Total
409 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7330 | 1 Puppet | 1 Puppet Enterprise | 2024-02-28 | 6.5 MEDIUM | 8.8 HIGH |
| Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protection mechanism by leveraging the Puppet communications protocol. | |||||
| CVE-2016-1438 | 1 Cisco | 2 Asyncos, Email Security Appliance Firmware | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices allows remote attackers to bypass intended spam filtering via crafted executable content in a ZIP archive, aka Bug ID CSCuy39210. | |||||
| CVE-2015-8777 | 1 Gnu | 1 Glibc | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
| The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. | |||||
| CVE-2015-5267 | 1 Moodle | 1 Moodle | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 relies on the PHP mt_rand function to implement the random_string and complex_random_string functions, which makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach. | |||||
| CVE-2015-5943 | 1 Apple | 1 Mac Os X | 2024-02-28 | 4.3 MEDIUM | N/A |
| SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app. | |||||
| CVE-2016-0829 | 1 Google | 1 Android | 2024-02-28 | 5.0 MEDIUM | 7.5 HIGH |
| The BnGraphicBufferProducer::onTransact function in libs/gui/IGraphicBufferConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49H, and 6.x before 2016-03-01 does not initialize a certain output data structure, which allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, by triggering a QUEUE_BUFFER action, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26338109. | |||||
| CVE-2015-7863 | 1 Accelerite | 1 Radia Client Automation | 2024-02-28 | 5.0 MEDIUM | N/A |
| The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2016-3354 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-02-28 | 4.3 MEDIUM | 3.3 LOW |
| The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "GDI Information Disclosure Vulnerability." | |||||
| CVE-2016-6597 | 1 Sophos | 1 Mobile Control Eas Proxy | 2024-02-28 | 5.0 MEDIUM | 8.6 HIGH |
| Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus Traveler is enabled, allows remote attackers to access arbitrary web-resources from the backend mail system via a request for the resource, aka an Open Reverse Proxy vulnerability. | |||||
| CVE-2015-7554 | 1 Libtiff | 1 Libtiff | 2024-02-28 | 7.5 HIGH | 9.8 CRITICAL |
| The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field data in an extension tag in a TIFF image. | |||||
| CVE-2016-1140 | 1 Kddi | 2 Home Spot Cube, Home Spot Cube Firmware | 2024-02-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2015-5856 | 1 Apple | 1 Iphone Os | 2024-02-28 | 4.3 MEDIUM | N/A |
| The Application Store component in Apple iOS before 9 allows remote attackers to cause a denial of service to an enterprise-signed app via a crafted ITMS URL. | |||||
| CVE-2015-3996 | 1 Afnetworking Project | 1 Afnetworking | 2024-02-28 | 4.3 MEDIUM | N/A |
| The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2016-0240 | 1 Ibm | 1 Security Guardium Database Activity Monitor | 2024-02-28 | 4.3 MEDIUM | 3.7 LOW |
| IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | |||||
| CVE-2016-3287 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2024-02-28 | 2.1 LOW | 4.4 MEDIUM |
| Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka "Secure Boot Security Feature Bypass." | |||||
| CVE-2015-1298 | 1 Google | 1 Chrome | 2024-02-28 | 4.3 MEDIUM | N/A |
| The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled. | |||||
| CVE-2015-1674 | 1 Microsoft | 5 Windows 8, Windows 8.1, Windows Rt and 2 more | 2024-02-28 | 4.6 MEDIUM | N/A |
| The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability." | |||||
| CVE-2016-8502 | 1 Yandex | 1 Yandex Browser | 2024-02-28 | 5.0 MEDIUM | 7.3 HIGH |
| Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | |||||
| CVE-2015-3449 | 1 Sap | 1 Afaria | 2024-02-28 | 7.2 HIGH | N/A |
| The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file. | |||||
| CVE-2015-6997 | 1 Apple | 2 Iphone Os, Watchos | 2024-02-28 | 4.3 MEDIUM | N/A |
| The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | |||||