Total
308714 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3424 | 1 Accentis | 1 Content Resource Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 patch allows remote attackers to execute arbitrary SQL commands via the SIDX parameter. | |||||
| CVE-2015-3423 | 1 Netcracker | 1 Resource Management System | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) ctrl, (2) h____%2427, (3) h____%2439, (4) param0, (5) param1, (6) param2, (7) param3, (8) param4, (9) filter_INSERT_COUNT, (10) filter_MINOR_FALLOUT, (11) filter_UPDATE_COUNT, (12) sort, or (13) sessid parameter. | |||||
| CVE-2015-3406 | 2 Canonical, Module-signature Project | 2 Ubuntu Linux, Module-signature | 2024-11-21 | 6.4 MEDIUM | 7.5 HIGH |
| The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. | |||||
| CVE-2015-3309 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows remote attackers to read arbitrary files with permissions of the user running the service via a .. (dot dot) in the path parameter of HTTP API requests. NOTE: This vulnerability is due to an incomplete fix to CVE-2015-3297. | |||||
| CVE-2015-3298 | 1 Yubico | 1 Ykneo-openpgp | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powered up, a signature will be issued even though the PIN has not been validated. | |||||
| CVE-2015-3207 | 1 Openshift | 1 Origin | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes. | |||||
| CVE-2015-3173 | 1 Custom Content Type Manager Project | 1 Custom Content Type Manager | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution. | |||||
| CVE-2015-3172 | 1 Eidogo | 1 Eidogo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input. | |||||
| CVE-2015-3167 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 uses different error responses when an incorrect key is used, which makes it easier for attackers to obtain the key via a brute force attack. | |||||
| CVE-2015-3166 | 3 Canonical, Debian, Postgresql | 3 Ubuntu Linux, Debian Linux, Postgresql | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 does not properly handle system-call errors, which allows attackers to obtain sensitive information or have other unspecified impact via unknown vectors, as demonstrated by an out-of-memory error. | |||||
| CVE-2015-3159 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) does not properly handle the process environment before invoking abrt-action-install-debuginfo, which allows local users to gain privileges. | |||||
| CVE-2015-3154 | 1 Zend | 1 Zend Framework | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email. | |||||
| CVE-2015-3151 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to read, write to, or change ownership of arbitrary files via unspecified vectors to the (1) NewProblem, (2) GetInfo, (3) SetElement, or (4) DeleteElement method. | |||||
| CVE-2015-3150 | 1 Redhat | 1 Automatic Bug Reporting Tool | 2024-11-21 | 7.2 HIGH | 7.1 HIGH |
| abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownership of arbitrary files via the problem directory argument to the (1) ChownProblemDir, (2) DeleteElement, or (3) DeleteProblem method. | |||||
| CVE-2015-3147 | 1 Redhat | 7 Automatic Bug Reporting Tool, Enterprise Linux Desktop, Enterprise Linux Server and 4 more | 2024-11-21 | 4.9 MEDIUM | 6.5 MEDIUM |
| daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports from /var/spool/abrt-upload, allows local users to write to arbitrary files or possibly have other unspecified impact via a symlink attack on (1) /var/spool/abrt or (2) /var/tmp/abrt. | |||||
| CVE-2015-3140 | 1 Synametrics | 3 Synaman, Syncrify, Syntail | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567 | |||||
| CVE-2015-3006 | 1 Juniper | 3 Junos, Qfx3500, Qfx3600 | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates. Entropy increases after the system has been up and running for some time, but immediately after boot, the entropy is very low. This issue only affects the QFX3500 and QFX3600 switches. No other Juniper Networks products or platforms are affected by this weak entropy vulnerability. | |||||
| CVE-2015-2992 | 1 Apache | 1 Struts | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2015-2981 | 1 Yodobashi | 1 Yodobashi | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Yodobashi App for Android 1.2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2015-2968 | 1 Line | 1 Line\@ | 2024-11-21 | N/A | 5.9 MEDIUM |
| LINE@ for Android version 1.0.0 and LINE@ for iOS version 1.0.0 are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. | |||||