Total
309091 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9544 | 1 Cross Domain Local Storage Project | 1 Cross Domain Local Storage | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in xdLocalStorage through 2.0.5. The receiveMessage() function in xdLocalStoragePostMessageApi.js does not implement any validation of the origin of web messages. Remote attackers who can entice a user to load a malicious site can exploit this issue to impact the confidentiality and integrity of data in the local storage of the vulnerable site via malicious web messages. | |||||
| CVE-2015-9543 | 1 Openstack | 1 Nova | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs may obtain tokens used for console access. All Nova setups using novncproxy are affected. This is related to NovaProxyRequestHandlerBase.new_websocket_client in console/websocketproxy.py. | |||||
| CVE-2015-9542 | 3 Canonical, Debian, Freeradius | 3 Ubuntu Linux, Debian Linux, Pam Radius | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could send a crafted password to an application (loading the pam_radius library) and crash it. Arbitrary code execution might be possible, depending on the application, C library, compiler, and other factors. | |||||
| CVE-2015-9541 | 2 Fedoraproject, Qt | 2 Fedora, Qt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Qt through 5.14 allows an exponential XML entity expansion attack via a crafted SVG document that is mishandled in QXmlStreamReader, a related issue to CVE-2003-1564. | |||||
| CVE-2015-9540 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Chamilo LMS through 1.9.10.2 allows a link_goto.php?link_url= open redirect, a related issue to CVE-2015-5503. | |||||
| CVE-2015-9539 | 1 Fast Secure Contact Form Project | 1 Fast Secure Contact Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS. | |||||
| CVE-2015-9538 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The NextGEN Gallery plugin before 2.1.15 for WordPress allows ../ Directory Traversal in path selection. | |||||
| CVE-2015-9537 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. | |||||
| CVE-2015-9504 | 1 Weeklynews Theme Project | 1 Weeklynews Theme | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. | |||||
| CVE-2015-9503 | 1 Webmandesign | 1 Modern Theme | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier. | |||||
| CVE-2015-9502 | 1 Webmandesign | 1 Auberge Theme | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier. | |||||
| CVE-2015-9501 | 1 Artificial Intelligence Project | 1 Artificial Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root. | |||||
| CVE-2015-9500 | 1 Exquisite Ultimate Newspaper Project | 1 Exquisite Ultimate Newspaper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js. | |||||
| CVE-2015-9499 | 1 Themepunch | 1 Showbiz Pro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Showbiz Pro plugin through 1.7.1 for WordPress has PHP code execution by uploading a .php file within a ZIP archive. | |||||
| CVE-2015-9498 | 1 Wpserveur | 1 Wps Hide Login | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The wps-hide-login plugin before 1.1 for WordPress has CSRF that affects saving an option value. | |||||
| CVE-2015-9497 | 1 Ad Inserter Project | 1 Ad Inserter | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The ad-inserter plugin before 1.5.3 for WordPress has CSRF with resultant XSS via wp-admin/options-general.php?page=ad-inserter.php. | |||||
| CVE-2015-9496 | 1 Freshmail | 1 Freshmail-newsletter | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring. | |||||
| CVE-2015-9495 | 1 Syndication Links Project | 1 Syndication Links | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. | |||||
| CVE-2015-9494 | 1 Indieweb Post Kinds Project | 1 Indieweb Post Kinds | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier. | |||||
| CVE-2015-9493 | 1 Nlb-creationst | 1 My Wish List | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues. | |||||