Total
11829 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9108 | 1 Qualcomm | 18 Mdm9625, Mdm9625 Firmware, Sd 425 and 15 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation performed on calls to a QSEE syscall may lead to arbitrary read/write or NULL Pointer exception when calling a downstream function.
|
|||||
| CVE-2015-8980 | 4 Fedoraproject, Opensuse, Php-gettext Project and 1 more | 4 Fedora, Leap, Php-gettext and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2015-7559 | 2 Apache, Redhat | 3 Activemq, Jboss A-mq, Jboss Fuse | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
|
It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client.
|
|||||
| CVE-2015-6497 | 2 Magento, Php | 2 Magento, Php | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap.
|
|||||
| CVE-2015-6461 | 1 Schneider-electric | 22 Bmxnoc0401, Bmxnoc0401 Firmware, Bmxnoe0100 and 19 more | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
|
Remote file inclusion allows an attacker to craft a specific URL referencing the Schneider Electric Modicon BMXNOC0401, BMXNOE0100, BMXNOE0110, BMXNOE0110H, BMXNOR0200H, BMXP342020, BMXP342020H, BMXP342030, BMXP3420302, BMXP3420302H, or BMXP342030H PLC web server, which, when launched, will result in the browser redirecting to a remote file via a Java script loaded with the web page.
|
|||||
| CVE-2015-5674 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 before 10.2-RC2-p1, 10.2-RC1 before 10.2-RC1-p2, 10.2 before 10.2-BETA2-p3, and 10.1 before 10.1-RELEASE-p17 allows remote authenticated users to cause a denial of service (assertion failure and daemon exit) via a query from a network that is not directly connected.
|
|||||
| CVE-2015-5606 | 1 Axway | 1 Vordel Xml Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Vordel XML Gateway (acquired by Axway) version 7.2.2 could allow remote attackers to cause a denial of service via a specially crafted request.
|
|||||
| CVE-2015-5230 | 2 Debian, Powerdns | 2 Debian Linux, Authoritative | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.
|
|||||
| CVE-2015-5159 | 1 Kdcproxy Project | 1 Kdcproxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
python-kdcproxy before 0.3.2 allows remote attackers to cause a denial of service via a large POST request.
|
|||||
| CVE-2015-4664 | 2 Broadcom, Xceedium | 2 Privileged Access Manager, Xsuite | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
|
|||||
| CVE-2015-4410 | 2 Fedoraproject, Moped Project | 2 Fedora, Moped | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit dd5a7c14b5d2e466f7875d079af71ad19774609b allows remote attackers to cause a denial of service (worker resource consumption) or perform a cross-site scripting (XSS) attack via a crafted string.
|
|||||
| CVE-2015-3150 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-11-21 | 7.2 HIGH | 7.1 HIGH |
|
abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method.
|
|||||
| CVE-2015-2923 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD through 10.1 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.
|
|||||
| CVE-2015-2784 | 1 Papercrop Project | 1 Papercrop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The papercrop gem before 0.3.0 for Ruby on Rails does not properly handle crop input.
|
|||||
| CVE-2015-2689 | 1 Torproject | 1 Tor | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly handle pending-connection resolve states during periods of high DNS load, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via crafted packets.
|
|||||
| CVE-2015-2202 | 2 Arubanetworks, Hp | 2 Airwave, Airwave | 2024-11-21 | N/A | 7.2 HIGH |
|
Aruba AirWave before 7.7.14.2 and 8.x before 8.0.7 allows administrative users to escalate privileges to root on the underlying OS.
|
|||||
| CVE-2015-2186 | 1 Edx | 2 Configuration, Edx-platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Ansible edxapp role in the Configuration Repo in edX allows remote websites to spoof edX accounts by leveraging use of the string literal "False" instead of a boolean False for the CORS_ORIGIN_ALLOW_ALL setting. Note: this vulnerability was fixed on 2015-03-06, but the version number was not changed.
|
|||||
| CVE-2015-2081 | 1 Datto | 16 Alto 2, Alto 2 Firmware, Alto 3 and 13 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Datto ALTO and SIRIS devices allow Remote Code Execution via unauthenticated requests to PHP scripts.
|
|||||
| CVE-2015-1855 | 3 Debian, Puppet, Ruby-lang | 5 Debian Linux, Puppet Agent, Puppet Enterprise and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x before 2.1.6, and 2.2.x before 2.2.2 does not properly validate hostnames, which allows remote attackers to spoof servers via vectors related to (1) multiple wildcards, (1) wildcards in IDNA names, (3) case sensitivity, and (4) non-ASCII characters.
|
|||||
| CVE-2015-1607 | 2 Canonical, Gnupg | 2 Ubuntu Linux, Gnupg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and "memcpy with overlapping ranges."
|
|||||
| CVE-2015-1525 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address.
|
|||||
| CVE-2015-1425 | 1 Jakweb | 1 Gecko Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities
|
|||||
| CVE-2015-1326 | 1 Python-dbusmock Project | 1 Python-dbusmock | 2024-11-21 | 9.3 HIGH | 5.7 MEDIUM |
|
python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.
|
|||||
| CVE-2014-9986 | 1 Qualcomm | 44 Msm8909w, Msm8909w Firmware, Sd 205 and 41 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A, in playready_licacq_process_response(), 'cbResponse' value is controlled by HLOS, and there is no validation on this length. If 'cbResponse' is too large, memory overread occurs.
|
|||||
| CVE-2014-9390 | 6 Apple, Eclipse, Git-scm and 3 more | 8 Mac Os X, Xcode, Egit and 5 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; mine all versions before 08-12-2014; libgit2 all versions up to 0.21.2; Egit all versions before 08-12-2014; and JGit all versions before 08-12-2014 allow remote Git servers to execute arbitrary commands via a tree containing a crafted .git/config file with (1) an ignorable Unicode codepoint, (2) a g ...
Show More |
|||||
| CVE-2014-9186 | 1 Honeywell | 1 Experion Process Knowledge System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A file inclusion vulnerability exists in the confd.exe module in Honeywell Experion PKS R40x before R400.6, R41x before R410.6, and R43x before R430.2, which could lead to accepting an arbitrary file into the function, and potential information disclosure or remote code execution. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version.
|
|||||
| CVE-2014-9013 | 1 Wpmarketplace Project | 1 Wpmarketplace | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin 2.4.0 for WordPress allows remote authenticated users to create arbitrary users and gain admin privileges via a request to wpmp_pp_ajax_call with an execution target of wp_insert_user.
|
|||||
| CVE-2014-8336 | 1 Wp-dbmanager Project | 1 Wp-dbmanager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries, as demonstrated by use of LOAD_FILE in an INSERT statement.
|
|||||
| CVE-2014-8179 | 2 Docker, Opensuse | 3 Cs Engine, Docker, Opensuse | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 does not properly validate and extract the manifest object from its JSON representation during a pull, which allows attackers to inject new attributes in a JSON object and bypass pull-by-digest validation.
|
|||||
| CVE-2014-8178 | 2 Docker, Opensuse | 3 Cs Engine, Docker, Opensuse | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
|
Docker Engine before 1.8.3 and CS Docker Engine before 1.6.2-CS7 do not use a globally unique identifier to store image layers, which makes it easier for attackers to poison the image cache via a crafted image in pull or push commands.
|
|||||
| CVE-2014-8166 | 1 Cups | 1 Cups | 2024-11-21 | 5.1 MEDIUM | 8.8 HIGH |
|
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.
|
|||||
| CVE-2014-8126 | 1 Wisc | 1 Htcondor | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The scheduler in HTCondor before 8.2.6 allows remote authenticated users to execute arbitrary code.
|
|||||
| CVE-2014-7224 | 1 Google | 1 Android | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2014-7222 | 1 Teamspeak | 1 Teamspeak3 | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote authenticated users to cause a denial of service (application crash) by connecting to a channel with a different client instance, and placing crafted data in the Chat/Server tab with two \\ (backslash) characters, a digit, a \ (backslash) character, and "z" in a series of nested img BBCODE tags.
|
|||||
| CVE-2014-5468 | 1 Getrailo | 1 Railo | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a specially-crafted URL request to the thumbnail.cfm to specify a malicious PNG file, which could let a remote malicious user obtain sensitive information or execute arbitrary code.
|
|||||
| CVE-2014-5289 | 1 Senkas Kolibri Project | 1 Senkas Kolibri | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.
|
|||||
| CVE-2014-5282 | 1 Docker | 1 Docker | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
|
|||||
| CVE-2014-5170 | 1 Drupal | 1 Storage Api | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The Storage API module 7.x before 7.x-1.6 for Drupal might allow remote attackers to execute arbitrary code by leveraging failure to update .htaccess file contents after SA-CORE-2013-003.
|
|||||
| CVE-2014-5118 | 3 Fedoraproject, Redhat, Trusted Boot Project | 3 Fedora, Enterprise Linux, Trusted Boot | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability
|
|||||
| CVE-2014-5092 | 1 Status2k | 1 Status2k | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Status2k allows Remote Command Execution in admin/options/editpl.php.
|
|||||