Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7317 | 2 Kupu Project, Plone | 2 Kupu, Plone | 2024-11-21 | 4.9 MEDIUM | 6.8 MEDIUM |
| Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. | |||||
| CVE-2015-7274 | 1 Dell | 2 Integrated Remote Access Controller 6, Integrated Remote Access Controller Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. | |||||
| CVE-2015-7266 | 1 Iab | 1 Open Real-time Bidding | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote attackers to conceal the status of ad transactions and potentially compromise bid integrity by leveraging failure to limit the time between bid responses and impression notifications, aka the Amnesia Bug. | |||||
| CVE-2015-7260 | 1 Vertiv | 1 Liebert Multilink Automated Shutdown | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file. | |||||
| CVE-2015-7249 | 1 Zte | 2 Zxhn H108n R1a, Zxhn H108n R1a Firmware | 2024-11-21 | 6.8 MEDIUM | 4.9 MEDIUM |
| ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support account to change a password via a cgi-bin/webproc accountpsd action. | |||||
| CVE-2015-7238 | 1 Mcafee | 1 Threat Intelligence Exchange | 2024-11-21 | 2.1 LOW | N/A |
| The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information by reading the files. | |||||
| CVE-2015-7230 | 1 Workbench Email Project | 1 Workbench Email | 2024-11-21 | 3.5 LOW | N/A |
| The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with certain permissions to bypass node and field validation by saving a node. | |||||
| CVE-2015-7229 | 1 Twitter Project | 1 Twitter | 2024-11-21 | 3.5 LOW | N/A |
| The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Drupal does not properly check access permissions, which allows remote authenticated users to post tweets to arbitrary accounts by leveraging the (1) "post to twitter" permission or change the options for arbitrary attached accounts by leveraging the (2) "add twitter accounts" or (3) "add authenticated twitter accounts" permission. | |||||
| CVE-2015-7227 | 1 Fieldable Panels Panes Project | 1 Fieldable Panels Panes | 2024-11-21 | 3.5 LOW | N/A |
| The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels. | |||||
| CVE-2015-7223 | 3 Fedoraproject, Mozilla, Opensuse | 4 Fedora, Firefox, Leap and 1 more | 2024-11-21 | 4.0 MEDIUM | N/A |
| The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. | |||||
| CVE-2015-7197 | 1 Mozilla | 1 Firefox | 2024-11-21 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. | |||||
| CVE-2015-7071 | 1 Apple | 1 Mac Os X | 2024-11-21 | 10.0 HIGH | N/A |
| The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname. | |||||
| CVE-2015-7063 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.2 HIGH | N/A |
| The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname. | |||||
| CVE-2015-7062 | 1 Apple | 2 Iphone Os, Mac Os X | 2024-11-21 | 4.6 MEDIUM | N/A |
| Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors. | |||||
| CVE-2015-7052 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.2 HIGH | N/A |
| kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors. | |||||
| CVE-2015-7051 | 1 Apple | 2 Iphone Os, Tvos | 2024-11-21 | 9.3 HIGH | N/A |
| MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||||
| CVE-2015-7031 | 1 Apple | 1 Mac Os X Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. | |||||
| CVE-2015-7016 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.6 HIGH | N/A |
| The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app. | |||||
| CVE-2015-7003 | 1 Apple | 1 Mac Os X | 2024-11-21 | 6.8 MEDIUM | N/A |
| coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app. | |||||
| CVE-2015-7001 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2024-11-21 | 6.8 MEDIUM | N/A |
| AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app. | |||||