Search Results (2199 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-2398 1 Comcast 1 Xfinity Home Security System 2025-04-12 N/A
Comcast XFINITY Home Security System does not properly maintain base-station communication, which allows physically proximate attackers to defeat sensor functionality by interfering with ZigBee 2.4 GHz transmissions.
CVE-2015-5267 1 Moodle 1 Moodle 2025-04-12 N/A
lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
CVE-2015-5303 2 Openstack, Redhat 2 Tripleo Heat Templates, Openstack-director 2025-04-12 N/A
The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the default value of the NeutronMetadataProxySharedSecret parameter.
CVE-2015-5306 2 Openstack, Redhat 3 Ironic Inspector, Openstack, Openstack-director 2025-04-12 N/A
OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by triggering an error.
CVE-2015-5331 1 Moodle 1 Moodle 2025-04-12 N/A
Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API.
CVE-2015-5759 1 Apple 1 Iphone Os 2025-04-12 N/A
WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events.
CVE-2015-5833 1 Apple 1 Mac Os X 2025-04-12 N/A
The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.
CVE-2015-5839 1 Apple 3 Iphone Os, Mac Os X, Watchos 2025-04-12 N/A
dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file.
CVE-2015-5850 1 Apple 1 Iphone Os 2025-04-12 N/A
AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup.
CVE-2015-5856 1 Apple 1 Iphone Os 2025-04-12 N/A
The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL.
CVE-2015-5857 1 Apple 1 Iphone Os 2025-04-12 N/A
Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors.
CVE-2015-5900 1 Apple 1 Mac Os X 2025-04-12 N/A
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
CVE-2015-5904 1 Apple 1 Iphone Os 2025-04-12 N/A
Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site.
CVE-2015-5905 1 Apple 1 Iphone Os 2025-04-12 N/A
Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site.
CVE-2015-5943 1 Apple 1 Mac Os X 2025-04-12 N/A
SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app.
CVE-2015-6316 1 Cisco 1 Mobility Services Engine 2025-04-12 N/A
The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501.
CVE-2015-6336 1 Cisco 5 Aironet 1830e, Aironet 1830i, Aironet 1850e and 2 more 2025-04-12 N/A
Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vectors, aka Bug ID CSCuw58062.
CVE-2015-6412 1 Cisco 2 Modular Encoding Platform D9036, Modular Encoding Platform D9036 Software 2025-04-12 N/A
Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070.
CVE-2015-6424 1 Cisco 1 Application Policy Infrastructure Controller 2025-04-12 N/A
The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.
CVE-2015-6427 1 Cisco 1 Firesight System Software 2025-04-12 N/A
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.