Total
9593 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-4209 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | N/A |
| Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and then sending a calendar request for each one, aka Bug ID CSCur23913. | ||||
| CVE-2015-4208 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | N/A |
| Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398. | ||||
| CVE-2015-4207 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | N/A |
| Cisco WebEx Meeting Center places a meeting's access number in a URL, which allows remote attackers to obtain sensitive information and bypass intended attendance restrictions by visiting a meeting-registration page, aka Bug ID CSCus62147. | ||||
| CVE-2015-4202 | 1 Cisco | 2 Ios, Ubr10000 Cable Modem Termination System | 2025-04-12 | N/A |
| Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems (CMTS) does not properly restrict access to the IP Detail Record (IPDR) service, which allows remote attackers to obtain potentially sensitive MAC address and network-utilization information via crafted IPDR packets, aka Bug ID CSCua39203. | ||||
| CVE-2015-4194 | 1 Cisco | 1 Webex Meeting Center | 2025-04-12 | N/A |
| The web-based administrative interface in Cisco WebEx Meeting Center provides different error messages for failed login attempts depending on whether the username exists or corresponds to a privileged account, which allows remote attackers to enumerate account names and obtain sensitive information via a series of requests, aka Bug ID CSCuf28861. | ||||
| CVE-2015-4171 | 3 Canonical, Debian, Strongswan | 4 Ubuntu Linux, Debian Linux, Strongswan and 1 more | 2025-04-12 | N/A |
| strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication restrictions until the entire authentication process is complete, which allows remote servers to obtain credentials by using a valid certificate and then reading the responses. | ||||
| CVE-2015-4214 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | N/A |
| Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050. | ||||
| CVE-2015-5853 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors. | ||||
| CVE-2015-4077 | 1 Fortinet | 1 Forticlient | 2025-04-12 | N/A |
| The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C ioctl call. | ||||
| CVE-2015-4069 | 1 Arcserve | 1 Arcserve Unified Data Protection | 2025-04-12 | N/A |
| The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 allows remote attackers to obtain sensitive credentials via a crafted SOAP request to the (1) getBackupPolicy or (2) getBackupPolicies method. | ||||
| CVE-2015-4053 | 2 Ceph, Redhat | 2 Ceph-deploy, Ceph Storage | 2025-04-12 | N/A |
| The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | ||||
| CVE-2015-3978 | 1 Sap | 1 Sybase Unwired Platform Online Data Proxy | 2025-04-12 | N/A |
| SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. | ||||
| CVE-2015-3969 | 1 Janitza | 5 Umg 508, Umg 509, Umg 511 and 2 more | 2025-04-12 | N/A |
| Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235. | ||||
| CVE-2015-3995 | 1 Sap | 1 Hana | 2025-04-12 | N/A |
| SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. | ||||
| CVE-2015-3951 | 1 Rle | 2 Nova-wind Turbine Hmi, Nova-wind Turbine Hmi Firmware | 2025-04-12 | N/A |
| RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-3943 | 1 Advantech | 1 Webaccess | 2025-04-12 | N/A |
| Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about e-mail project accounts via unspecified vectors. | ||||
| CVE-2015-3923 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2025-04-12 | N/A |
| Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full path in the folder parameter to minibrowser.php. | ||||
| CVE-2015-3912 | 1 Huawei | 3 E355s Mobile Wifi, E355s Mobile Wifi Firmware, Webui | 2025-04-12 | N/A |
| Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sending unspecified commands. | ||||
| CVE-2015-3784 | 1 Apple | 6 Iphone Os, Iwork, Keynote and 3 more | 2025-04-12 | N/A |
| Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2015-3782 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. | ||||