Search Results (Refine Search)
- Category (CWE): CWE-20 Improper Input Validation
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-6334 |
Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka Bug ID CSCuw01984. Published: October 15, 2015; 9:59:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-7838 |
ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors. Published: October 15, 2015; 4:59:08 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-6318 |
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 and X8.5.2 allows local users to write to arbitrary files via an unspecified symlink attack, aka Bug ID CSCuv11969. Published: October 12, 2015; 6:59:09 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2015-1047 |
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message. Published: October 12, 2015; 6:59:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1303 |
bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element. Published: October 11, 2015; 9:59:15 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-5235 |
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page. Published: October 09, 2015; 10:59:05 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5234 |
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks. Published: October 09, 2015; 10:59:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-1337 |
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response. Published: October 09, 2015; 10:59:00 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5883 |
The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence. Published: October 09, 2015; 1:59:19 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-5828 |
The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site. Published: October 09, 2015; 1:59:02 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5780 |
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors. Published: October 09, 2015; 1:59:01 AM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-6598 |
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. Published: October 06, 2015; 1:59:18 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2015-7686 |
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthesis characters that can be associated with nested comments. NOTE: the default configuration in 1.908 mitigates this vulnerability but misparses certain realistic comments. Published: October 05, 2015; 9:59:33 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-4992 |
IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors. Published: October 05, 2015; 9:59:15 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 3.5 LOW |
CVE-2014-9751 |
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address. Published: October 05, 2015; 9:59:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2014-9750 |
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field. Published: October 05, 2015; 9:59:00 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-6602 |
libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. Published: October 01, 2015; 10:59:04 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-3876 |
libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file. Published: October 01, 2015; 10:59:02 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-3837 |
The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603. Published: September 30, 2015; 8:59:21 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2015-7337 |
The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types. Published: September 29, 2015; 3:59:07 PM -0400 |
V4.0:(not available) V3.x:(not available) V2.0: 6.8 MEDIUM |