Search Results (26432 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-8832 1 Apple 1 Mac Os X 2025-04-12 N/A
The indexing functionality in Spotlight in Apple OS X before 10.10.2 writes memory contents to an external hard drive, which allows local users to obtain sensitive information by reading from this drive.
CVE-2014-9060 1 Moodle 1 Moodle 2025-04-12 N/A
The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers to trigger the generation of arbitrary messages via a modified URL, related to mod/lti/locallib.php and mod/lti/return.php.
CVE-2015-4217 1 Cisco 3 Content Security Management Virtual Appliance, Email Security Virtual Appliance, Web Security Virtual Appliance 2025-04-12 N/A
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.
CVE-2015-4321 1 Cisco 1 Adaptive Security Appliance Software 2025-04-12 N/A
The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to an internal interface but is also in the ASA routing table, which allows remote attackers to bypass uRPF validation via spoofed packets, aka Bug ID CSCuv60724.
CVE-2015-6418 1 Cisco 7 Rv016 Multi-wan Vpn Firmware, Rv042 Dual Wan Vpn Router Firmware, Rv042g Dual Gigabit Wan Vpn Firmware and 4 more 2025-04-12 N/A
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224.
CVE-2015-6419 1 Cisco 1 Firesight System Software 2025-04-12 N/A
Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410.
CVE-2015-6428 1 Cisco 1 Dpq3925 8x4 Docsis 3.0 Wireless Residential Gateway With Embedded Digital Voice Adapter 2025-04-12 N/A
Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958.
CVE-2014-9354 1 Netapp 1 Oncommand Balance 2025-04-12 N/A
NetApp OnCommand Balance before 4.2P3 allows local users to obtain sensitive information via unspecified vectors related to cleartext storage.
CVE-2014-9371 1 Zohocorp 1 Manageengine Desktop Central 2025-04-12 N/A
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.
CVE-2015-3726 1 Apple 1 Iphone Os 2025-04-12 N/A
The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.
CVE-2015-4503 1 Mozilla 1 Firefox 2025-04-12 N/A
The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application.
CVE-2016-3087 1 Apache 1 Struts 2025-04-12 N/A
Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when Dynamic Method Invocation is enabled, allow remote attackers to execute arbitrary code via vectors related to an ! (exclamation mark) operator to the REST Plugin.
CVE-2015-3876 1 Google 1 Android 2025-04-12 N/A
libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file.
CVE-2014-0239 1 Samba 1 Samba 2025-04-12 N/A
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged response packet that triggers a communication loop, a related issue to CVE-1999-0103.
CVE-2015-4928 2 Apache, Ibm 2 Ambari, Infosphere Biginsights 2025-04-12 N/A
Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive information by reading password fields.
CVE-2015-1096 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
CVE-2015-1097 1 Apple 2 Iphone Os, Tvos 2025-04-12 N/A
IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app.
CVE-2015-1102 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via unspecified vectors.
CVE-2015-1105 1 Apple 3 Iphone Os, Mac Os X, Tvos 2025-04-12 N/A
The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows remote attackers to cause a denial of service via crafted packets.
CVE-2015-4945 1 Ibm 1 Maximo Anywhere 2025-04-12 N/A
Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a crafted application.