Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-2140 |
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Published: August 26, 2015; 10:59:01 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2015-2139 |
HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403. Published: August 26, 2015; 10:59:00 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-4173 |
Unquoted Windows search path vulnerability in the autorun value in Dell SonicWall NetExtender before 7.5.227 and 8.0.x before 8.0.238, as used in the SRA firmware before 7.5.1.2-40sv and 8.x before 8.0.0.3-23sv, allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. Published: August 26, 2015; 3:59:06 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2015-4037 |
The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. Published: August 26, 2015; 3:59:05 PM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2015-3239 |
Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. Published: August 26, 2015; 3:59:04 PM -0400 |
V3.x:(not available) V2.0: 3.3 LOW |
CVE-2015-3221 |
OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) by adding an address pair that is rejected by the ipset tool. Published: August 26, 2015; 3:59:03 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-3158 |
The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in PicketLink before 2.8.0.Beta1 does not properly check role based authorization, which allows remote authenticated users to gain access to restricted application resources via a (1) direct request or (2) request through an SP initiated flow. Published: August 26, 2015; 3:59:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2013-7424 |
The getaddrinfo function in glibc before 2.15, when compiled with libidn and the AI_IDN flag is used, allows context-dependent attackers to cause a denial of service (invalid free) and possibly execute arbitrary code via unspecified vectors, as demonstrated by an internationalized domain name to ping6. Published: August 26, 2015; 3:59:00 PM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2015-5413 |
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors. Published: August 26, 2015; 2:59:05 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-5412 |
Cross-site request forgery (CSRF) vulnerability in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. Published: August 26, 2015; 2:59:04 PM -0400 |
V3.x:(not available) V2.0: 6.0 MEDIUM |
CVE-2015-5411 |
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors. Published: August 26, 2015; 2:59:02 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5410 |
HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors. Published: August 26, 2015; 2:59:01 PM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2015-5409 |
Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. Published: August 26, 2015; 2:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-6261 |
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531. Published: August 26, 2015; 10:59:00 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-5949 |
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers. Published: August 25, 2015; 1:59:05 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5161 |
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters. Published: August 25, 2015; 1:59:03 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-4020 |
RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900. Published: August 25, 2015; 1:59:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2012-2150 |
xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. Published: August 25, 2015; 1:59:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-6262 |
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. Published: August 24, 2015; 9:59:10 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5786 |
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785. Published: August 24, 2015; 9:59:09 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |