Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0709 | 1 Cisco | 2 Ios, Ios Xe | 2015-09-10 | 6.8 MEDIUM | N/A |
| Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a denial of service (device crash) by leveraging knowledge of the RADIUS secret and sending crafted RADIUS packets, aka Bug ID CSCur21348. | |||||
| CVE-2015-0708 | 1 Cisco | 2 Ios, Ios Xe | 2015-09-10 | 6.1 MEDIUM | N/A |
| Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow remote attackers to cause a denial of service (device crash) by including an IA_NA option in a DHCPv6 Solicit message on the local network, aka Bug ID CSCur29956. | |||||
| CVE-2014-8760 | 1 Process-one | 1 Ejabberd | 2015-09-10 | 5.0 MEDIUM | N/A |
| ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption. | |||||
| CVE-2014-8761 | 1 Dokuwiki | 1 Dokuwiki | 2015-09-10 | 5.0 MEDIUM | N/A |
| inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call. | |||||
| CVE-2014-4873 | 1 Bmc | 1 Bmc Track-it\! | 2015-09-10 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data. | |||||
| CVE-2014-3408 | 1 Cisco | 1 Prime Optical | 2015-09-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web framework in Cisco Prime Optical 10 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka Bug ID CSCuq80763. | |||||
| CVE-2013-7402 | 1 C-icap Project | 1 C-icap | 2015-09-10 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request. | |||||
| CVE-2014-2853 | 1 Mediawiki | 1 Mediawiki | 2015-09-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in includes/actions/InfoAction.php in MediaWiki before 1.21.9 and 1.22.x before 1.22.6 allows remote attackers to inject arbitrary web script or HTML via the sort key in an info action. | |||||
| CVE-2013-4442 | 1 Pwgen Project | 1 Pwgen | 2015-09-10 | 5.0 MEDIUM | N/A |
| Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers. | |||||
| CVE-2013-7401 | 1 C-icap Project | 1 C-icap | 2015-09-10 | 5.0 MEDIUM | N/A |
| The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method. | |||||
| CVE-2013-4440 | 1 Pwgen Project | 1 Pwgen | 2015-09-10 | 5.0 MEDIUM | N/A |
| Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack. | |||||
| CVE-2013-2130 | 1 Znc | 1 Znc | 2015-09-10 | 4.0 MEDIUM | N/A |
| ZNC 1.0 allows remote authenticated users to cause a denial of service (NULL pointer reference and crash) via a crafted request to the (1) editnetwork, (2) editchan, (3) addchan, or (4) delchan page in modules/webadmin.cpp. | |||||
| CVE-2015-5249 | 2015-09-10 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2015-3287 | 2015-09-09 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6587. Reason: This candidate is a duplicate of CVE-2015-6587. Notes: All CVE users should reference CVE-2015-6587 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2015-1841 | 1 Redhat | 1 Enterprise Virtualization | 2015-09-09 | 3.7 LOW | N/A |
| The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view. | |||||
| CVE-2014-7280 | 1 Tenable | 1 Web Ui | 2015-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header. | |||||
| CVE-2014-5383 | 1 Alienvault | 1 Open Source Security Information Management | 2015-09-08 | 6.5 MEDIUM | N/A |
| SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||||
| CVE-2014-5316 | 1 Dotclear | 1 Dotclear | 2015-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 allows remote attackers to inject arbitrary web script or HTML via a crafted page. | |||||
| CVE-2014-5242 | 1 Mediawiki | 1 Mediawiki | 2015-09-08 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving the multipageimagenavbox class in conjunction with an action=raw value. | |||||
| CVE-2014-5201 | 1 Gallery Objects Project | 1 Gallery Objects | 2015-09-08 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php. | |||||