Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0648 | 1 Cisco | 1 Ios | 2015-03-26 | 7.8 HIGH | N/A |
| Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658. | |||||
| CVE-2015-1388 | 1 Arubanetworks | 1 Arubaos | 2015-03-26 | 7.2 HIGH | N/A |
| The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2012-4398 | 1 Linux | 1 Linux Kernel | 2015-03-26 | 4.9 MEDIUM | N/A |
| The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. | |||||
| CVE-2013-2899 | 1 Linux | 1 Linux Kernel | 2015-03-26 | 4.7 MEDIUM | N/A |
| drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. | |||||
| CVE-2014-3181 | 1 Linux | 1 Linux Kernel | 2015-03-26 | 6.9 MEDIUM | N/A |
| Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. | |||||
| CVE-2015-2284 | 1 Solarwinds | 1 Firewall Security Manager | 2015-03-25 | 10.0 HIGH | N/A |
| userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling. | |||||
| CVE-2014-8925 | 1 Ibm | 1 Rational Clearquest | 2015-03-25 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in IBM Rational ClearQuest 7.1.x before 7.1.2.17, 8.0.0.x before 8.0.0.14, and 8.0.1.x before 8.0.1.7 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout or insert XSS sequences. | |||||
| CVE-2014-6134 | 1 Ibm | 2 Installation Manager, Rational Clearcase | 2015-03-25 | 1.2 LOW | N/A |
| IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, when Installation Manager before 1.8.2 is used, retains cleartext server passwords in process memory throughout the installation procedure, which might allow local users to obtain sensitive information by leveraging access to the installation account. | |||||
| CVE-2011-2727 | 1 Tribiq | 1 Tribiq Cms | 2015-03-25 | 4.3 MEDIUM | N/A |
| The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3) cmsincludes/cms_plugin_api_link.inc.php scripts in Tribal Tribiq CMS before 5.2.7c allow remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. | |||||
| CVE-2015-0159 | 2015-03-25 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3570. Reason: This candidate is a reservation duplicate of CVE-2014-3570. Notes: All CVE users should reference CVE-2014-3570 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2014-4634 | 1 Emc | 2 Appsync, Replication Manager | 2015-03-24 | 4.6 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in EMC Replication Manager through 5.5.2 and AppSync before 2.1.0 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | |||||
| CVE-2014-100003 | 1 Yourmembers Project | 1 Yourmembers | 2015-03-24 | 7.5 HIGH | N/A |
| SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI. | |||||
| CVE-2011-5308 | 1 Cdnvote Project | 1 Cdnvote | 2015-03-24 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter. | |||||
| CVE-2014-9194 | 1 Arbiter | 1 1094b Gps Substation Clock | 2015-03-24 | 7.8 HIGH | N/A |
| Arbiter 1094B GPS Substation Clock allows remote attackers to cause a denial of service (disruption) via crafted radio transmissions that spoof GPS satellite broadcasts. | |||||
| CVE-2015-0941 | 1 Inetc Project | 1 Inetc | 2015-03-24 | 4.3 MEDIUM | N/A |
| The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as used in CERT/CC Failure Observation Engine (FOE) and other products, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and possibly execute arbitrary code by sending a crafted certificate in a download session for Windows executable files. | |||||
| CVE-2015-0137 | 1 Ibm | 1 Powervc | 2015-03-24 | 4.3 MEDIUM | N/A |
| IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 validates Hardware Management Console (HMC) certificates only during the pre-login stage, which allows man-in-the-middle attackers to spoof devices via a crafted certificate. | |||||
| CVE-2015-0105 | 1 Ibm | 1 Business Process Manager | 2015-03-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-0106 | 1 Ibm | 2 Business Process Manager, Websphere Application Server | 2015-03-24 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 and WebSphere Lombardi Edition (WLE) 7.2.x through 7.2.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-0103 | 1 Ibm | 1 Business Process Manager | 2015-03-24 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Process Portal in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 through 8.5.5.0 allow remote authenticated users to inject arbitrary web script or HTML via unspecified data fields. | |||||
| CVE-2015-0136 | 1 Ibm | 1 Powervc | 2015-03-24 | 2.1 LOW | N/A |
| powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sensitive information by listing the process. | |||||
| CVE-2015-0880 | 1 Crear.ne.jp | 1 Al-mail32 | 2015-03-24 | 6.8 MEDIUM | N/A |
| Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of an attachment. | |||||
| CVE-2014-3682 | 1 Redhat | 1 Jbpm-designer | 2015-03-24 | 7.5 HIGH | N/A |
| XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read arbitrary files and possibly have other unspecified impact by importing a crafted BPMN2 file. | |||||
| CVE-2014-8172 | 1 Linux | 1 Linux Kernel | 2015-03-24 | 4.9 MEDIUM | N/A |
| The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows local users to cause a denial of service (soft lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations. | |||||
| CVE-2014-8115 | 1 Redhat | 1 Kie Workbench | 2015-03-23 | 6.5 MEDIUM | N/A |
| The default authorization constrains in KIE Workbench 6.0.x allows remote authenticated users to read or write to arbitrary files, bypass intended access restrictions, and possibly have other unspecified impact via unknown vectors. | |||||
| CVE-2015-0891 | 1 Maroyaka Simple Board Project | 1 Maroyaka Simple Board | 2015-03-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Simple Board allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-0893 | 1 Maroyaka Relay Novel Project | 1 Maroyaka Relay Novel | 2015-03-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Relay Novel allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-0892 | 1 Maroyaka Image Album Project | 1 Maroyaka Image Album | 2015-03-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka Image Album allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2563 | 1 Vastal | 1 Phpvid | 2015-03-23 | 7.5 HIGH | N/A |
| SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector is already covered by CVE-2008-4157. | |||||
| CVE-2015-0671 | 1 Cisco | 1 Videoscape Delivery System For Internet Streamer | 2015-03-20 | 5.0 MEDIUM | N/A |
| The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consumption) via crafted packets, aka Bug ID CSCun15911. | |||||
| CVE-2015-0896 | 1 Extplorer | 1 Extplorer | 2015-03-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-6131 | 1 Ibm | 5 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Quality Manager and 2 more | 2015-03-18 | 4.0 MEDIUM | N/A |
| IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to read the dashboards of arbitrary users via unspecified vectors. | |||||
| CVE-2012-4046 | 1 D-link | 2 Dcs-932l, Dcs-932l Firmware | 2015-03-18 | 3.3 LOW | N/A |
| The D-Link DCS-932L camera with firmware 1.02 allows remote attackers to discover the password via a UDP broadcast packet, as demonstrated by running the D-Link Setup Wizard and reading the _paramR["P"] value. | |||||
| CVE-2015-0132 | 1 Ibm | 2 Rational Doors Next Generation, Rational Requirements Composer | 2015-03-18 | 7.8 HIGH | N/A |
| The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. | |||||
| CVE-2015-2293 | 1 Yoast | 1 Wordpress Seo | 2015-03-18 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote attackers to hijack the authentication of certain users for requests that conduct SQL injection attacks via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page. | |||||
| CVE-2014-6129 | 1 Ibm | 5 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Quality Manager and 2 more | 2015-03-18 | 5.5 MEDIUM | N/A |
| IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative Lifecycle Management 3.x and 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Quality Manager 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational Team Concert 2.x and 3.x before 3.0.1.6 iFix5, 4.x before 4.0.7 iFix4, and 5.x before 5.0.2 iFix2; Rational DOORS Next Generation 4.x before 4.0.7 iFix4 and 5.x before 5.0.2 iFix2; Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5; and other products, allows remote authenticated users to delete the dashboards of arbitrary users via unspecified vectors. | |||||
| CVE-2015-0149 | 1 Ibm | 1 Api Management | 2015-03-18 | 5.5 MEDIUM | N/A |
| The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information or modify data via unspecified API calls. | |||||
| CVE-2015-0178 | 1 Ibm | 2 Bluemix, Liberty | 2015-03-18 | 4.3 MEDIUM | N/A |
| The Java overlay feature in IBM Bluemix Liberty before 1.13-20150209-1122 for Java does not properly support WAR applications, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-0146 | 1 Ibm | 1 Content Collector | 2015-03-18 | 2.1 LOW | N/A |
| IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileNet P8 systems with IBM Content Search Services, which allows local users to bypass intended document-access restrictions and obtain sensitive information via a crafted search query. | |||||
| CVE-2014-3631 | 1 Linux | 1 Linux Kernel | 2015-03-18 | 7.2 HIGH | N/A |
| The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple "keyctl newring" operations followed by a "keyctl timeout" operation. | |||||
| CVE-2014-3645 | 1 Linux | 1 Linux Kernel | 2015-03-18 | 2.1 LOW | N/A |
| arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.12 does not have an exit handler for the INVEPT instruction, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. | |||||
| CVE-2014-3065 | 1 Ibm | 1 Java | 2015-03-18 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 before SR2 (7.1.2.0), 7 before SR8 (7.0.8.0), 6 R1 before SR8 FP2 (6.1.8.2), 6 before SR16 FP2 (6.0.16.2), and before SR16 FP8 (5.0.16.8) allows local users to execute arbitrary code via vectors related to the shared classes cache. | |||||
| CVE-2011-2406 | 1 Hp | 1 Openview Performance Insight | 2015-03-18 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4483 | 1 Linux | 1 Linux Kernel | 2015-03-18 | 4.9 MEDIUM | N/A |
| The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. | |||||
| CVE-2014-9426 | 1 Php | 1 Php | 2015-03-17 | 7.5 HIGH | N/A |
| ** DISPUTED ** The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attackers to cause a denial of service (memory corruption or application crash) or possibly have unspecified other impact via unknown vectors. NOTE: this is disputed by the vendor because the standard erealloc behavior makes the free operation unreachable. | |||||
| CVE-2015-0980 | 1 Scadaengine | 1 Bacnet Opc Server | 2015-03-16 | 9.0 HIGH | N/A |
| Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request. | |||||
| CVE-2015-0981 | 1 Scadaengine | 1 Bacnet Opc Server | 2015-03-16 | 7.5 HIGH | N/A |
| The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors. | |||||
| CVE-2015-0979 | 1 Scadaengine | 1 Bacnet Opc Server | 2015-03-16 | 9.0 HIGH | N/A |
| Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2015-0978 | 1 Elipse | 1 E3 | 2015-03-16 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse E3 4.5.232 through 4.6.161 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory. NOTE: this may overlap CVE-2015-2264. | |||||
| CVE-2014-5409 | 1 Ge | 1 Hydran M2 | 2015-03-16 | 5.0 MEDIUM | N/A |
| The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE Digital Energy Hydran M2 does not properly generate random values for TCP Initial Sequence Numbers (ISNs), which makes it easier for remote attackers to spoof packets by predicting these values. | |||||
| CVE-2015-2264 | 1 Telerik | 1 Analytics Monitor Library | 2015-03-13 | 6.9 MEDIUM | N/A |
| Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Telerik Analytics Monitor Library before 3.2.125 allow local users to gain privileges via a Trojan horse (a) csunsapi.dll, (b) swift.dll, (c) nfhwcrhk.dll, or (d) surewarehook.dll file in an unspecified directory. | |||||