Export limit exceeded: 10566 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11494 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2841 | 1 Citrix | 1 Netscaler | 2025-04-12 | N/A |
| Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types. | ||||
| CVE-2015-2847 | 1 Honeywell | 1 Tuxedo Touch | 2025-04-12 | N/A |
| Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests from the client-server data stream. | ||||
| CVE-2015-3457 | 1 Magento | 1 Magento | 2025-04-12 | N/A |
| Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter. | ||||
| CVE-2015-3675 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the mod_hfs_apple module, which allows remote attackers to bypass HTTP authentication via a crafted URL. | ||||
| CVE-2015-3644 | 1 Stunnel | 1 Stunnel | 2025-04-12 | N/A |
| Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentication. | ||||
| CVE-2015-3650 | 1 Vmware | 3 Horizon View Client, Player, Workstation | 2025-04-12 | N/A |
| vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware Player 5.x and 6.x before 6.0.7 and 7.x before 7.1.1, and VMware Horizon Client 5.x local-mode before 5.4.2 on Windows does not provide a valid DACL pointer during the setup of the vprintproxy.exe process, which allows host OS users to gain host OS privileges by injecting a thread. | ||||
| CVE-2015-3671 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows local users to bypass authentication and obtain admin privileges via unspecified vectors. | ||||
| CVE-2015-3672 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which allows local users to obtain admin privileges via unspecified vectors. | ||||
| CVE-2015-3691 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer. | ||||
| CVE-2015-3692 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges. | ||||
| CVE-2015-3757 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane. | ||||
| CVE-2015-3775 | 1 Apple | 1 Mac Os X | 2025-04-12 | N/A |
| Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to obtain admin privileges via unspecified vectors. | ||||
| CVE-2015-3806 | 1 Apple | 2 Iphone Os, Mac Os X | 2025-04-12 | N/A |
| Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection mechanism by appending code to a crafted executable file. | ||||
| CVE-2015-3833 | 1 Google | 1 Android | 2025-04-12 | N/A |
| The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the foreground application via a crafted application, aka internal bug 20034603. | ||||
| CVE-2015-4502 | 1 Mozilla | 1 Firefox | 2025-04-12 | N/A |
| js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles certain receiver arguments, which allows remote attackers to bypass intended window access restrictions via a crafted web site. | ||||
| CVE-2015-4526 | 1 Emc | 1 Recoverpoint For Virtual Machines | 2025-04-12 | N/A |
| EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to obtain root-shell access by bypassing the Installation Manager Boxmgmt CLI interface. | ||||
| CVE-2015-4520 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header. | ||||
| CVE-2015-5325 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2025-04-12 | N/A |
| Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass intended slave-to-master access restrictions by leveraging a JNLP slave. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-3665. | ||||
| CVE-2015-5372 | 1 Adnovum | 1 Nevisauth | 2025-04-12 | N/A |
| The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the certificate from the identity provider (IdP), which allows remote attackers to inject arbitrary SAML assertions via a crafted certificate. | ||||
| CVE-2015-5464 | 1 Gemalto | 3 Safenet Luna G5, Safenet Luna Pci-e, Safenet Luna Sa | 2025-04-12 | N/A |
| The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition. | ||||