Total
9170 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-1369 | 1 Apple | 1 Safari | 2015-12-08 | 4.3 MEDIUM | N/A |
| WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows user-assisted remote attackers to access file: URLs by leveraging a URL drag operation that originates at a crafted web site. | |||||
| CVE-2014-1346 | 1 Apple | 1 Safari | 2015-12-08 | 5.0 MEDIUM | N/A |
| WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, does not properly interpret Unicode encoding, which allows remote attackers to spoof a postMessage origin, and bypass intended restrictions on sending a message to a connected frame or window, via crafted characters in a URL. | |||||
| CVE-2015-0584 | 1 Cisco | 1 Desktop Collaboration Experience Dx650 | 2015-11-27 | 7.2 HIGH | N/A |
| The image-upgrade implementation on Cisco Desktop Collaboration Experience (aka Collaboration Desk Experience or DX) DX650 endpoints allows local users to execute arbitrary OS commands via an unspecified parameter, aka Bug ID CSCus38947. | |||||
| CVE-2015-7808 | 1 Vbulletin | 1 Vbulletin | 2015-11-25 | 7.5 HIGH | N/A |
| The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments. | |||||
| CVE-2015-7845 | 1 Huawei | 7 Espace Firmware, Espace Unified Gateway U1910, Espace Unified Gateway U1911 and 4 more | 2015-11-20 | 5.0 MEDIUM | N/A |
| The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets. | |||||
| CVE-2015-6374 | 1 Cisco | 1 Firepower Extensible Operating System | 2015-11-19 | 4.3 MEDIUM | N/A |
| The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604. | |||||
| CVE-2015-6369 | 1 Cisco | 1 Firepower Extensible Operating System | 2015-11-19 | 4.9 MEDIUM | N/A |
| The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that triggers invalid USB commands, aka Bug ID CSCux10531. | |||||
| CVE-2014-4494 | 1 Apple | 1 Iphone Os | 2015-11-17 | 6.8 MEDIUM | N/A |
| Springboard in Apple iOS before 8.1.3 does not properly validate signatures when determining whether to solicit an app trust decision from the user, which allows attackers to bypass intended first-launch restrictions by leveraging access to an enterprise distribution certificate for signing a crafted app. | |||||
| CVE-2015-7994 | 1 Sap | 1 Hana | 2015-11-12 | 7.5 HIGH | N/A |
| The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428. | |||||
| CVE-2015-7993 | 1 Sap | 1 Hana | 2015-11-12 | 7.5 HIGH | N/A |
| The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Login," aka SAP Security Note 2197397. | |||||
| CVE-2015-7828 | 1 Sap | 1 Hana | 2015-11-12 | 10.0 HIGH | N/A |
| SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopydir, (2) fmkdir, (3) frmdir, (4) getenv, (5) dumpenv, (6) fcopy, (7) fput, (8) fdel, (9) fmove, (10) fget, (11) fappend, (12) fdir, (13) getTraces, (14) kill, (15) pexec, (16) stop, or (17) pythonexec method, aka SAP Security Note 2165583. | |||||
| CVE-2014-8873 | 1 Oracle | 1 Openjdk | 2015-11-10 | 10.0 HIGH | N/A |
| A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary code via a JAR file. | |||||
| CVE-2015-5044 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2015-11-09 | 3.3 LOW | N/A |
| The Flow Collector in IBM Security QRadar QFLOW 7.1.x before 7.1 MR2 Patch 11 IF3 and 7.2.x before 7.2.5 Patch 4 IF3 allows remote attackers to cause a denial of service via unspecified packets. | |||||
| CVE-2014-3825 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2015-11-05 | 6.8 MEDIUM | N/A |
| The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, 12.1X44 before 12.1X44-D40, 12.1X45 before 12.1X45-D30, 12.1X46 before 12.1X46-D25, and 12.1X47 before 12.1X47-D10, when an Application Layer Gateway (ALG) is enabled, allows remote attackers to cause a denial of service (flowd crash) via a crafted packet. | |||||
| CVE-2014-8013 | 1 Cisco | 1 Nx-os | 2015-11-04 | 4.9 MEDIUM | N/A |
| The TACACS+ command-authorization implementation in Cisco NX-OS allows local users to cause a denial of service (device reload) via a long CLI command, aka Bug ID CSCur54182. | |||||
| CVE-2015-0657 | 1 Cisco | 1 Ios Xr | 2015-11-02 | 5.0 MEDIUM | N/A |
| Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. | |||||
| CVE-2015-0661 | 1 Cisco | 1 Ios Xr | 2015-11-02 | 4.0 MEDIUM | N/A |
| The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. | |||||
| CVE-2015-7699 | 1 Owncloud | 1 Owncloud | 2015-10-28 | 9.0 HIGH | N/A |
| The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary code via a crafted mount point option, related to "objectstore." | |||||
| CVE-2013-3672 | 1 Ffmpeg | 1 Ffmpeg | 2015-10-27 | 4.3 MEDIUM | N/A |
| The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg before 1.2.1 does not validate the relationship between a horizontal coordinate and a width value, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted American Laser Games (ALG) MM Video data. | |||||
| CVE-2013-3674 | 1 Ffmpeg | 1 Ffmpeg | 2015-10-27 | 4.3 MEDIUM | N/A |
| The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg before 1.2.1 does not validate the presence of non-header data in a buffer, which allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) via crafted CD Graphics Video data. | |||||