Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1089 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-01-03 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2015-1090 | 1 Apple | 1 Iphone Os | 2017-01-03 | 5.0 MEDIUM | N/A |
| CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | |||||
| CVE-2015-1091 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-01-03 | 4.3 MEDIUM | N/A |
| The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle request headers during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | |||||
| CVE-2015-1106 | 1 Apple | 1 Iphone Os | 2017-01-03 | 2.1 LOW | N/A |
| The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard. | |||||
| CVE-2015-1107 | 1 Apple | 1 Iphone Os | 2017-01-03 | 1.9 LOW | N/A |
| The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. | |||||
| CVE-2015-1108 | 1 Apple | 1 Iphone Os | 2017-01-03 | 2.1 LOW | N/A |
| The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. | |||||
| CVE-2015-1109 | 1 Apple | 1 Iphone Os | 2017-01-03 | 2.1 LOW | N/A |
| NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file. | |||||
| CVE-2015-1111 | 1 Apple | 1 Iphone Os | 2017-01-03 | 5.0 MEDIUM | N/A |
| Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | |||||
| CVE-2015-1113 | 1 Apple | 1 Iphone Os | 2017-01-03 | 1.9 LOW | N/A |
| The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. | |||||
| CVE-2015-1115 | 1 Apple | 1 Iphone Os | 2017-01-03 | 4.4 MEDIUM | N/A |
| The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. | |||||
| CVE-2015-1116 | 1 Apple | 1 Iphone Os | 2017-01-03 | 2.1 LOW | N/A |
| The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen. | |||||
| CVE-2015-1155 | 1 Apple | 2 Iphone Os, Safari | 2017-01-03 | 4.3 MEDIUM | N/A |
| The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | |||||
| CVE-2015-1205 | 3 Canonical, Chromium, Google | 3 Ubuntu Linux, Chromium, Chrome | 2017-01-03 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2015-1235 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2017-01-03 | 5.0 MEDIUM | N/A |
| The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element. | |||||
| CVE-2015-1236 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2017-01-03 | 4.3 MEDIUM | N/A |
| The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element. | |||||
| CVE-2015-1237 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2017-01-03 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger renderer IPC messages during a detach operation. | |||||
| CVE-2015-1238 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2017-01-03 | 7.5 HIGH | N/A |
| Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2015-1240 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2017-01-03 | 5.0 MEDIUM | N/A |
| gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL program that triggers a state inconsistency. | |||||
| CVE-2015-1241 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2017-01-03 | 4.3 MEDIUM | N/A |
| Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack. | |||||
| CVE-2015-1242 | 3 Canonical, Debian, Google | 4 Ubuntu Linux, Debian Linux, Chrome and 1 more | 2017-01-03 | 7.5 HIGH | N/A |
| The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization. | |||||
| CVE-2015-1243 | 4 Canonical, Debian, Google and 1 more | 7 Ubuntu Linux, Debian Linux, Chrome and 4 more | 2017-01-03 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered. | |||||
| CVE-2015-1244 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2017-01-03 | 5.0 MEDIUM | N/A |
| The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for WebSocket traffic. | |||||
| CVE-2015-1245 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium "Open PDF in Reader" button that has an invalid tab association. | |||||
| CVE-2015-1246 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 5.0 MEDIUM | N/A |
| Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||||
| CVE-2015-1247 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 5.0 MEDIUM | N/A |
| The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site. | |||||
| CVE-2015-1248 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 4.3 MEDIUM | N/A |
| The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL. | |||||
| CVE-2015-1249 | 3 Canonical, Debian, Google | 3 Ubuntu Linux, Debian Linux, Chrome | 2017-01-03 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2015-1250 | 4 Canonical, Debian, Google and 1 more | 7 Ubuntu Linux, Debian Linux, Chrome and 4 more | 2017-01-03 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||||
| CVE-2015-1252 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 7.5 HIGH | N/A |
| common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions. | |||||
| CVE-2015-1253 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 7.5 HIGH | N/A |
| core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. | |||||
| CVE-2015-1254 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 5.0 MEDIUM | N/A |
| core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. | |||||
| CVE-2015-1255 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 6.8 MEDIUM | N/A |
| Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. | |||||
| CVE-2015-1256 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 7.5 HIGH | N/A |
| Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element. | |||||
| CVE-2015-1257 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 7.5 HIGH | N/A |
| platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document. | |||||
| CVE-2015-1258 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 7.5 HIGH | N/A |
| Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data. | |||||
| CVE-2015-1259 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 7.5 HIGH | N/A |
| PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2015-1260 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 7.5 HIGH | N/A |
| Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request. | |||||
| CVE-2015-1261 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 5.0 MEDIUM | N/A |
| android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text. | |||||
| CVE-2015-1262 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 7.5 HIGH | N/A |
| platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Unicode text. | |||||
| CVE-2015-1263 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 4.3 MEDIUM | N/A |
| The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorrect spelling suggestions or possibly have unspecified other impact via a crafted file. | |||||
| CVE-2015-1264 | 2 Debian, Google | 2 Debian Linux, Chrome | 2017-01-03 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled by the Bookmarks feature. | |||||
| CVE-2015-1484 | 1 Symantec | 1 Workspace Streaming | 2017-01-03 | 6.9 MEDIUM | N/A |
| Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory, as demonstrated by program.exe. | |||||
| CVE-2015-1782 | 3 Debian, Fedoraproject, Libssh2 | 3 Debian Linux, Fedora, Libssh2 | 2017-01-03 | 6.8 MEDIUM | N/A |
| The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet. | |||||
| CVE-2015-1881 | 1 Openstack | 1 Image Registry And Delivery Service \(glance\) | 2017-01-03 | 4.0 MEDIUM | N/A |
| OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption) by creating a large number of images using the task v2 API and then deleting them, a different vulnerability than CVE-2014-9684. | |||||
| CVE-2015-1889 | 1 Ibm | 1 Infosphere Biginsights | 2017-01-03 | 6.5 MEDIUM | N/A |
| The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statement referencing the data of an arbitrary user or (2) an import of a certain Hive table definition with the HCAT_SYNC_OBJECTS procedure. | |||||
| CVE-2015-2042 | 1 Linux | 1 Linux Kernel | 2017-01-03 | 4.6 MEDIUM | N/A |
| net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry. | |||||
| CVE-2015-2170 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2017-01-03 | 5.0 MEDIUM | N/A |
| The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2015-2221 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2017-01-03 | 5.0 MEDIUM | N/A |
| ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | |||||
| CVE-2015-2222 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2017-01-03 | 5.0 MEDIUM | N/A |
| ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. | |||||
| CVE-2015-2234 | 1 Lenovo | 1 System Update | 2017-01-03 | 6.9 MEDIUM | N/A |
| Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. | |||||