Total
347113 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10006 | 1 Ingnovarq Project | 1 Ingnovarq | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in admont28 Ingnovarq. Affected by this issue is some unknown functionality of the file app/controller/insertarSliderAjax.php. The manipulation of the argument imagetitle leads to cross site scripting. The attack may be launched remotely. The name of the patch is 9d18a39944d79dfedacd754a742df38f99d3c0e2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217172. | |||||
| CVE-2015-10005 | 1 Markdown-it Project | 1 Markdown-it | 2024-11-21 | N/A | 3.5 LOW |
| A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regular expression complexity. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 89c8620157d6e38f9872811620d25138fc9d1b0d. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216852. | |||||
| CVE-2015-10003 | 1 Filezilla-project | 1 Filezilla Server | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50. This affects an unknown part of the component PORT Handler. The manipulation leads to unintended intermediary. It is possible to initiate the attack remotely. Upgrading to version 0.9.51 is able to address this issue. It is recommended to upgrade the affected component. | |||||
| CVE-2015-10002 | 1 Kiddoware | 1 Kids Place | 2024-11-21 | 2.1 LOW | 5.3 MEDIUM |
| A vulnerability classified as problematic has been found in Kiddoware Kids Place. This affects the Home Button Protection. A repeated pressing of the button causes a local denial of service. It is recommended to upgrade the affected component. | |||||
| CVE-2015-10001 | 1 Wp-stats Project | 1 Wp-stats | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| The WP-Stats WordPress plugin before 2.52 does not have CSRF check when saving its settings, and did not escape some of them when outputting them, allowing attacker to make logged in high privilege users change them and set Cross-Site Scripting payloads | |||||
| CVE-2015-0949 | 2 Dell, Hp | 4 Latitude E6430, Latitude E6430 Firmware, Elitebook 850 G1 and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The System Management Mode (SMM) implementation in Dell Latitude E6430 BIOS Revision A09, HP EliteBook 850 G1 BIOS revision L71 Ver. 01.09, and possibly other BIOS implementations does not ensure that function calls operate on SMRAM memory locations, which allows local users to bypass the Secure Boot protection mechanism and gain privileges by leveraging write access to physical memory. | |||||
| CVE-2015-0897 | 1 Line | 1 Line | 2024-11-21 | N/A | 5.9 MEDIUM |
| LINE for Android version 5.0.2 and earlier and LINE for iOS version 5.0.0 and earlier are vulnerable to MITM (man-in-the-middle) attack since the application allows non-SSL/TLS communications. As a result, any API may be invoked from a script injected by a MITM (man-in-the-middle) attacker. | |||||
| CVE-2015-0841 | 1 Monopd Project | 1 Monopd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line. | |||||
| CVE-2015-0837 | 2 Debian, Gnupg | 3 Debian Linux, Gnupg, Libgcrypt | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during modular exponentiation, related to a "Last-Level Cache Side-Channel Attack." | |||||
| CVE-2015-0796 | 1 Opensuse | 1 Open Buildservice | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
| In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service. | |||||
| CVE-2015-0749 | 1 Cisco | 1 Unified Communications Manager | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on the affected software. The vulnerabilities is due to improper input validation of certain parameters passed to the affected software. An attacker could exploit this vulnerability by convincing a user to follow a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. | |||||
| CVE-2015-0565 | 1 Google | 1 Native Client | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible. | |||||
| CVE-2015-0558 | 1 Adbglobal | 2 P.dga4001n, P.dga4001n Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key. | |||||
| CVE-2015-0294 | 3 Debian, Gnu, Redhat | 3 Debian Linux, Gnutls, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | |||||
| CVE-2015-0270 | 1 Zend | 1 Framework | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. | |||||
| CVE-2015-0258 | 3 Canonical, Debian, O-dyn | 3 Ubuntu Linux, Debian Linux, Collabtive | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple incomplete blacklist vulnerabilities in the avatar upload functionality in manageuser.php in Collabtive before 2.1 allow remote authenticated users to execute arbitrary code by uploading a file with a (1) .php3, (2) .php4, (3) .php5, or (4) .phtml extension. | |||||
| CVE-2015-0244 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 does not properly handle errors while reading a protocol message, which allows remote attackers to conduct SQL injection attacks via crafted binary data in a parameter and causing an error, which triggers the loss of synchronization and part of the protocol message to be treated as a new message, as demonstrated by causing a timeout or query cancellation. | |||||
| CVE-2015-0243 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2015-0242 | 3 Debian, Microsoft, Postgresql | 3 Debian Linux, Windows, Postgresql | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. | |||||
| CVE-2015-0241 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric formatting template, which triggers a buffer over-read, or (2) crafted timestamp formatting template, which triggers a buffer overflow. | |||||