Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1469 | 1 Servision | 2 Hvg400, Hvg Video Gateway Firmware | 2024-11-21 | 9.0 HIGH | N/A |
| time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930. | |||||
| CVE-2015-1460 | 1 Huawei | 10 Quidway Firmware, Quidway S2350, Quidway S2750 and 7 more | 2024-11-21 | 7.5 HIGH | N/A |
| Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. | |||||
| CVE-2015-1458 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 6.9 MEDIUM | N/A |
| Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. | |||||
| CVE-2015-1448 | 1 Siemens | 5 Ruggedcom Firmware, Ruggedcom Win5100, Ruggedcom Win5200 and 2 more | 2024-11-21 | 10.0 HIGH | N/A |
| The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors. | |||||
| CVE-2015-1416 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file. | |||||
| CVE-2015-1378 | 1 Grml | 1 Grml-debootstrap | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users. | |||||
| CVE-2015-1375 | 1 Pixabay Images Project | 1 Pixabay Images | 2024-11-21 | 7.5 HIGH | N/A |
| pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files. | |||||
| CVE-2015-1356 | 1 Siemens | 1 Simatic Step 7 | 2024-11-21 | 4.4 MEDIUM | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. | |||||
| CVE-2015-1344 | 1 Canonical | 2 Lxcfs, Ubuntu Linux | 2024-11-21 | 7.2 HIGH | N/A |
| The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file. | |||||
| CVE-2015-1342 | 1 Canonical | 2 Lxcfs, Ubuntu Linux | 2024-11-21 | 4.6 MEDIUM | N/A |
| LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup. | |||||
| CVE-2015-1341 | 1 Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 7.2 HIGH | 7.4 HIGH |
| Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. | |||||
| CVE-2015-1328 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. | |||||
| CVE-2015-1327 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 4.3 MEDIUM | 3.9 LOW |
| Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app. | |||||
| CVE-2015-1324 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17.9 as packaged in Ubuntu 12.04 LTS allow local users to write to arbitrary files and gain root privileges by leveraging incorrect handling of permissions when generating core dumps for setuid binaries. | |||||
| CVE-2015-1318 | 1 Apport Project | 1 Apport | 2024-11-21 | 7.2 HIGH | N/A |
| The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). | |||||
| CVE-2015-1312 | 1 Sap | 1 Enterprise Resource Planning | 2024-11-21 | 7.5 HIGH | N/A |
| The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2015-1305 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows Xp | 2024-11-21 | 6.9 MEDIUM | N/A |
| McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call. | |||||
| CVE-2015-1293 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | N/A |
| The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||||
| CVE-2015-1292 | 1 Google | 1 Chrome | 2024-11-21 | 5.0 MEDIUM | N/A |
| The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker. | |||||
| CVE-2015-1291 | 1 Google | 1 Chrome | 2024-11-21 | 6.4 MEDIUM | N/A |
| The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements. | |||||