Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7186 | 2 Google, Mozilla | 2 Android, Firefox | 2016-12-07 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved HTML document. | |||||
| CVE-2015-7187 | 1 Mozilla | 1 Firefox | 2016-12-07 | 4.3 MEDIUM | N/A |
| The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaScript code that is executed within a third-party extension. | |||||
| CVE-2015-7188 | 1 Mozilla | 2 Firefox, Firefox Esr | 2016-12-07 | 7.5 HIGH | N/A |
| Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appending whitespace characters to an IP address string. | |||||
| CVE-2015-7189 | 1 Mozilla | 2 Firefox, Firefox Esr | 2016-12-07 | 6.8 MEDIUM | N/A |
| Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via vectors involving a CANVAS element and crafted JavaScript code. | |||||
| CVE-2015-7190 | 2 Google, Mozilla | 2 Android, Firefox | 2016-12-07 | 5.0 MEDIUM | N/A |
| The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application. | |||||
| CVE-2015-7191 | 2 Google, Mozilla | 2 Android, Firefox | 2016-12-07 | 4.3 MEDIUM | N/A |
| Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallback navigation, aka "Universal XSS (UXSS)." | |||||
| CVE-2015-7192 | 2 Apple, Mozilla | 2 Mac Os X, Firefox | 2016-12-07 | 7.5 HIGH | N/A |
| The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index. | |||||
| CVE-2015-7193 | 1 Mozilla | 2 Firefox, Firefox Esr | 2016-12-07 | 7.5 HIGH | N/A |
| Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header manipulation, which allows remote attackers to bypass the Same Origin Policy by leveraging the lack of a preflight-request step. | |||||
| CVE-2015-7194 | 1 Mozilla | 2 Firefox, Firefox Esr | 2016-12-07 | 7.5 HIGH | N/A |
| Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted ZIP archive. | |||||
| CVE-2015-7195 | 1 Mozilla | 1 Firefox | 2016-12-07 | 5.0 MEDIUM | N/A |
| The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive information via vectors involving a redirect. | |||||
| CVE-2015-7196 | 1 Mozilla | 2 Firefox, Firefox Esr | 2016-12-07 | 6.8 MEDIUM | N/A |
| Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper. | |||||
| CVE-2015-7197 | 1 Mozilla | 2 Firefox, Firefox Esr | 2016-12-07 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-content restrictions via crafted JavaScript code. | |||||
| CVE-2015-7198 | 1 Mozilla | 2 Firefox, Firefox Esr | 2016-12-07 | 7.5 HIGH | N/A |
| Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted texture data. | |||||
| CVE-2015-7199 | 1 Mozilla | 2 Firefox, Firefox Esr | 2016-12-07 | 7.5 HIGH | N/A |
| The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted SVG document. | |||||
| CVE-2015-7200 | 1 Mozilla | 2 Firefox, Firefox Esr | 2016-12-07 | 7.5 HIGH | N/A |
| The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key. | |||||
| CVE-2015-7283 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2016-12-07 | 9.3 HIGH | 8.1 HIGH |
| The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | |||||
| CVE-2015-7284 | 1 Zyxel | 2 Nbg-418n, Nbg-418n Firmware | 2016-12-07 | 6.8 MEDIUM | 8.0 HIGH |
| Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users. | |||||
| CVE-2015-7337 | 2 Ipython, Jupyter | 2 Notebook, Notebook | 2016-12-07 | 6.8 MEDIUM | N/A |
| The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files/, related to MIME types. | |||||
| CVE-2015-7397 | 1 Ibm | 1 Websphere Commerce | 2016-12-07 | 5.8 MEDIUM | 7.4 HIGH |
| Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the referrer parameter. | |||||
| CVE-2015-7417 | 1 Ibm | 1 Websphere Application Server | 2016-12-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider. | |||||
| CVE-2015-6849 | 1 Emc | 1 Networker | 2016-12-07 | 7.8 HIGH | N/A |
| EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authentication messages. | |||||
| CVE-2015-6850 | 1 Emc | 1 Vplex Geosynchrony | 2016-12-07 | 7.2 HIGH | 8.4 HIGH |
| EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | |||||
| CVE-2015-6851 | 1 Rsa | 1 Securid Web Agent | 2016-12-07 | 7.2 HIGH | 6.7 MEDIUM |
| EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector. | |||||
| CVE-2015-6852 | 1 Emc | 1 Secure Remote Services | 2016-12-07 | 4.0 MEDIUM | 4.3 MEDIUM |
| Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. | |||||
| CVE-2015-6857 | 1 Hp | 2 Loadrunner, Performance Center | 2016-12-07 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138. | |||||
| CVE-2015-6859 | 1 Hp | 54 J8692a, J8693a, J8697a and 51 more | 2016-12-07 | 4.6 MEDIUM | 7.8 HIGH |
| HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860. | |||||
| CVE-2015-6860 | 1 Hp | 54 J8692a, J8693a, J8697a and 51 more | 2016-12-07 | 7.2 HIGH | 8.4 HIGH |
| HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859. | |||||
| CVE-2015-6862 | 1 Hp | 1 Ucmdb Browser | 2016-12-07 | 7.2 HIGH | 8.4 HIGH |
| HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors. | |||||
| CVE-2015-6928 | 1 Cubecart | 1 Cubecart | 2016-12-07 | 6.8 MEDIUM | N/A |
| classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter. | |||||
| CVE-2015-6933 | 1 Vmware | 4 Esxi, Fusion, Player and 1 more | 2016-12-07 | 6.5 MEDIUM | 6.3 MEDIUM |
| The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors. | |||||
| CVE-2015-7037 | 1 Apple | 1 Iphone Os | 2016-12-07 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname. | |||||
| CVE-2015-7049 | 1 Apple | 1 Xcode | 2016-12-07 | 4.6 MEDIUM | N/A |
| otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. | |||||
| CVE-2015-7050 | 1 Apple | 2 Iphone Os, Safari | 2016-12-07 | 4.3 MEDIUM | N/A |
| WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site. | |||||
| CVE-2015-7056 | 1 Apple | 1 Xcode | 2016-12-07 | 5.0 MEDIUM | N/A |
| IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a file matching an ignore pattern. | |||||
| CVE-2015-7057 | 1 Apple | 1 Xcode | 2016-12-07 | 4.6 MEDIUM | N/A |
| otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. | |||||
| CVE-2015-7069 | 1 Apple | 1 Iphone Os | 2016-12-07 | 9.3 HIGH | N/A |
| Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7070. | |||||
| CVE-2015-7070 | 1 Apple | 1 Iphone Os | 2016-12-07 | 9.3 HIGH | N/A |
| Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability than CVE-2015-7069. | |||||
| CVE-2015-7080 | 1 Apple | 1 Iphone Os | 2016-12-07 | 2.1 LOW | N/A |
| Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device in the lock-screen state. | |||||
| CVE-2015-7082 | 2 Apple, Git Project | 2 Xcode, Git | 2016-12-07 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases. | |||||
| CVE-2015-7085 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7086 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7087 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7088 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7089 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7090, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7090 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7091, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7091 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7092, and CVE-2015-7117. | |||||
| CVE-2015-7092 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 tag in MP3 data in a movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7117. | |||||
| CVE-2015-7093 | 1 Apple | 1 Safari | 2016-12-07 | 4.3 MEDIUM | N/A |
| Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site. | |||||
| CVE-2015-7113 | 1 Apple | 2 Iphone Os, Watchos | 2016-12-07 | 10.0 HIGH | N/A |
| The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a malformed plist. | |||||
| CVE-2015-7117 | 1 Apple | 1 Quicktime | 2016-12-07 | 6.8 MEDIUM | 6.6 MEDIUM |
| Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-7085, CVE-2015-7086, CVE-2015-7087, CVE-2015-7088, CVE-2015-7089, CVE-2015-7090, CVE-2015-7091, and CVE-2015-7092. | |||||