Search Results (2329 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-3722 1 Apple 1 Iphone Os 2025-04-12 N/A
Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app.
CVE-2016-1616 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The CustomButton::AcceleratorPressed function in ui/views/controls/button/custom_button.cc in Google Chrome before 48.0.2564.82 allows remote attackers to spoof URLs via vectors involving an unfocused custom button.
CVE-2016-5328 2 Apple, Vmware 2 Mac Os X, Tools 2025-04-12 N/A
VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors.
CVE-2016-6531 1 Opendental 1 Opendental 2025-04-12 9.8 Critical
Open Dental 16.1 and earlier has a hardcoded MySQL root password, which allows remote attackers to obtain administrative access by leveraging access to intranet TCP port 3306. NOTE: the vendor disputes this issue, stating that the "vulnerability note ... is factually false ... there is indeed a default blank password, but it can be changed ... We recommend that users change it, each customer receives direction.
CVE-2014-7845 1 Moodle 1 Moodle 2025-04-12 N/A
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which allows remote attackers to obtain access via a brute-force attack.
CVE-2015-1278 4 Debian, Google, Opensuse and 1 more 8 Debian Linux, Chrome, Opensuse and 5 more 2025-04-12 N/A
content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allows remote attackers to spoof URLs via a crafted document, as demonstrated by the alert_dialog.pdf document.
CVE-2015-1281 4 Debian, Google, Opensuse and 1 more 8 Debian Linux, Chrome, Opensuse and 5 more 2025-04-12 N/A
core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.
CVE-2016-5306 1 Symantec 1 Endpoint Protection Manager 2025-04-12 N/A
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445.
CVE-2014-0920 1 Ibm 1 Spss Analytic Server 2025-04-12 N/A
IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs cleartext passwords, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVE-2014-4008 1 Sap 1 Web Services Tool 2025-04-12 N/A
SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
CVE-2015-1297 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.
CVE-2015-3252 1 Apache 1 Cloudstack 2025-04-12 N/A
Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server.
CVE-2014-0890 1 Ibm 1 Sametime 2025-04-12 N/A
The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, 8.5.2.1, 9.0, and 9.0.0.1, when a certain com.ibm.collaboration.realtime.telephony.*.level setting is used, logs cleartext passwords during Audio/Video chat sessions, which allows local users to obtain sensitive information by reading a log file.
CVE-2014-5252 3 Canonical, Openstack, Redhat 3 Ubuntu Linux, Keystone, Openstack 2025-04-12 N/A
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the token expiration and retain access via a verification (1) GET or (2) HEAD request to v3/auth/tokens/.
CVE-2015-7554 2 Libtiff, Redhat 2 Libtiff, Enterprise Linux 2025-04-12 N/A
The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image.
CVE-2015-1842 1 Redhat 2 Openstack, Openstack-installer 2025-04-12 N/A
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
CVE-2014-0645 1 Emc 4 Cloud Tiering Appliance, Cloud Tiering Appliance Software, File Management Appliance and 1 more 2025-04-12 N/A
EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File Management Appliance (FMA) 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack.
CVE-2016-1682 6 Canonical, Debian, Google and 3 more 10 Ubuntu Linux, Debian Linux, Chrome and 7 more 2025-04-12 N/A
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration.
CVE-2015-2874 2 Lacie, Seagate 7 Lac9000436u, Lac9000436u Firmware, Lac9000464u and 4 more 2025-04-12 N/A
Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
CVE-2016-5163 3 Google, Opensuse, Redhat 3 Chrome, Leap, Rhel Extras 2025-04-12 N/A
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android.