Search Results (2330 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-6412 1 Cisco 2 Modular Encoding Platform D9036, Modular Encoding Platform D9036 Software 2025-04-12 N/A
Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070.
CVE-2015-6424 1 Cisco 1 Application Policy Infrastructure Controller 2025-04-12 N/A
The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspecified vectors, aka Bug ID CSCuu83985.
CVE-2016-4028 1 Open-xchange 1 Ox Guard 2025-04-12 N/A
An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the encryption padding. In combination with AES-CBC, this allows attackers to guess the correct padding. Attackers may run brute-forcing attacks on the content of the guest authentication token and discover user credentials. For a practical attack vector, the guest users needs to have logged in, the content of the guest user's "OxReaderID" cookie and the value of the "auth" parameter needs to be known to the attacker.
CVE-2015-6427 1 Cisco 1 Firesight System Software 2025-04-12 N/A
Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka Bug ID CSCux53437.
CVE-2016-1927 1 Phpmyadmin 1 Phpmyadmin 2025-04-12 N/A
The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x before 4.5.4 relies on the Math.random JavaScript function, which makes it easier for remote attackers to guess passwords via a brute-force approach.
CVE-2014-0354 1 Zyxel 2 N300 Netusb Nbg-419n, N300 Netusb Nbg-419n Firmware 2025-04-12 N/A
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login access via an HTTP request.
CVE-2014-9793 1 Google 1 Android 2025-04-12 N/A
platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567.
CVE-2016-0287 2 Ibm, Microsoft 2 I Access, Windows 2025-04-12 N/A
IBM i Access 7.1 on Windows allows local users to discover registry passwords via unspecified vectors.
CVE-2016-1965 4 Mozilla, Opensuse, Oracle and 1 more 4 Firefox, Opensuse, Linux and 1 more 2025-04-12 N/A
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
CVE-2015-0201 2 Pivotal Software, Vmware 2 Spring Framework, Spring Framework 2025-04-12 N/A
The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors.
CVE-2015-6846 1 Emc 1 Sourceone Email Supervisor 2025-04-12 N/A
EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations.
CVE-2015-7176 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via unknown vectors.
CVE-2015-7044 1 Apple 1 Mac Os X 2025-04-12 N/A
The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges.
CVE-2014-5420 1 Carefusion 1 Pyxis Supplystation 2025-04-12 N/A
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded application password, which makes it easier for remote authenticated users to obtain application-file access via unspecified vectors.
CVE-2015-7283 1 Zyxel 2 Nbg-418n, Nbg-418n Firmware 2025-04-12 N/A
The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.
CVE-2009-5149 1 Arris 4 Dg860a, Na Model 862 Gw Mono Firmware, Tg862a and 1 more 2025-04-12 N/A
Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 have predictable technician passwords, which makes it easier for remote attackers to obtain access via the web management interface, related to a "password of the day" issue.
CVE-2015-0924 1 Ceragon 3 Fiberair Ip-10c, Fiberair Ip-10e, Fiberair Ip-10g 2025-04-12 N/A
Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session.
CVE-2016-2110 3 Canonical, Redhat, Samba 8 Ubuntu Linux, Enterprise Linux, Rhel Aus and 5 more 2025-04-12 N/A
The NTLMSSP authentication implementation in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 allows man-in-the-middle attackers to perform protocol-downgrade attacks by modifying the client-server data stream to remove application-layer flags or encryption settings, as demonstrated by clearing the NTLMSSP_NEGOTIATE_SEAL or NTLMSSP_NEGOTIATE_SIGN option to disrupt LDAP security.
CVE-2015-7713 2 Openstack, Redhat 2 Nova, Openstack 2025-04-12 N/A
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made.
CVE-2015-1158 2 Cups, Redhat 2 Cups, Enterprise Linux 2025-04-12 N/A
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.