Total
5442 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-0760 | 1 Cisco | 1 Adaptive Security Appliance Software | 2024-08-06 | N/A |
The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259. | ||||
CVE-2015-0721 | 1 Cisco | 56 Nexus 1000v For Microsoft Hyper-v, Nexus 1000v For Vmware Vsphere, Nexus 3016 and 53 more | 2024-08-06 | N/A |
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492. | ||||
CVE-2015-0713 | 1 Cisco | 10 Telepresence Advanced Media Gateway, Telepresence Ip Gateway, Telepresence Ip Vcr 1.0 Converter and 7 more | 2024-08-06 | N/A |
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855. | ||||
CVE-2015-0662 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-08-06 | N/A |
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to gain privileges via crafted IPC messages that trigger use of root privileges for a software-package installation, aka Bug ID CSCus79385. | ||||
CVE-2015-0611 | 1 Cisco | 3 Telepresence Ix5000, Telepresence Ix5200, Telepresence System Software Ix | 2024-08-06 | N/A |
The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to obtain HelpDesk-equivalent privileges by leveraging device-recovery authentication, aka Bug ID CSCus74174. | ||||
CVE-2015-0663 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-08-06 | N/A |
Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages, aka Bug ID CSCus79392. | ||||
CVE-2015-0682 | 1 Cisco | 1 Unified Communications Domain Manager | 2024-08-06 | N/A |
Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. | ||||
CVE-2015-0691 | 1 Cisco | 1 Secure Desktop | 2024-08-06 | N/A |
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. | ||||
CVE-2015-0692 | 1 Cisco | 1 Web Security Appliance | 2024-08-06 | N/A |
Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via crafted serialized objects, aka Bug ID CSCut39230. | ||||
CVE-2015-0603 | 1 Cisco | 3 Unified Ip Phone 9951, Unified Ip Phone 9971, Unified Ip Phones 9900 Series Firmware | 2024-08-06 | N/A |
Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing to a phone's filesystem, aka Bug ID CSCup90474. | ||||
CVE-2015-0605 | 1 Cisco | 2 Asyncos, Email Security Appliance Firmware | 2024-08-06 | N/A |
The uuencode inspection engine in Cisco AsyncOS on Cisco Email Security Appliance (ESA) devices 8.5 and earlier allows remote attackers to bypass intended content restrictions via a crafted e-mail attachment with uuencode encoding, aka Bug ID CSCzv54343. | ||||
CVE-2015-0554 | 1 Adb | 2 P.dga4001n, P.dga4001n Firmware | 2024-08-06 | N/A |
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. | ||||
CVE-2015-0518 | 1 Emc | 1 Documentum D2 | 2024-08-06 | N/A |
The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser privileges via an unspecified method call that modifies group permissions. | ||||
CVE-2015-0532 | 1 Emc | 1 Rsa Identity Management And Governance | 2024-08-06 | N/A |
EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account. | ||||
CVE-2015-0546 | 1 Emc | 1 Unified Infrastructure Manager\/provisioning | 2024-08-06 | N/A |
EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name. | ||||
CVE-2015-0528 | 1 Emc | 1 Isilon Onefs | 2024-08-06 | N/A |
The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, 7.1.0 before 7.1.0.6, 7.1.1 before 7.1.1.2, and 7.2.0 before 7.2.0.1 allows local users to gain privileges by leveraging an ability to modify system files. | ||||
CVE-2015-0337 | 5 Adobe, Apple, Linux and 2 more | 5 Flash Player, Mac Os X, Linux Kernel and 2 more | 2024-08-06 | N/A |
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | ||||
CVE-2015-0310 | 5 Adobe, Apple, Linux and 2 more | 5 Flash Player, Mac Os X, Linux Kernel and 2 more | 2024-08-06 | N/A |
Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. | ||||
CVE-2015-0296 | 2 Fedoraproject, Tug | 2 Fedora, Texlive | 2024-08-06 | N/A |
The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file in the user's home directory. | ||||
CVE-2015-0223 | 2 Apache, Redhat | 4 Qpid, Enterprise Mrg, Satellite and 1 more | 2024-08-06 | N/A |
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. |