Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7402 | 1 Ibm | 1 Curam Social Program Management | 2016-01-06 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-4990 | 1 Ibm | 1 Tealeaf Customer Experience | 2016-01-06 | 1.9 LOW | 4.0 MEDIUM |
| The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows local users to discover credentials by leveraging privileges during an unspecified connection type. | |||||
| CVE-2015-5051 | 1 Ibm | 9 Maximo Asset Management, Maximo Asset Management Essentials, Maximo For Government and 6 more | 2016-01-06 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow remote authenticated users to bypass intended access restrictions on query results via unspecified vectors. | |||||
| CVE-2014-5040 | 1 Eucalyptus | 1 Eucalyptus | 2016-01-05 | 4.6 MEDIUM | 6.8 MEDIUM |
| HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key credentials by leveraging knowledge of a key ID or (2) signing certificates by leveraging knowledge of a certificate ID. | |||||
| CVE-2015-7416 | 2 Ibm, Microsoft | 2 I Access, Windows | 2016-01-05 | 2.1 LOW | 4.0 MEDIUM |
| AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file. | |||||
| CVE-2015-7415 | 1 Ibm | 1 Urbancode Deploy | 2016-01-05 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-5994 | 1 Mediabridge | 2 Medialink Mwn-wapr300n, Medialink Mwn-wapr300n Firmware | 2015-12-31 | 7.9 HIGH | 6.8 MEDIUM |
| The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session. | |||||
| CVE-2015-2918 | 1 Orientdb | 1 Orientdb | 2015-12-31 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2015-2913 | 1 Orientdb | 1 Orientdb | 2015-12-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| server/network/protocol/http/OHttpSessionManager.java in the Studio component in OrientDB Server Community Edition before 2.0.15 and 2.1.x before 2.1.1 improperly relies on the java.util.Random class for generation of random Session ID values, which makes it easier for remote attackers to predict a value by determining the internal state of the PRNG in this class. | |||||
| CVE-2015-2896 | 1 Idera | 1 Uptime Infrastructure Monitor | 2015-12-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| The up.time client in Idera Uptime Infrastructure Monitor through 7.6 allows remote attackers to obtain potentially sensitive version, OS, process, and event-log information via a command. | |||||
| CVE-2015-2894 | 1 Idera | 1 Uptime Infrastructure Monitor | 2015-12-31 | 5.0 MEDIUM | 5.3 MEDIUM |
| Format string vulnerability in the up.time client in Idera Uptime Infrastructure Monitor 6.0 and 7.2 allows remote attackers to cause a denial of service (application crash) via format string specifiers. | |||||
| CVE-2015-7794 | 1 Corega | 1 Cg-wlncm4g Firmware | 2015-12-30 | 5.0 MEDIUM | 5.8 MEDIUM |
| Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries. | |||||
| CVE-2015-7793 | 1 Corega | 1 Cg-wlbaragm Firmware | 2015-12-30 | 5.0 MEDIUM | 5.8 MEDIUM |
| Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors. | |||||
| CVE-2015-7786 | 1 Nttdata | 1 Web Analytics Service | 2015-12-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-7789 | 1 Asus | 2 Wl-330nul, Wl-33nul Firmware | 2015-12-30 | 3.3 LOW | 4.3 MEDIUM |
| ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors. | |||||
| CVE-2015-7787 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2015-12-30 | 3.3 LOW | 4.3 MEDIUM |
| ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors. | |||||
| CVE-2015-7784 | 1 Bokublock | 2 Bbadminviewscontrol, Bbadminviewscontrol213 | 2015-12-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-7782 | 1 Let\'s Php\! | 1 Frame High-speed Chat | 2015-12-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Let's PHP! Frame high-speed chat before 2015-09-22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-7790 | 1 Asus | 2 Wl-330nul, Wl-330nul Firmware | 2015-12-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-7783 | 1 Let\'s Php\! | 1 Pbbs | 2015-12-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-8254 | 1 Rsi Video Technologies | 1 Frontel Protocol | 2015-12-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Frontel protocol before 3 on RSI Video Technologies Videofied devices does not use integrity protection, which makes it easier for man-in-the-middle attackers to (1) initiate a false alarm or (2) deactivate an alarm by modifying the client-server data stream. | |||||
| CVE-2015-8252 | 1 Rsi Video Technologies | 1 Frontel Protocol | 2015-12-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Frontel protocol before 3 on RSI Video Technologies Videofied devices sends a cleartext serial number, which allows remote attackers to determine a hardcoded key by sniffing the network and performing a "jumbled up" calculation with this number. | |||||
| CVE-2015-6471 | 1 Eaton | 1 Proview | 2015-12-23 | 4.3 MEDIUM | 5.3 MEDIUM |
| Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 controls and Idea and IdeaPLUS relays does not properly initialize padding fields in Ethernet packets, which allows remote attackers to obtain sensitive information by reading packet data. | |||||