Search Results (414 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-6174 1 Ibm 1 Websphere Application Server 2025-04-12 N/A
IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site.
CVE-2015-6029 1 Hp 1 Arcsight Logger 2025-04-12 N/A
HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach.
CVE-2014-2224 1 Plogger 1 Plogger 2025-04-12 N/A
Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions.
CVE-2015-2362 1 Microsoft 4 Windows 8, Windows 8.1, Windows Server 2008 and 1 more 2025-04-12 N/A
Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 does not properly initialize guest OS system data structures, which allows guest OS users to execute arbitrary code on the host OS by leveraging guest OS privileges, aka "Hyper-V System Data Structure Vulnerability."
CVE-2015-3729 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote attackers to conduct spoofing attacks via a crafted site.
CVE-2015-3756 1 Apple 1 Iphone Os 2025-04-12 N/A
The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust relationships by completing a dialog.
CVE-2015-3972 1 Janitza 5 Umg 508, Umg 509, Umg 511 and 2 more 2025-04-12 N/A
The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack.
CVE-2015-3996 1 Afnetworking Project 1 Afnetworking 2025-04-12 N/A
The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2015-7812 1 Xen 1 Xen 2025-04-12 N/A
The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface.
CVE-2015-7863 1 Accelerite 1 Radia Client Automation 2025-04-12 N/A
The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions via unspecified vectors.
CVE-2015-8338 1 Xen 1 Xen 2025-04-12 N/A
Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors.
CVE-2016-0240 1 Ibm 1 Security Guardium Database Activity Monitor 2025-04-12 N/A
IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP.
CVE-2016-0266 1 Ibm 2 Aix, Vios 2025-04-12 N/A
IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the latest TLS version, which makes it easier for man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
CVE-2016-0353 1 Ibm 1 Security Privileged Identity Manager 2025-04-12 N/A
IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when Virtual Appliance is used, does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2016-0372 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2025-04-12 N/A
IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Team Concert 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5 do not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
CVE-2016-0824 1 Google 1 Android 2025-04-12 N/A
libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via crafted Bitstream data, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 25765591.
CVE-2016-0825 1 Google 1 Android 2025-04-12 N/A
The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039.
CVE-2016-0832 1 Google 1 Android 2025-04-12 N/A
Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25955042.
CVE-2016-1443 1 Cisco 1 Amp Threat Grid Appliance 2025-04-12 8.1 High
The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample.
CVE-2016-1452 1 Cisco 2 Asr 5000, Asr 5000 Software 2025-04-12 N/A
Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.