Total
409 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1267 | 1 Google | 1 Chrome | 2024-11-21 | 5.0 MEDIUM | N/A |
| Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp. | |||||
| CVE-2015-1266 | 1 Google | 1 Chrome | 2024-11-21 | 5.0 MEDIUM | N/A |
| content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests. | |||||
| CVE-2015-1158 | 1 Cups | 1 Cups | 2024-11-21 | 10.0 HIGH | N/A |
| The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. | |||||
| CVE-2015-1130 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.2 HIGH | N/A |
| The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. | |||||
| CVE-2015-1142857 | 3 Dpdk, Intel, Linux | 13 Dpdk, 82576, 82576 Firmware and 10 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. | |||||
| CVE-2015-0994 | 1 Inductiveautomation | 1 Ignition | 2024-11-21 | 4.0 MEDIUM | N/A |
| Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. | |||||
| CVE-2015-0993 | 1 Inductiveautomation | 1 Ignition | 2024-11-21 | 6.4 MEDIUM | N/A |
| Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
| CVE-2015-0943 | 1 Basware | 1 Banking | 2024-11-21 | 5.8 MEDIUM | N/A |
| Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream. | |||||
| CVE-2015-0832 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2024-11-21 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character. | |||||
| CVE-2015-0746 | 1 Cisco | 1 Secure Access Control Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. | |||||
| CVE-2015-0599 | 1 Cisco | 1 Unified Computing System | 2024-11-21 | 4.3 MEDIUM | N/A |
| The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138. | |||||
| CVE-2015-0233 | 1 Fedoraproject | 1 389 Administration Server | 2024-11-21 | 4.6 MEDIUM | 4.2 MEDIUM |
| Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. | |||||
| CVE-2015-0201 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. | |||||
| CVE-2015-0127 | 1 Ibm | 1 Leads | 2024-11-21 | 3.5 LOW | N/A |
| IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks via a crafted web site. | |||||
| CVE-2015-0084 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2024-11-21 | 2.1 LOW | N/A |
| The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka "Task Scheduler Security Feature Bypass Vulnerability." | |||||
| CVE-2015-0009 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-11-21 | 3.3 LOW | N/A |
| The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability." | |||||
| CVE-2015-0005 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2008, Windows Server 2012 | 2024-11-21 | 4.3 MEDIUM | N/A |
| The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability." | |||||
| CVE-2014-9793 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567. | |||||
| CVE-2014-9635 | 2 Apache, Jenkins | 2 Tomcat, Jenkins | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. | |||||
| CVE-2014-9634 | 2 Apache, Jenkins | 2 Tomcat, Jenkins | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session. | |||||