Export limit exceeded: 10347 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10182 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10182 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4219 | 1 Cisco | 2 Identity Services Engine Software, Secure Access Control System | 2025-04-12 | N/A |
| Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before 5.5(0.46) and Cisco Identity Services Engine 1.0(4.573) do not properly implement access control for support bundles, which allows remote authenticated users to obtain sensitive information via brute-force attempts to send valid credentials, aka Bug IDs CSCue00833 and CSCub40331. | ||||
| CVE-2015-4229 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| The web framework in Cisco Unified Communications Domain Manager 8.1(4)ER1 allows remote attackers to obtain sensitive information by visiting a bvsmweb URL, aka Bug ID CSCuq22589. | ||||
| CVE-2015-4263 | 1 Cisco | 1 Mobility Services Engine | 2025-04-12 | N/A |
| The Control and Provisioning functionality in Cisco Mobility Services Engine (MSE) 10.0(0.1) allows remote authenticated users to obtain sensitive information by reading log files, aka Bug ID CSCut36851. | ||||
| CVE-2015-4295 | 1 Cisco | 1 Unified Communications Manager | 2025-04-12 | N/A |
| The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecified URL, aka Bug ID CSCuv21819. | ||||
| CVE-2015-4308 | 1 Cisco | 1 Edge Bluebird Operating System | 2025-04-12 | N/A |
| The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka Bug ID CSCuu43968. | ||||
| CVE-2015-4314 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | N/A |
| The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the snapshot file, aka Bug ID CSCuv40422. | ||||
| CVE-2015-4320 | 1 Cisco | 1 Telepresence Video Communication Server Software | 2025-04-12 | N/A |
| The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340. | ||||
| CVE-2015-4334 | 1 Symantec | 1 Proxysg Firmware | 2025-04-12 | N/A |
| The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when used in an explicit proxy deployment, which makes it easier for remote attackers to obtain sensitive information via a 407 (aka Proxy Authentication Required) HTTP status code, as demonstrated when using NTLM authentication. | ||||
| CVE-2015-4345 | 1 Restful Web Services Project | 1 Restful Web Services | 2025-04-12 | N/A |
| The RESTWS Basic Auth submodule in the RESTful Web Services module 7.x-1.x before 7.x-1.5 and 7.x-2.x before 7.x-2.3 for Drupal caches pages for authenticated requests, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-4375 | 1 Chaos Tool Suite Project | 1 Ctools | 2025-04-12 | N/A |
| The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access query tag or (2) leveraging knowledge of the ID of an entity. | ||||
| CVE-2015-4395 | 1 Hybridauth Social Login Project | 1 Hybridauth Social Login | 2025-04-12 | N/A |
| The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal stores passwords in plaintext when the "Ask user for a password when registering" option is enabled, which allows remote authenticated users with certain permissions to obtain sensitive information by leveraging access to the database. | ||||
| CVE-2015-4543 | 1 Emc | 1 Rsa Archer Grc | 2025-04-12 | N/A |
| EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database fields. | ||||
| CVE-2015-4449 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, and CVE-2015-5092. | ||||
| CVE-2015-4450 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2014-8450, CVE-2015-4449, CVE-2015-5088, CVE-2015-5089, and CVE-2015-5092. | ||||
| CVE-2015-4478 | 4 Canonical, Mozilla, Opensuse and 1 more | 4 Ubuntu Linux, Firefox, Opensuse and 1 more | 2025-04-12 | N/A |
| Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin Policy via the reviver parameter to the JSON.parse method. | ||||
| CVE-2015-4494 | 1 Mozilla | 1 Firefox Os | 2025-04-12 | N/A |
| Mozilla Firefox OS before 2.2 does not require the wifi-manage privilege for reading a Wi-Fi system message, which allows attackers to obtain potentially sensitive information via a crafted app. | ||||
| CVE-2015-4503 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows remote TCP servers to obtain sensitive information from process memory by reading packet data, as demonstrated by availability of this API in a Firefox OS application. | ||||
| CVE-2015-4504 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and application crash) via crafted attributes in the ICC 4 profile of an image. | ||||
| CVE-2015-4512 | 2 Linux, Mozilla | 2 Linux Kernel, Firefox | 2025-04-12 | N/A |
| gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface display, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) by using a CANVAS element to trigger 2D rendering. | ||||
| CVE-2015-4515 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM request and reads the Workstation field of an NTLM type 3 message. | ||||