Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-9228 |
sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition. Published: September 20, 2015; 4:59:01 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2014-9227 |
Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. Published: September 20, 2015; 4:59:00 PM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2015-5637 |
The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. Published: September 20, 2015; 1:59:05 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5636 |
The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. Published: September 20, 2015; 1:59:04 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5635 |
The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. Published: September 20, 2015; 1:59:03 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5634 |
The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. Published: September 20, 2015; 1:59:02 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5633 |
The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. Published: September 20, 2015; 1:59:01 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-5632 |
The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors. Published: September 20, 2015; 1:59:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-6301 |
The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171. Published: September 20, 2015; 10:59:06 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-6300 |
Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. Published: September 20, 2015; 10:59:05 AM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-6299 |
SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug ID CSCuv63824. Published: September 20, 2015; 10:59:04 AM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2015-6295 |
Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560. Published: September 20, 2015; 10:59:03 AM -0400 |
V3.x:(not available) V2.0: 4.8 MEDIUM |
CVE-2015-6284 |
Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows remote attackers to cause a denial of service (device crash) via a crafted URL, aka Bug ID CSCuu28277. Published: September 20, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-5638 |
Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL. Published: September 20, 2015; 10:59:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-4307 |
The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111. Published: September 19, 2015; 9:59:04 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2015-4306 |
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334. Published: September 19, 2015; 9:59:03 PM -0400 |
V3.x:(not available) V2.0: 8.5 HIGH |
CVE-2015-4305 |
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656. Published: September 19, 2015; 9:59:01 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-4304 |
The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652. Published: September 19, 2015; 9:59:00 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2015-6932 |
VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Published: September 18, 2015; 6:59:09 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-6460 |
Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0. Published: September 18, 2015; 6:59:08 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |