Total
409 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-5501 | 1 Aegirproject | 1 Hostmaster | 2024-02-28 | 7.5 HIGH | N/A |
The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to write Apache vhost files for hosted sites in a multi-site environment. | |||||
CVE-2015-6762 | 1 Google | 1 Chrome | 2024-02-28 | 7.5 HIGH | N/A |
The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a font's URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect. | |||||
CVE-2016-2072 | 1 Citrix | 3 Netscaler, Netscaler Application Delivery Controller, Netscaler Gateway | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
The Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 11.x before 11.0 Build 64.34, 10.5 before 10.5 Build 59.13, 10.5.e before Build 59.1305.e, and 10.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
CVE-2016-0894 | 1 Emc | 1 Rsa Data Loss Prevention | 2024-02-28 | 6.5 MEDIUM | 6.3 MEDIUM |
EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote authenticated users to bypass intended object access restrictions via a modified parameter. | |||||
CVE-2016-2111 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2024-02-28 | 4.3 MEDIUM | 6.3 MEDIUM |
The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2, when a domain controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, a related issue to CVE-2015-0005. | |||||
CVE-2016-1443 | 1 Cisco | 1 Amp Threat Grid Appliance | 2024-02-28 | 6.8 MEDIUM | 8.1 HIGH |
The virtual network stack on Cisco AMP Threat Grid Appliance devices before 2.1.1 allows remote attackers to bypass a sandbox protection mechanism, and consequently obtain sensitive interprocess information or modify interprocess data, via a crafted malware sample. | |||||
CVE-2015-7713 | 1 Openstack | 1 Nova | 2024-02-28 | 5.0 MEDIUM | N/A |
OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made. | |||||
CVE-2015-2529 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2024-02-28 | 2.1 LOW | N/A |
The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability." | |||||
CVE-2015-7576 | 1 Rubyonrails | 2 Rails, Ruby On Rails | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authentication.rb in the Basic Authentication implementation in Action Controller in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 does not use a constant-time algorithm for verifying credentials, which makes it easier for remote attackers to bypass authentication by measuring timing differences. | |||||
CVE-2015-4520 | 1 Mozilla | 2 Firefox, Firefox Esr | 2024-02-28 | 6.4 MEDIUM | N/A |
Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header. | |||||
CVE-2016-1696 | 5 Debian, Google, Opensuse and 2 more | 8 Debian Linux, Chrome, Leap and 5 more | 2024-02-28 | 6.8 MEDIUM | 8.8 HIGH |
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
CVE-2015-3751 | 1 Apple | 2 Iphone Os, Safari | 2024-02-28 | 5.0 MEDIUM | N/A |
WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mechanism by using a video control in conjunction with an IMG element within an OBJECT element. | |||||
CVE-2016-0790 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time algorithm to verify API tokens, which makes it easier for remote attackers to determine API tokens via a brute-force approach. | |||||
CVE-2016-1296 | 1 Cisco | 1 Web Security Appliance | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848. | |||||
CVE-2015-8914 | 1 Openstack | 1 Neutron | 2024-02-28 | 6.4 MEDIUM | 9.1 CRITICAL |
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. | |||||
CVE-2016-0825 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 5.3 MEDIUM |
The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 allows attackers to obtain sensitive TrustZone secure-storage information by leveraging kernel access, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 20860039. | |||||
CVE-2016-5162 | 2 Google, Opensuse | 2 Chrome, Leap | 2024-02-28 | 4.3 MEDIUM | 6.5 MEDIUM |
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160. | |||||
CVE-2016-5247 | 1 Lenovo | 23 Bios, Thinkcentre E93, Thinkcentre M6500t\/s and 20 more | 2024-02-28 | 7.2 HIGH | 7.8 HIGH |
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key. | |||||
CVE-2015-7435 | 1 Ibm | 1 Tivoli Common Reporting | 2024-02-28 | 1.9 LOW | 2.5 LOW |
IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos Business Intelligence before 10.2.1.1 IF12 allows local users to bypass the Cognos Application Firewall (CAF) protection mechanism via leading whitespace in the BackURL field. | |||||
CVE-2016-4376 | 2 Broadcom, Hp | 2 Fabric Operating System, Storefabric B Series Switch | 2024-02-28 | 7.8 HIGH | 6.5 MEDIUM |
HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches allows remote attackers to obtain sensitive information via unspecified vectors. |