015-3990 | 1 Sonicwall | 4 Analyzer, Global Management System, Uma Em5000 and 1 more | 2025-04-12 | N/A |
| The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2 SP4 allows remote authenticated users to execute arbitrary commands via vectors related to configuration. | ||||
| CVE-2015-3993 | 1 Actian | 1 Matrix | 2025-04-12 | N/A |
| Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table. | ||||
| CVE-2015-3996 | 1 Afnetworking Project | 1 Afnetworking | 2025-04-12 | N/A |
| The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | ||||
| CVE-2015-3999 | 1 Piriform | 1 Ccleaner | 2025-04-12 | N/A |
| Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space. | ||||
| CVE-2015-4001 | 1 Linux | 1 Linux Kernel | 2025-04-12 | 7.5 High |
| Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. | ||||