Export limit exceeded: 10109 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10109 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2005 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2025-04-12 | N/A |
| IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.5 Patch 6 does not properly expire sessions, which allows remote attackers to obtain sensitive information by leveraging an unattended workstation. | ||||
| CVE-2015-2012 | 1 Ibm | 1 Websphere Mq | 2025-04-12 | N/A |
| The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore password, which allows local users to obtain sensitive information by reading this file. | ||||
| CVE-2015-2018 | 1 Ibm | 2 Integration Bus, Websphere Message Broker | 2025-04-12 | N/A |
| IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.7 do not ensure that the correct security profile is selected, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-2025 | 1 Ibm | 1 Websphere Extreme Scale | 2025-04-12 | N/A |
| IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | ||||
| CVE-2015-2044 | 1 Xen | 1 Xen | 2025-04-12 | N/A |
| The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involving an unsupported access size. | ||||
| CVE-2015-2045 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2025-04-12 | N/A |
| The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-2058 | 1 Jabberd2 | 1 Jabberd2 | 2025-04-12 | N/A |
| c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other unspecified impact via a crafted JID. | ||||
| CVE-2015-2711 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | N/A |
| Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to obtain sensitive information by reading web-server Referer logs that contain private data in a URL, as demonstrated by a private path component. | ||||
| CVE-2015-2718 | 2 Mozilla, Opensuse | 2 Firefox, Opensuse | 2025-04-12 | N/A |
| The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IFRAME element referencing a different web site that is intended to read this data. | ||||
| CVE-2015-2742 | 3 Apple, Mozilla, Oracle | 3 Macos, Firefox, Solaris | 2025-04-12 | N/A |
| Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-reporting data stream. | ||||
| CVE-2015-2748 | 1 Websense | 4 Triton Ap Data, Triton Ap Email, Triton Ap Web and 1 more | 2025-04-12 | N/A |
| Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file. | ||||
| CVE-2015-2762 | 1 Websense | 1 Triton Ap Web | 2025-04-12 | N/A |
| Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. | ||||
| CVE-2015-2771 | 1 Websense | 2 Triton Ap Email, V-series Appliances | 2025-04-12 | N/A |
| The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-2774 | 3 Erlang, Opensuse, Oracle | 3 Erlang\/otp, Opensuse, Solaris | 2025-04-12 | N/A |
| Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes when terminating connections, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE). | ||||
| CVE-2015-2804 | 1 Alcatel-lucent | 7 Omniswitch 6250, Omniswitch 6400, Omniswitch 6450 and 4 more | 2025-04-12 | N/A |
| The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifiers, which allows remote attackers to hijack arbitrary sessions via a brute force attack. | ||||
| CVE-2015-2809 | 1 Synology | 1 Diskstation Manager | 2025-04-12 | N/A |
| The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets to the Avahi component. | ||||
| CVE-2015-2817 | 1 Sap | 1 Netweaver | 2025-04-12 | N/A |
| The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | ||||
| CVE-2015-2855 | 1 Blue Coat | 8 Ssl Visibility Appliance Sv1800, Ssl Visibility Appliance Sv1800 Firmware, Ssl Visibility Appliance Sv2800 and 5 more | 2025-04-12 | N/A |
| The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session, a different vulnerability than CVE-2015-4138. | ||||
| CVE-2015-3373 | 1 Amazon Aws Project | 1 Amazon Aws | 2025-04-12 | N/A |
| The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backups via a crafted URL. | ||||
| CVE-2015-3391 | 1 Path Breadcrumbs Project | 1 Path Breadcrumbs | 2025-04-12 | N/A |
| The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page. | ||||