Total
1752 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0277 | 1 Picketlink | 1 Picketlink | 2024-11-21 | 6.0 MEDIUM | N/A |
| The Service Provider (SP) in PicketLink before 2.7.0 does not ensure that it is a member of an Audience element when an AudienceRestriction is specified, which allows remote attackers to log in to other users' accounts via a crafted SAML assertion. NOTE: this identifier has been SPLIT per ADT2 due to different vulnerability types. See CVE-2015-6254 for lack of validation for the Destination attribute in a Response element in a SAML assertion. | |||||
| CVE-2015-0180 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 5.5 MEDIUM | N/A |
| The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified vectors. | |||||
| CVE-2015-0150 | 1 Dlink | 2 Dir-815, Dir-815 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows remote attackers to bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2015-0141 | 1 Ibm | 1 Openpages Grc Platform | 2024-11-21 | 4.0 MEDIUM | N/A |
| IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request. | |||||
| CVE-2015-0119 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-11-21 | 7.5 HIGH | N/A |
| FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port. | |||||
| CVE-2015-0110 | 1 Ibm | 2 Business Process Manager, Websphere Application Server | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal service types via vectors involving the executeServiceByName URL. | |||||
| CVE-2015-0104 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo Asset Management Essentials and 8 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-0008 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-11-21 | 8.3 HIGH | N/A |
| The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability." | |||||
| CVE-2014-9961 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. | |||||
| CVE-2014-9920 | 1 Mcafee | 1 Application Control | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Unauthorized execution of binary vulnerability in McAfee (now Intel Security) McAfee Application Control (MAC) 6.0.0 before hotfix 9726, 6.0.1 before hotfix 9068, 6.1.0 before hotfix 692, 6.1.1 before hotfix 399, 6.1.2 before hotfix 426, and 6.1.3 before hotfix 357 and earlier allows attackers to create a malformed Windows binary that is considered non-executable and is not protected through the whitelisting protection feature via a specific set of circumstances. | |||||
| CVE-2014-9901 | 1 Google | 1 Android | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. | |||||
| CVE-2014-9865 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013. | |||||
| CVE-2014-9831 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| coders/wpg.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted wpg file. | |||||
| CVE-2014-9830 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| coders/sun.c in ImageMagick allows remote attackers to have unspecified impact via a corrupted sun file. | |||||
| CVE-2014-9828 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file. | |||||
| CVE-2014-9827 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| coders/xpm.c in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | |||||
| CVE-2014-9798 | 1 Google | 1 Android | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965. | |||||
| CVE-2014-9773 | 2 Atheme, Opensuse | 3 Atheme, Leap, Opensuse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks. | |||||
| CVE-2014-9717 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH umount2 system calls without verifying that the MNT_LOCKED flag is unset, which allows local users to bypass intended access restrictions and navigate to filesystem locations beneath a mount by calling umount2 within a user namespace. | |||||
| CVE-2014-9648 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | N/A |
| components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205. | |||||