Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-3005 | 1 Juniper | 13 Junos, Srx100, Srx110 and 10 more | 2016-12-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-3010 | 1 Ceph | 1 Ceph-deploy | 2016-12-02 | 2.1 LOW | N/A |
| ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | |||||
| CVE-2015-3011 | 2 Debian, Owncloud | 2 Debian Linux, Owncloud | 2016-12-02 | 3.5 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted contact. | |||||
| CVE-2015-3027 | 1 Apple | 1 Xcode | 2016-12-02 | 5.0 MEDIUM | N/A |
| Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers to bypass a stack-guard protection mechanism via crafted input to an affected C program. | |||||
| CVE-2015-2760 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2016-12-02 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2761 | 1 Websense | 1 Triton Ap Web | 2016-12-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Exceptions and Scanning Exceptions Pages in Websense TRITON AP-WEB before 8.0.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2762 | 1 Websense | 1 Triton Ap Web | 2016-12-02 | 5.0 MEDIUM | N/A |
| Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. | |||||
| CVE-2015-2763 | 1 Websense | 1 Triton Ap Email | 2016-12-02 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to port 17703. | |||||
| CVE-2015-2764 | 1 Websense | 1 Triton Ap Data | 2016-12-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON AP-DATA before 8.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the DSS (1) Mobile or (2) DLP report catalog. | |||||
| CVE-2015-2765 | 1 Websense | 1 Triton Ap Email | 2016-12-02 | 4.3 MEDIUM | N/A |
| The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 allows remote attackers to conduct clickjacking attacks via unspecified vectors. | |||||
| CVE-2015-2766 | 1 Websense | 1 Triton Ap Email | 2016-12-02 | 5.0 MEDIUM | N/A |
| The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack. | |||||
| CVE-2015-2767 | 1 Websense | 1 Triton Ap Email | 2016-12-02 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has unknown impact and attack vectors, related to "Autocomplete Enabled." | |||||
| CVE-2015-2768 | 1 Websense | 2 Triton Ap Email, V-series Appliances | 2016-12-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL before 8.0.0 and V-Series 7.7 appliances allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-2771 | 1 Websense | 2 Triton Ap Email, V-series Appliances | 2016-12-02 | 5.0 MEDIUM | N/A |
| The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||||
| CVE-2015-2772 | 1 Websense | 1 V-series Appliances | 2016-12-02 | 7.5 HIGH | N/A |
| SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vectors. | |||||
| CVE-2015-2773 | 1 Websense | 1 V-series Appliances | 2016-12-02 | 5.0 MEDIUM | N/A |
| SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors. | |||||
| CVE-2015-2776 | 2 Debian, Gaia-gis | 2 Debian Linux, Freexl | 2016-12-02 | 4.3 MEDIUM | N/A |
| The parse_SST function in FreeXL before 1.0.0i allows remote attackers to cause a denial of service (memory consumption) via a crafted shared strings table in a workbook. | |||||
| CVE-2015-2778 | 1 Quassel-irc | 1 Quassel | 2016-12-02 | 5.0 MEDIUM | N/A |
| Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte characters. | |||||
| CVE-2015-2779 | 1 Quassel-irc | 1 Quassel | 2016-12-02 | 5.0 MEDIUM | N/A |
| Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage. | |||||
| CVE-2015-2786 | 1 Mybb | 1 Mybb | 2016-12-02 | 10.0 HIGH | N/A |
| Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 has unknown attack vectors related to "Group join request notifications sent to wrong group leaders." | |||||