Search Results (Refine Search)
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-3202 |
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature. Published: July 02, 2015; 5:59:03 PM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2015-1916 |
Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider. Published: July 02, 2015; 5:59:02 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1914 |
IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to bypass "permission checks" and obtain sensitive information via vectors related to the Java Virtual Machine. Published: July 02, 2015; 5:59:01 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-0192 |
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via unknown vectors related to the Java Virtual Machine. Published: July 02, 2015; 5:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-5365 |
Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "What's going on?" profile field. Published: July 02, 2015; 10:59:03 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4238 |
The SNMP implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4(7) and 8.6(1.2) allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP requests during a time of high network traffic, aka Bug ID CSCul02601. Published: July 02, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-4228 |
Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad servers to cause a denial of service (reboot) via malformed ad messages, aka Bug ID CSCur13999. Published: July 02, 2015; 10:59:01 AM -0400 |
V3.x:(not available) V2.0: 5.4 MEDIUM |
CVE-2015-3443 |
Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7.x, and 8.8.x before 8.8.000005 allows remote authenticated users to inject arbitrary web script or HTML via a password entry, which is not properly handled when toggling the password mask. Published: July 02, 2015; 10:59:00 AM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-4233 |
SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037. Published: July 02, 2015; 6:59:00 AM -0400 |
V3.x:(not available) V2.0: 6.5 MEDIUM |
CVE-2015-5356 |
Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter. Published: July 01, 2015; 12:59:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5355 |
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php. Published: July 01, 2015; 12:59:02 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-5354 |
Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/login. Published: July 01, 2015; 12:59:01 PM -0400 |
V3.x:(not available) V2.0: 5.8 MEDIUM |
CVE-2015-5353 |
Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/. Published: July 01, 2015; 12:59:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-4696 |
Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command. Published: July 01, 2015; 10:59:13 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-4695 |
meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WMF file. Published: July 01, 2015; 10:59:12 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-4588 |
Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length count" in an image in a WMF file. Published: July 01, 2015; 10:59:10 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-3204 |
libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via an IKEv1 packet with (1) unassigned bits set in the IPSEC DOI value or (2) the next payload value set to ISAKMP_NEXT_SAK. Published: July 01, 2015; 10:59:08 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-3164 |
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. Published: July 01, 2015; 10:59:07 AM -0400 |
V3.x:(not available) V2.0: 3.6 LOW |
CVE-2015-2141 |
The InvertibleRWFunction::CalculateInverse function in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key operations for the Rabin-Williams digital signature algorithm, which allows remote attackers to obtain private keys via a timing attack. Published: July 01, 2015; 10:59:06 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-1330 |
unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors. Published: July 01, 2015; 10:59:04 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |