Total
94342 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3172 | 1 Eidogo | 1 Eidogo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input. | |||||
| CVE-2015-3154 | 1 Zend | 1 Zend Framework | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. | |||||
| CVE-2015-3147 | 1 Redhat | 7 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | |||||
| CVE-2015-3006 | 1 Juniper | 3 Junos, Qfx3500, Qfx3600 | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability. | |||||
| CVE-2015-2992 | 1 Apache | 1 Struts | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2015-2981 | 1 Yodobashi | 1 Yodobashi | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2968 | 1 Line | 1 Line\@ | 2024-11-21 | N/A | 5.9 MEDIUM |
| LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. | |||||
| CVE-2015-2923 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. | |||||
| CVE-2015-2796 | 1 Projectpier | 1 Projectpier | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ProjectPier-Core allow remote attackers to inject arbitrary web script or HTML via the search_for parameter to (1) search_by_tag.php, (2) search_contacts.php, or (3) search.php. | |||||
| CVE-2015-2793 | 2 Fedoraproject, Ikiwiki | 2 Fedora, Ikiwiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi. | |||||
| CVE-2015-2329 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. | |||||
| CVE-2015-2326 | 3 Mariadb, Opensuse, Pcre | 3 Mariadb, Opensuse, Pcre | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by "((?+1)(\1))/". | |||||
| CVE-2015-2324 | 1 10web | 1 Photo Gallery | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2249 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Zimbra Collaboration before 8.6.0 patch5 has XSS. | |||||
| CVE-2015-2230 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console. | |||||
| CVE-2015-2207 | 1 Netcracker | 1 Resource Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter. | |||||
| CVE-2015-2203 | 1 Evergreen-ils | 1 Evergreen | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users with STAFF_LOGIN permission to obtain sensitive settings history information by leveraging listing of open-ils.pcrud as a controller in the IDL. | |||||
| CVE-2015-2179 | 1 Xaviershay-dm-rails Porject | 1 Xaviershay-dm-rails | 2024-11-21 | N/A | 5.5 MEDIUM |
| The xaviershay-dm-rails gem 0.10.3.8 for Ruby allows local users to discover MySQL credentials by listing a process and its arguments. | |||||
| CVE-2015-2060 | 2 Cabextract Project, Linux | 2 Cabextract, Linux Kernel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash. | |||||
| CVE-2015-20109 | 1 Gnu | 1 Glibc | 2024-11-21 | N/A | 5.5 MEDIUM |
| end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue. | |||||