Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9228 | 1 Symantec | 1 Endpoint Protection | 2017-09-23 | 4.9 MEDIUM | N/A |
| sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition. | |||||
| CVE-2014-9229 | 1 Symantec | 1 Endpoint Protection | 2017-09-23 | 6.5 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role. | |||||
| CVE-2015-0173 | 1 Ibm | 1 Websphere Mq Internet Pass Thru | 2017-09-23 | 4.3 MEDIUM | N/A |
| The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easier for remote attackers to bypass intended restrictions on MQ message data by predicting an ID value. | |||||
| CVE-2015-0526 | 1 Emc | 1 Rsa Validation Manager | 2017-09-23 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter. | |||||
| CVE-2015-0546 | 1 Emc | 1 Unified Infrastructure Manager\/provisioning | 2017-09-23 | 10.0 HIGH | N/A |
| EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name. | |||||
| CVE-2015-0549 | 1 Emc | 1 Documentum D2 | 2017-09-23 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-0550 | 1 Emc | 1 Documentum Thumbnail Server | 2017-09-23 | 8.5 HIGH | N/A |
| Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors. | |||||
| CVE-2015-1158 | 1 Cups | 1 Cups | 2017-09-23 | 10.0 HIGH | N/A |
| The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. | |||||
| CVE-2015-1159 | 1 Cups | 1 Cups | 2017-09-23 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. | |||||
| CVE-2014-0578 | 4 Adobe, Apple, Linux and 1 more | 7 Air, Air Sdk, Air Sdk \& Compiler and 4 more | 2017-09-22 | 5.0 MEDIUM | N/A |
| Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-3115, CVE-2015-3116, CVE-2015-3125, and CVE-2015-5116. | |||||
| CVE-2014-0611 | 1 Novell | 1 Groupwise | 2017-09-22 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in Novell GroupWise 2012 before Support Pack 4 and 2014 before Support Pack 2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-1569 | 1 Mozilla | 1 Network Security Services | 2017-09-22 | 7.5 HIGH | N/A |
| The definite_length_decoder function in lib/util/quickder.c in Mozilla Network Security Services (NSS) before 3.16.2.4 and 3.17.x before 3.17.3 does not ensure that the DER encoding of an ASN.1 length is properly formed, which allows remote attackers to conduct data-smuggling attacks by using a long byte sequence for an encoding, as demonstrated by the SEC_QuickDERDecodeItem function's improper handling of an arbitrary-length encoding of 0x00. | |||||
| CVE-2014-8910 | 1 Ibm | 1 Db2 | 2017-09-22 | 4.0 MEDIUM | N/A |
| IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT function in a SELECT statement. | |||||
| CVE-2014-9230 | 1 Symantec | 1 Data Loss Prevention | 2017-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-0157 | 1 Ibm | 1 Db2 | 2017-09-22 | 6.8 MEDIUM | N/A |
| IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveraging an unspecified scalar function in a SQL statement. | |||||
| CVE-2015-0467 | 1 Oracle | 1 Peoplesoft Products | 2017-09-22 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors related to Security. | |||||
| CVE-2015-0468 | 1 Oracle | 1 Database Server | 2017-09-22 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2015-0725 | 1 Cisco | 2 Videoscape Distribution Suite For Internet Streaming, Videoscape Distribution Suite Service Broker | 2017-09-22 | 7.8 HIGH | N/A |
| Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when a VDSM configuration on UCS is used, and Videoscape Distribution Suite for Internet Streaming (aka VDS-IS or CDS-IS) before 3.3.1 R7 and 4.x before 4.0.0 R4 allow remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka Bug IDs CSCus79834 and CSCuu63409. | |||||
| CVE-2015-1330 | 2 Canonical, Debian | 2 Ubuntu Linux, Unattended-upgrades | 2017-09-22 | 6.8 MEDIUM | N/A |
| unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors. | |||||
| CVE-2015-1485 | 1 Symantec | 1 Data Loss Prevention | 2017-09-22 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators. | |||||
| CVE-2015-1831 | 1 Apache | 1 Struts | 2017-09-22 | 7.5 HIGH | N/A |
| The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors. | |||||
| CVE-2015-1883 | 1 Ibm | 1 Db2 | 2017-09-22 | 4.0 MEDIUM | N/A |
| IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure. | |||||
| CVE-2015-1887 | 1 Ibm | 1 Websphere Portal | 2017-09-22 | 5.0 MEDIUM | N/A |
| IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a crafted request. | |||||
| CVE-2015-1917 | 1 Ibm | 1 Websphere Portal | 2017-09-22 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-1926 | 1 Oracle | 2 E-business Suite, Fusion Middleware | 2017-09-22 | 5.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 and 11.1.1.9.0, and the Oracle Applications Framework component in Oracle E-Business Suite 12.2.3 and 12.2.4, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Portal. | |||||
| CVE-2015-1944 | 1 Ibm | 1 Websphere Portal | 2017-09-22 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-1961 | 1 Ibm | 1 Business Process Manager | 2017-09-22 | 9.0 HIGH | N/A |
| The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call. | |||||
| CVE-2015-2580 | 1 Oracle | 1 Solaris | 2017-09-22 | 1.9 LOW | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4. | |||||
| CVE-2015-2584 | 1 Oracle | 1 Hyperion | 2017-09-22 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-2592. | |||||
| CVE-2015-2585 | 1 Oracle | 1 Database Server | 2017-09-22 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0 allows remote authenticated users to affect availability via unknown vectors. | |||||
| CVE-2015-2586 | 1 Oracle | 1 Database Server | 2017-09-22 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect availability via unknown vectors. | |||||
| CVE-2015-2587 | 1 Oracle | 1 Siebel Crm | 2017-09-22 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 allows remote attackers to affect integrity via vectors related to SWSE Server Infrastructure. | |||||
| CVE-2015-2588 | 1 Oracle | 1 Peoplesoft Products | 2017-09-22 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect integrity via vectors related to PIA Core Technology. | |||||
| CVE-2015-2589 | 1 Oracle | 1 Solaris | 2017-09-22 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone. | |||||
| CVE-2015-2592 | 1 Oracle | 1 Hyperion | 2017-09-22 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-2584. | |||||
| CVE-2015-2595 | 1 Oracle | 1 Database Server | 2017-09-22 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2015-2599 | 1 Oracle | 1 Database Server | 2017-09-22 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the RDBMS Scheduler component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2015-2600 | 1 Oracle | 1 Siebel Crm | 2017-09-22 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Siebel Core - Server OM Svcs component in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | |||||
| CVE-2015-2609 | 1 Oracle | 1 Solaris | 2017-09-22 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performance counters drivers. | |||||
| CVE-2015-2610 | 1 Oracle | 1 E-business Suite | 2017-09-22 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Popup windows. | |||||
| CVE-2015-2612 | 1 Oracle | 1 Siebel Crm | 2017-09-22 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Siebel Core - Server OM Svcs component in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 allows remote attackers to affect confidentiality via vectors related to LDAP Security Adapter. | |||||
| CVE-2015-2614 | 1 Oracle | 1 Solaris | 2017-09-22 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver. | |||||
| CVE-2015-2615 | 1 Oracle | 1 E-business Suite | 2017-09-22 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6, 12.1.3, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to Portal. | |||||
| CVE-2015-2616 | 1 Oracle | 1 Oracle And Sun Systems Product Suite | 2017-09-22 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 3.3 and 4.2 allows local users to affect availability via unknown vectors related to DevFS. | |||||
| CVE-2015-2618 | 1 Oracle | 1 E-business Suite | 2017-09-22 | 2.1 LOW | N/A |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Input validation. | |||||
| CVE-2015-2622 | 1 Oracle | 1 Peoplesoft Products | 2017-09-22 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote attackers to affect integrity via unknown vectors related to Fluid Core. | |||||
| CVE-2015-2629 | 1 Oracle | 1 Database Server | 2017-09-22 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0457. | |||||
| CVE-2015-2630 | 1 Oracle | 1 E-business Suite | 2017-09-22 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Technology stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Applet startup. | |||||
| CVE-2015-2631 | 1 Oracle | 1 Solaris | 2017-09-22 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rmformat. | |||||
| CVE-2015-2645 | 1 Oracle | 1 E-business Suite | 2017-09-22 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors. | |||||