Total
10318 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-0683 | 1 Cisco | 1 Unified Communications Domain Manager | 2025-04-12 | N/A |
| Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. | ||||
| CVE-2015-0758 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | N/A |
| The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka Bug ID CSCus97452. | ||||
| CVE-2015-5864 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | ||||
| CVE-2015-0763 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | N/A |
| Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. | ||||
| CVE-2015-0764 | 1 Cisco | 1 Unified Meetingplace | 2025-04-12 | N/A |
| Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. | ||||
| CVE-2015-0800 | 2 Google, Mozilla | 2 Android, Firefox | 2025-04-12 | N/A |
| The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808. | ||||
| CVE-2015-5863 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2025-04-12 | N/A |
| IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. | ||||
| CVE-2015-0822 | 2 Mozilla, Redhat | 4 Firefox, Firefox Esr, Thunderbird and 1 more | 2025-04-12 | N/A |
| The Form Autocompletion feature in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code. | ||||
| CVE-2015-0844 | 2 Fedoraproject, Wesnoth | 2 Fedora, Battle For Wesnoth | 2025-04-12 | N/A |
| The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. | ||||
| CVE-2015-0875 | 1 Okb.co.jp | 1 Smartphone Passbook | 2025-04-12 | N/A |
| The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file. | ||||
| CVE-2015-3981 | 1 Sap | 1 Netweaver Rfc Sdk | 2025-04-12 | N/A |
| SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | ||||
| CVE-2015-0922 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-04-12 | N/A |
| McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password. | ||||
| CVE-2015-0943 | 1 Basware | 1 Banking | 2025-04-12 | N/A |
| Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream. | ||||
| CVE-2015-0988 | 1 Omron | 1 Cx-programmer | 2025-04-12 | N/A |
| Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file. | ||||
| CVE-2015-0992 | 1 Inductiveautomation | 1 Ignition | 2025-04-12 | N/A |
| Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-0996 | 2 Aveva, Schneider-electric | 2 Aveva Edge, Wonderware Intouch 2014 | 2025-04-12 | N/A |
| Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project files and Project Configuration files, which makes it easier for local users to obtain sensitive information by discovering this password. | ||||
| CVE-2015-1000007 | 1 Wptf-image-gallery Project | 1 Wptf-image-gallery | 2025-04-12 | N/A |
| Remote file download vulnerability in wptf-image-gallery v1.03 | ||||
| CVE-2015-1000012 | 1 Mypixs Project | 1 Mypixs | 2025-04-12 | N/A |
| Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin | ||||
| CVE-2015-1005 | 1 Ininet Solutions | 1 Scada Web Server | 2025-04-12 | N/A |
| IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | ||||
| CVE-2015-5860 | 1 Apple | 2 Iphone Os, Watchos | 2025-04-12 | N/A |
| The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafted web site. | ||||