Total
308638 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1390 | 1 Hp | 1 Airwave | 2024-11-21 | N/A | 6.1 MEDIUM |
| Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator. | |||||
| CVE-2015-1343 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 5.0 MEDIUM | 2.0 LOW |
| All versions of unity-scope-gdrive logs search terms to syslog. | |||||
| CVE-2015-1341 | 1 Canonical | 2 Apport, Ubuntu Linux | 2024-11-21 | 7.2 HIGH | 7.4 HIGH |
| Any Python module in sys.path can be imported if the command line of the process triggering the coredump is Python and the first argument is -m in Apport before 2.19.2 function _python_module_path. | |||||
| CVE-2015-1340 | 1 Linuxcontainers | 1 Lxd | 2024-11-21 | 6.8 MEDIUM | 7.0 HIGH |
| LXD before version 0.19-0ubuntu5 doUidshiftIntoContainer() has an unsafe Chmod() call that races against the stat in the Filepath.Walk() function. A symbolic link created in that window could cause any file on the system to have any mode of the attacker's choice. | |||||
| CVE-2015-1327 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 4.3 MEDIUM | 3.9 LOW |
| Content Hub before version 0.0+15.04.20150331-0ubuntu1.0 DBUS API only requires a file path for a content item, it doesn't actually require the confined app have access to the file to create a transfer. This could allow a malicious application using the DBUS API to export file:///etc/passwd which would then send a copy of that file to another app. | |||||
| CVE-2015-1326 | 1 Python-dbusmock Project | 1 Python-dbusmock | 2024-11-21 | 9.3 HIGH | 5.7 MEDIUM |
| python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file. | |||||
| CVE-2015-1320 | 1 Canonical | 1 Metal As A Service | 2024-11-21 | 5.0 MEDIUM | 5.5 MEDIUM |
| The SeaMicro provisioning of Ubuntu MAAS logs credentials, including username and password, for the management interface. This issue affects Ubuntu MAAS versions prior to 1.9.2. | |||||
| CVE-2015-1316 | 1 Canonical | 1 Juju | 2024-11-21 | 5.0 MEDIUM | 6.4 MEDIUM |
| Juju Core's Joyent provider before version 1.25.5 uploads the user's private ssh key. | |||||
| CVE-2015-1313 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | N/A | 6.5 MEDIUM |
| JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. | |||||
| CVE-2015-1290 | 3 Google, Opensuse, Qt | 3 Chrome, Leap, Qt | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site. | |||||
| CVE-2015-1208 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 file. | |||||
| CVE-2015-1014 | 1 Schneider-electric | 3 Citectscada, Opc Factory Server, Scada Expert Vijeo Citect | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in the system directory on servers running Schneider Electric OFS v3.5 with version v7.40 of SCADA Expert Vijeo Citect/CitectSCADA, OFS v3.5 with version v7.30 of Vijeo Citect/CitectSCADA, and OFS v3.5 with version v7.20 of Vijeo Citect/CitectSCADA.. If the application attempts to open that file, the application could crash or allow the attacker to execute arbitrary code. Schneider Electric recommends vulnerable users upgrade the OFS to V3.5 and install the latest service pack (SP 6 or newer) for their associated version. | |||||
| CVE-2015-1012 | 1 Pfizer | 2 Lifecare Pca Infusion System, Lifecare Pca Infusion System Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. According to Hospira, version 3 of the LifeCare PCA Infusion System is not indicated for wireless use, is not shipped with wireless capabilities, and should not be modified to be used in a wireless capacity in a clinical setting. Hospira has developed a new version of the PCS Infusion System, version 7.0 that addresses the identified vulnerabilities. Version 7.0 has Port 20/FTP and Port 23/TELNET closed by default to prevent unauthorized access. | |||||
| CVE-2015-1007 | 1 Opto22 | 4 Optodatalink, Optoopcserver, Pac Display and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible. | |||||
| CVE-2015-1006 | 1 Opto22 | 4 Optodatalink, Optoopcserver, Pac Display and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible. | |||||
| CVE-2015-1142857 | 3 Dpdk, Intel, Linux | 13 Dpdk, 82576, 82576 Firmware and 10 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected. | |||||
| CVE-2015-10132 | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.8.6.6 is able to address this issue. The name of the patch is a9b9afc641854698e80aa5dd9ababfc8e0e57d69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-261676. | |||||
| CVE-2015-10131 | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 594c953a345f79e26003772093b0caafc14b92c2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258620. | |||||
| CVE-2015-10129 | 1 Samwilson | 1 Planet-freo | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in planet-freo up to 20150116 and classified as problematic. Affected by this issue is some unknown functionality of the file admin/inc/auth.inc.php. The manipulation of the argument auth leads to incorrect comparison. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 6ad38c58a45642eb8c7844e2f272ef199f59550d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-252716. | |||||
| CVE-2015-10128 | 1 Royaltechbd | 1 Royal Prettyphoto | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability was found in rt-prettyphoto Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is the function royal_prettyphoto_plugin_links of the file rt-prettyphoto.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.3 is able to address this issue. The patch is identified as 0d3d38cfa487481b66869e4212df1cefc281ecb7. It is recommended to upgrade the affected component. VDB-249422 is the identifier assigned to this vulnerability. | |||||