Total
416 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2014-3150 | 1 Orange | 2 Livebox 1.1, Livebox 1.1 Firmware | 2024-08-06 | N/A |
Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. | ||||
CVE-2014-2224 | 1 Plogger | 1 Plogger | 2024-08-06 | N/A |
Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a series of form submissions. | ||||
CVE-2015-9331 | 1 Soflyy | 1 Wp All Import | 2024-08-06 | N/A |
The wp-all-import plugin before 3.2.4 for WordPress has no prevention of unauthenticated requests to adminInit. | ||||
CVE-2015-9318 | 1 Getawesomesupport | 1 Awesome Support | 2024-08-06 | N/A |
The awesome-support plugin before 3.1.7 for WordPress has a security issue in which shortcodes are allowed in replies. | ||||
CVE-2015-8986 | 1 Mcafee | 1 Advanced Threat Defense | 2024-08-06 | N/A |
Sandbox detection evasion vulnerability in hardware appliances in McAfee (now Intel Security) Advanced Threat Defense (MATD) 3.4.2.32 and earlier allows attackers to detect the sandbox environment, then bypass proper malware detection resulting in failure to detect a malware file (false-negative) via specially crafted malware. | ||||
CVE-2015-8990 | 1 Mcafee | 1 Advanced Threat Defense | 2024-08-06 | N/A |
Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware. | ||||
CVE-2015-8914 | 2 Openstack, Redhat | 2 Neutron, Openstack | 2024-08-06 | N/A |
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a link-local source address. | ||||
CVE-2015-8857 | 1 Uglifyjs Project | 1 Uglifyjs | 2024-08-06 | 9.8 Critical |
The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript. | ||||
CVE-2015-8801 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-06 | N/A |
Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device. | ||||
CVE-2015-8803 | 4 Canonical, Nettle Project, Opensuse and 1 more | 5 Ubuntu Linux, Nettle, Leap and 2 more | 2024-08-06 | N/A |
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors, a different vulnerability than CVE-2015-8805. | ||||
CVE-2015-8804 | 4 Canonical, Nettle Project, Opensuse and 1 more | 5 Ubuntu Linux, Nettle, Leap and 2 more | 2024-08-06 | N/A |
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to have unspecified impact via unknown vectors. | ||||
CVE-2015-8777 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2024-08-06 | N/A |
The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. | ||||
CVE-2015-8615 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to cause a denial of service via a large number of changes to the callback method (HVM_PARAM_CALLBACK_IRQ). | ||||
CVE-2015-8400 | 2 Fedoraproject, Shellinabox Project | 2 Fedora, Shellinabox | 2024-08-06 | N/A |
The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. | ||||
CVE-2015-8368 | 1 Ntop | 1 Ntopng | 2024-08-06 | N/A |
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua. | ||||
CVE-2015-8338 | 1 Xen | 1 Xen | 2024-08-06 | N/A |
Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_memory_op suboperations, which allows ARM guest OS administrators to cause a denial of service (CPU consumption, guest reboot, or watchdog timeout and host reboot) and possibly have unspecified other impact via unknown vectors. | ||||
CVE-2015-8286 | 1 Zhuhai | 1 Raysharp Firmware | 2024-08-06 | N/A |
Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000. | ||||
CVE-2015-8108 | 1 Lenovo | 11 Emc Ez Media \& Backup \(hm3\), Emc Firmware, Emc Ix2\/ix2-dl and 8 more | 2024-08-06 | N/A |
The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.1.204.33661 allows remote attackers to obtain sensitive device information via unspecified vectors. | ||||
CVE-2015-7973 | 5 Canonical, Freebsd, Netapp and 2 more | 9 Ubuntu Linux, Freebsd, Clustered Data Ontap and 6 more | 2024-08-06 | 6.5 Medium |
NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | ||||
CVE-2015-7976 | 4 Novell, Ntp, Opensuse and 1 more | 10 Suse Openstack Cloud, Ntp, Leap and 7 more | 2024-08-06 | N/A |
The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a crafted filename. |