Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1268 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
| bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL. | ||||
| CVE-2015-1158 | 2 Cups, Redhat | 2 Cups, Enterprise Linux | 2024-08-06 | N/A |
| The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. | ||||
| CVE-2015-1130 | 1 Apple | 1 Mac Os X | 2024-08-06 | N/A |
| The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. | ||||
| CVE-2015-0943 | 1 Basware | 1 Banking | 2024-08-06 | N/A |
| Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user credentials, and other sensitive information by sniffing the network or modify this traffic by inserting packets into the client-server data stream. | ||||
| CVE-2015-0994 | 1 Inductiveautomation | 1 Ignition | 2024-08-06 | N/A |
| Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. | ||||
| CVE-2015-0993 | 1 Inductiveautomation | 1 Ignition | 2024-08-06 | N/A |
| Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | ||||
| CVE-2015-0832 | 3 Canonical, Mozilla, Opensuse | 3 Ubuntu Linux, Firefox, Opensuse | 2024-08-06 | N/A |
| Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and HSTS protection mechanisms by constructing a URL with this character and leveraging access to an X.509 certificate for a domain with this character. | ||||
| CVE-2015-0746 | 1 Cisco | 1 Secure Access Control Server | 2024-08-06 | N/A |
| The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. | ||||
| CVE-2015-0599 | 1 Cisco | 1 Unified Computing System | 2024-08-06 | N/A |
| The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138. | ||||
| CVE-2015-0201 | 2 Pivotal Software, Vmware | 2 Spring Framework, Spring Framework | 2024-08-06 | N/A |
| The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 generates predictable session ids, which allows remote attackers to send messages to other sessions via unspecified vectors. | ||||
| CVE-2015-0233 | 1 Fedoraproject | 1 389 Administration Server | 2024-08-06 | N/A |
| Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. | ||||
| CVE-2015-0127 | 1 Ibm | 1 Leads | 2024-08-06 | N/A |
| IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 does not properly restrict use of FRAME elements, which allows remote authenticated users to conduct phishing attacks via a crafted web site. | ||||
| CVE-2015-0084 | 1 Microsoft | 7 Windows 7, Windows 8, Windows 8.1 and 4 more | 2024-08-06 | N/A |
| The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to bypass intended restrictions on launching executable files via a crafted task, aka "Task Scheduler Security Feature Bypass Vulnerability." | ||||
| CVE-2015-0009 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2024-08-06 | N/A |
| The Group Policy Security Configuration policy implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows man-in-the-middle attackers to disable a signing requirement and trigger a revert-to-default action by spoofing domain-controller responses, aka "Group Policy Security Feature Bypass Vulnerability." | ||||
| CVE-2015-0005 | 1 Microsoft | 3 Windows 2003 Server, Windows Server 2008, Windows Server 2012 | 2024-08-06 | N/A |
| The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2, when a Domain Controller is configured, allows remote attackers to spoof the computer name of a secure channel's endpoint, and obtain sensitive session information, by running a crafted application and leveraging the ability to sniff network traffic, aka "NETLOGON Spoofing Vulnerability." | ||||
| CVE-2016-1000009 | 1 Tp-link | 1 Tp-link | 2024-08-06 | N/A |
| TP-LINK lost control of two domains, www.tplinklogin.net and tplinkextender.net. Please note that these domains are physically printed on many of the devices. | ||||
| CVE-2016-10932 | 2 Hyper, Microsoft | 2 Hyper, Windows | 2024-08-06 | N/A |
| An issue was discovered in the hyper crate before 0.9.4 for Rust on Windows. There is an HTTPS man-in-the-middle vulnerability because hostname verification was omitted. | ||||
| CVE-2016-10933 | 1 Portaudio Project | 1 Portaudio | 2024-08-06 | N/A |
| An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP. | ||||
| CVE-2016-10894 | 2 Debian, Xtrlock Project | 2 Debian Linux, Xtrlock | 2024-08-06 | 4.6 Medium |
| xtrlock through 2.10 does not block multitouch events. Consequently, an attacker at a locked screen can send input to (and thus control) various programs such as Chromium via events such as pan scrolling, "pinch and zoom" gestures, or even regular mouse clicks (by depressing the touchpad once and then clicking with a different finger). | ||||
| CVE-2016-10772 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
| cPanel before 60.0.25 does not enforce feature-list restrictions when calling the multilang adminbin (SEC-168). | ||||