Total
1270 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2015-0667 | 1 Cisco | 2 Content Services Switch 11500, Content Services Switch 11500 Firmware | 2024-02-04 | 5.0 MEDIUM | N/A |
The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted SSH packets, aka Bug ID CSCut14855. | |||||
CVE-2015-0297 | 1 Redhat | 1 Jboss Operations Network | 2024-02-04 | 9.0 HIGH | N/A |
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methods via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager. | |||||
CVE-2014-8827 | 1 Apple | 1 Mac Os X | 2024-02-04 | 2.1 LOW | N/A |
LoginWindow in Apple OS X before 10.10.2 does not transition to the lock-screen state immediately upon being woken from sleep, which allows physically proximate attackers to obtain sensitive information by reading the screen. | |||||
CVE-2014-6627 | 1 Arubanetworks | 1 Clearpass | 2024-02-04 | 9.0 HIGH | N/A |
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342. | |||||
CVE-2015-0119 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-02-04 | 7.5 HIGH | N/A |
FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port. | |||||
CVE-2014-9572 | 1 Mantisbt | 1 Mantisbt | 2024-02-04 | 7.5 HIGH | N/A |
MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly restrict access to /*/install.php, which allows remote attackers to obtain database credentials via the install parameter with the value 4. | |||||
CVE-2014-1949 | 3 Canonical, Gtk, Linuxmint | 3 Ubuntu, Gtk\+, Linux Mint | 2024-02-04 | 7.2 HIGH | N/A |
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button. | |||||
CVE-2014-9388 | 1 Mantisbt | 1 Mantisbt | 2024-02-04 | 5.0 MEDIUM | N/A |
bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter. | |||||
CVE-2014-8680 | 1 Isc | 1 Bind | 2024-02-04 | 5.4 MEDIUM | N/A |
The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options. | |||||
CVE-2015-1115 | 1 Apple | 1 Iphone Os | 2024-02-04 | 4.4 MEDIUM | N/A |
The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. | |||||
CVE-2015-2172 | 1 Dokuwiki | 1 Dokuwiki | 2024-02-04 | 6.5 MEDIUM | N/A |
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API. | |||||
CVE-2015-1631 | 1 Microsoft | 1 Exchange Server | 2024-02-04 | 5.0 MEDIUM | N/A |
Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability." | |||||
CVE-2015-0926 | 1 Labtech Software | 1 Labtech | 2024-02-04 | 6.8 MEDIUM | N/A |
Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file. | |||||
CVE-2015-0929 | 1 Servision | 2 Hvg400, Hvg Video Gateway Firmware | 2024-02-04 | 10.0 HIGH | N/A |
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response. | |||||
CVE-2015-1464 | 2 Bestpractical, Fedoraproject | 2 Request Tracker, Fedora | 2024-02-04 | 6.4 MEDIUM | N/A |
RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. | |||||
CVE-2015-2559 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-02-04 | 3.5 LOW | N/A |
Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated users to reset the password of other accounts by leveraging an account with the same password hash as another account and a crafted password reset URL. | |||||
CVE-2015-1376 | 1 Pixabay Images Project | 1 Pixabay Images | 2024-02-04 | 4.0 MEDIUM | N/A |
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com. | |||||
CVE-2014-8833 | 1 Apple | 1 Mac Os X | 2024-02-04 | 2.1 LOW | N/A |
SpotlightIndex in Apple OS X before 10.10.2 does not properly perform deserialization during access to a permission cache, which allows local users to read search results associated with other users' protected files via a Spotlight query. | |||||
CVE-2014-9197 | 1 Schneider-electric | 5 Etg3000 Factorycast Hmi Gateway Firmware, Tsxetg3000, Tsxetg3010 and 2 more | 2024-02-04 | 7.8 HIGH | N/A |
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request. | |||||
CVE-2015-2792 | 1 Wpml | 1 Wpml | 2024-02-04 | 7.5 HIGH | N/A |
The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter. |