Total
1752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1304 | 1 Google | 1 Chrome | 2024-11-21 | 7.5 HIGH | N/A |
| object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call. | |||||
| CVE-2015-1253 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 7.5 HIGH | N/A |
| core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. | |||||
| CVE-2015-1173 | 1 Unit4 | 1 Teta Web | 2024-11-21 | 7.5 HIGH | N/A |
| Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters." | |||||
| CVE-2015-1151 | 1 Apple | 1 Os X Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. | |||||
| CVE-2015-1115 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.4 MEDIUM | N/A |
| The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. | |||||
| CVE-2015-10057 | 1 Little-apps | 1 Little Software Stats | 2024-11-21 | 4.0 MEDIUM | 4.6 MEDIUM |
| A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file inc/class.securelogin.php of the component Password Reset Handler. The manipulation leads to improper access controls. The complexity of an attack is rather high. The exploitation appears to be difficult. Upgrading to version 0.2 is able to address this issue. The identifier of the patch is 07ba8273a9311d1383f3686ac7cb32f20770ab1e. It is recommended to upgrade the affected component. The identifier VDB-218401 was assigned to this vulnerability. | |||||
| CVE-2015-1000010 | 1 Simple-image-manipulator Project | 1 Simple-image-manipulator | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Remote file download in simple-image-manipulator v1.0 wordpress plugin | |||||
| CVE-2015-1000009 | 1 Google-adsense-and-hotel-booking Project | 1 Google-adsense-and-hotel-booking | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 | |||||
| CVE-2015-0929 | 1 Servision | 2 Hvg400, Hvg Video Gateway Firmware | 2024-11-21 | 10.0 HIGH | N/A |
| time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response. | |||||
| CVE-2015-0926 | 1 Labtech Software | 1 Labtech | 2024-11-21 | 6.8 MEDIUM | N/A |
| Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file. | |||||
| CVE-2015-0914 | 1 Kozos | 1 Easyctf | 2024-11-21 | 5.0 MEDIUM | N/A |
| EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request. | |||||
| CVE-2015-0840 | 2 Canonical, Debian | 2 Ubuntu Linux, Dpkg | 2024-11-21 | 4.3 MEDIUM | N/A |
| The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). | |||||
| CVE-2015-0820 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2024-11-21 | 2.6 LOW | N/A |
| Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sandbox protection mechanism or a Secure EcmaScript sandbox protection mechanism via a crafted web site. | |||||
| CVE-2015-0755 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | 6.8 MEDIUM | N/A |
| The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797. | |||||
| CVE-2015-0694 | 1 Cisco | 7 Asr 9001, Asr 9006, Asr 9010 and 4 more | 2024-11-21 | 5.0 MEDIUM | N/A |
| Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restrictions by using an address that was not supposed to have been allowed, aka Bug ID CSCur28806. | |||||
| CVE-2015-0675 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-11-21 | 8.3 HIGH | N/A |
| The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069. | |||||
| CVE-2015-0667 | 1 Cisco | 2 Content Services Switch 11500, Content Services Switch 11500 Firmware | 2024-11-21 | 5.0 MEDIUM | N/A |
| The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855. | |||||
| CVE-2015-0660 | 1 Cisco | 1 Telepresence Server Software | 2024-11-21 | 7.2 HIGH | N/A |
| Cisco Virtual TelePresence Server Software does not properly restrict use of the serial port, which allows local users to execute arbitrary OS commands as root by leveraging vSphere controller administrative privileges, aka Bug ID CSCus61123. | |||||
| CVE-2015-0531 | 1 Emc | 1 Sourceone Email Management | 2024-11-21 | 5.0 MEDIUM | N/A |
| EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||||
| CVE-2015-0297 | 1 Redhat | 1 Jboss Operations Network | 2024-11-21 | 9.0 HIGH | N/A |
| Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager. | |||||