Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8001 | 1 Mediawiki | 1 Mediawiki | 2015-11-10 | 3.5 LOW | N/A |
| The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not restrict the uploaded data to the claimed file size, which allows remote authenticated users to cause a denial of service via a chunk that exceeds the file size. | |||||
| CVE-2015-8095 | 2 Drupal, Monster Menus Module Project | 2 Drupal, Monster Menus | 2015-11-10 | 5.0 MEDIUM | N/A |
| The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an unspecified URL pattern. | |||||
| CVE-2014-8873 | 1 Oracle | 1 Openjdk | 2015-11-10 | 10.0 HIGH | N/A |
| A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary code via a JAR file. | |||||
| CVE-2014-6552 | 1 Oracle | 1 Fusion Middleware | 2015-11-10 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console. | |||||
| CVE-2014-6536 | 1 Oracle | 1 Supply Chain Products Suite | 2015-11-10 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security. | |||||
| CVE-2014-6553 | 1 Oracle | 1 Fusion Middleware | 2015-11-10 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Admin Console. | |||||
| CVE-2014-6543 | 1 Oracle | 1 Supply Chain Products Suite | 2015-11-10 | 3.6 LOW | N/A |
| Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to ITEM (Item & BOM). | |||||
| CVE-2015-8005 | 1 Mediawiki | 1 Mediawiki | 2015-11-10 | 5.0 MEDIUM | N/A |
| MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading the metadata of a PNG thumbnail file. | |||||
| CVE-2015-7412 | 1 Ibm | 1 Datapower Gateway | 2015-11-09 | 2.6 LOW | N/A |
| The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext data, which makes it easier for remote attackers to obtain plaintext data via a padding-oracle attack. | |||||
| CVE-2015-5043 | 1 Ibm | 1 Security Guardium | 2015-11-09 | 7.2 HIGH | N/A |
| diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, 9.5, and 10.0 before p6015 allows local users to obtain root access via unspecified key sequences. | |||||
| CVE-2015-5044 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2015-11-09 | 3.3 LOW | N/A |
| The Flow Collector in IBM Security QRadar QFLOW 7.1.x before 7.1 MR2 Patch 11 IF3 and 7.2.x before 7.2.5 Patch 4 IF3 allows remote attackers to cause a denial of service via unspecified packets. | |||||
| CVE-2015-5019 | 1 Ibm | 2 Sterling B2b Integrator, Sterling Integrator | 2015-11-09 | 5.5 MEDIUM | N/A |
| IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement. | |||||
| CVE-2015-8082 | 1 Login Disable Project | 1 Login Disable | 2015-11-09 | 7.5 HIGH | N/A |
| The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication module, as demonstrated by the CAS and URL Login modules. | |||||
| CVE-2015-7395 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo For Government and 8 more | 2015-11-09 | 4.0 MEDIUM | N/A |
| IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended work-order change restrictions via unspecified vectors. | |||||
| CVE-2015-4966 | 1 Ibm | 11 Change And Configuration Management Database, Maximo Asset Management, Maximo For Government and 8 more | 2015-11-09 | 6.5 MEDIUM | N/A |
| IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products have a default administrator account, which makes it easier for remote authenticated users to obtain access via unspecified vectors. | |||||
| CVE-2015-6476 | 1 Advantech | 14 Eki-1221, Eki-1221d, Eki-1222 and 11 more | 2015-11-09 | 10.0 HIGH | N/A |
| Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session. | |||||
| CVE-2015-1997 | 1 Ibm | 1 Security Qradar Incident Forensics | 2015-11-09 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | |||||
| CVE-2015-1999 | 1 Ibm | 1 Security Qradar Incident Forensics | 2015-11-09 | 5.0 MEDIUM | N/A |
| IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. | |||||
| CVE-2015-1993 | 1 Ibm | 1 Security Qradar Incident Forensics | 2015-11-09 | 5.0 MEDIUM | N/A |
| IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session. | |||||
| CVE-2015-1996 | 1 Ibm | 1 Security Qradar Incident Forensics | 2015-11-09 | 2.1 LOW | N/A |
| IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation. | |||||
| CVE-2015-1994 | 1 Ibm | 1 Security Qradar Incident Forensics | 2015-11-09 | 5.0 MEDIUM | N/A |
| IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | |||||
| CVE-2015-1995 | 1 Ibm | 1 Security Qradar Incident Forensics | 2015-11-09 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-6542 | 1 Oracle | 1 Database Server | 2015-11-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6454. | |||||
| CVE-2014-6534 | 1 Oracle | 1 Fusion Middleware | 2015-11-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect integrity via vectors related to WLS Console. | |||||
| CVE-2014-6537 | 1 Oracle | 1 Database Server | 2015-11-09 | 6.5 MEDIUM | N/A |
| Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2014-6538 | 1 Oracle | 1 Database Server | 2015-11-09 | 4.0 MEDIUM | N/A |
| Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6563. | |||||
| CVE-2014-6487 | 1 Oracle | 1 Fusion Middleware | 2015-11-09 | 3.5 LOW | N/A |
| Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service. | |||||
| CVE-2014-6522 | 1 Oracle | 1 Fusion Middleware | 2015-11-09 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.4, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via vectors related to ADF Faces. | |||||
| CVE-2015-1989 | 1 Ibm | 1 Security Qradar Incident Forensics | 2015-11-09 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2015-5305 | 1 Redhat | 1 Openshift | 2015-11-09 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handled before passing it to etcd. | |||||
| CVE-2014-6497 | 1 Sun | 1 Sunos | 2015-11-06 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel. | |||||
| CVE-2014-6501 | 1 Sun | 1 Sunos | 2015-11-06 | 2.1 LOW | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH. | |||||
| CVE-2014-6470 | 1 Sun | 1 Sunos | 2015-11-06 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility. | |||||
| CVE-2014-6473 | 1 Sun | 1 Sunos | 2015-11-06 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework. | |||||
| CVE-2014-6490 | 1 Sun | 1 Sunos | 2015-11-06 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component. | |||||
| CVE-2014-4277 | 1 Sun | 1 Sunos | 2015-11-06 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283. | |||||
| CVE-2014-4280 | 1 Sun | 1 Sunos | 2015-11-06 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4284. | |||||
| CVE-2014-4283 | 1 Sun | 1 Sunos | 2015-11-06 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277. | |||||
| CVE-2014-4284 | 1 Sun | 1 Sunos | 2015-11-06 | 4.4 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280. | |||||
| CVE-2014-4275 | 1 Sun | 1 Sunos | 2015-11-06 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module. | |||||
| CVE-2014-4276 | 1 Sun | 1 Sunos | 2015-11-06 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS). | |||||
| CVE-2015-5672 | 1 Typemoon | 4 Fate\/hollow Ataraxia, Fate\/stay Night, Fate\/stay Night \+ Hollow Ataraxia Set and 1 more | 2015-11-06 | 10.0 HIGH | N/A |
| TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy Night, and Fate/stay night + hollow ataraxia set allow remote attackers to execute arbitrary OS commands via crafted saved data. | |||||
| CVE-2014-4282 | 1 Sun | 1 Sunos | 2015-11-06 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. | |||||
| CVE-2014-6498 | 1 Oracle | 1 Supply Chain Products Suite | 2015-11-06 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Security. | |||||
| CVE-2014-6516 | 1 Oracle | 1 Jd Edwards Products | 2015-11-06 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows local users to affect confidentiality, integrity, and availability via vectors related to Installation SEC. | |||||
| CVE-2014-6499 | 1 Oracle | 1 Fusion Middleware | 2015-11-06 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to WebLogic Tuxedo Connector. | |||||
| CVE-2014-6533 | 1 Oracle | 1 Supply Chain Products Suite | 2015-11-06 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1 and 6.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. | |||||
| CVE-2014-6460 | 1 Oracle | 1 Peoplesoft Products | 2015-11-06 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors related to QUERY. | |||||
| CVE-2014-6461 | 1 Oracle | 1 Supply Chain Products Suite | 2015-11-06 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Roles & Privileges. | |||||
| CVE-2014-6467 | 1 Oracle | 1 Database Server | 2015-11-06 | 9.0 HIGH | N/A |
| Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6545, and CVE-2014-6560. | |||||