Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5809 | 1 Groupon | 1 Groupon Merchants | 2015-11-04 | 5.8 MEDIUM | N/A |
| The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. | |||||
| CVE-2000-0219 | 1 Redhat | 1 Linux | 2015-11-04 | 7.2 HIGH | N/A |
| Red Hat 6.0 allows local users to gain root access by booting single user and hitting ^C at the password prompt. | |||||
| CVE-2014-5082 | 1 Sphider | 1 Sphider | 2015-11-04 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter. | |||||
| CVE-2015-5308 | 1 Wp-championship Project | 1 Wp-championship | 2015-11-03 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter. | |||||
| CVE-2015-5210 | 1 Apache | 1 Ambari | 2015-11-03 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in Apache Ambari before 2.1.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the targetURI parameter. | |||||
| CVE-2015-3186 | 1 Apache | 1 Ambari | 2015-11-03 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated cluster operator users to inject arbitrary web script or HTML via the note field in a configuration change. | |||||
| CVE-2015-3270 | 1 Apache | 1 Ambari | 2015-11-03 | 6.5 MEDIUM | N/A |
| Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. | |||||
| CVE-2015-1775 | 1 Apache | 1 Ambari | 2015-11-03 | 5.5 MEDIUM | N/A |
| Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Ambari before 2.1.0 allows remote authenticated users to conduct port scans and access unsecured services via a crafted REST call. | |||||
| CVE-2015-5470 | 1 Powerdns | 2 Authoritative, Recursor | 2015-11-03 | 7.8 HIGH | N/A |
| The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868. | |||||
| CVE-2015-8074 | 1 Google | 1 Android | 2015-11-03 | 5.0 MEDIUM | N/A |
| mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611. | |||||
| CVE-2015-8073 | 1 Google | 1 Android | 2015-11-03 | 10.0 HIGH | N/A |
| mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072. | |||||
| CVE-2015-8072 | 1 Google | 1 Android | 2015-11-03 | 10.0 HIGH | N/A |
| mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulnerability than CVE-2015-6608 and CVE-2015-8073. | |||||
| CVE-2015-8038 | 1 Fortinet | 1 Fortimanager Firmware | 2015-11-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sharedjobmanager or (2) SOMServiceObjDialog. | |||||
| CVE-2015-8037 | 1 Fortinet | 1 Fortimanager Firmware | 2015-11-03 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the Graphical User Interface (GUI) in Fortinet FortiManager before 5.2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SOMVpnSSLPortalDialog or (2) FGDMngUpdHistory. | |||||
| CVE-2015-0598 | 1 Cisco | 2 Ios, Ios Xe | 2015-11-02 | 6.8 MEDIUM | N/A |
| The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and CSCur27693. | |||||
| CVE-2015-0594 | 1 Cisco | 2 Prime Lan Management Solution, Security Manager | 2015-11-02 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the help pages in Cisco Common Services, as used in Cisco Prime LAN Management Solution (LMS) and Cisco Security Manager, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCuq54654 and CSCun18263. | |||||
| CVE-2015-0632 | 1 Cisco | 2 Ios, Ios Xe | 2015-11-02 | 5.7 MEDIUM | N/A |
| Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the local network, aka Bug ID CSCuo67770. | |||||
| CVE-2015-0651 | 1 Cisco | 1 Application Networking Manager | 2015-11-02 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo99753. | |||||
| CVE-2015-0655 | 1 Cisco | 1 Unified Web And E-mail Interaction Manager | 2015-11-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184. | |||||
| CVE-2015-0656 | 1 Cisco | 3 Network Analysis Module 2304, Network Analysis Module 2320, Network Analysis Module Firmware | 2015-11-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login page in Cisco Network Analysis Module (NAM) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCum81269. | |||||