Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4291 | 1 Cisco | 1 Ios Xe | 2015-08-21 | 7.8 HIGH | N/A |
| Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted series of fragmented (1) IPv4 or (2) IPv6 packets, aka Bug ID CSCtd72617. | |||||
| CVE-2015-5960 | 1 Mozilla | 1 Firefox Os | 2015-08-21 | 1.9 LOW | N/A |
| Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation. | |||||
| CVE-2015-5962 | 1 Mozilla | 1 Firefox Os | 2015-08-21 | 5.0 MEDIUM | N/A |
| Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management implementation in the graphics layer in Mozilla Firefox OS before 2.2 might allow attackers to cause a denial of service (memory corruption) via a negative value of a size parameter. | |||||
| CVE-2014-0753 | 1 Ecava | 1 Integraxor | 2015-08-21 | 7.8 HIGH | N/A |
| Stack-based buffer overflow in the SCADA server in Ecava IntegraXor before 4.1.4390 allows remote attackers to cause a denial of service (system crash) by triggering access to DLL code located in the IntegraXor directory. | |||||
| CVE-2015-6528 | 1 Coppermine-gallery | 1 Coppermine Photo Gallery | 2015-08-21 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username, (2) admin_password, (3) admin_email, (4) dbserver, (5) dbname, (6) dbuser, (7) dbpass, (8) table_prefix, or (9) impath parameter. | |||||
| CVE-2015-5192 | 2015-08-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-5195. Reason: This candidate is a reservation duplicate of CVE-2015-5195. Notes: All CVE users should reference CVE-2015-5195 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2015-5513 | 1 Niif | 1 Shibboleth Authentication | 2015-08-20 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer blocks" permission to inject arbitrary web script or HTML via unspecified vectors related to a login link. | |||||
| CVE-2015-5491 | 1 Dynamic Display Block Project | 1 Dynamic Display Block | 2015-08-20 | 3.5 LOW | N/A |
| The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users to bypass intended access restrictions and read sensitive titles by leveraging the "administer ddblock" permission. | |||||
| CVE-2015-5514 | 1 Migrate Project | 1 Migrate | 2015-08-20 | 2.6 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label. | |||||
| CVE-2015-6519 | 1 Arabportal | 1 Arab Portal | 2015-08-20 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php. | |||||
| CVE-2015-5499 | 1 Navigate Project | 1 Navigate | 2015-08-19 | 4.0 MEDIUM | N/A |
| The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate view" permission. | |||||
| CVE-2015-5500 | 1 Navigate Project | 1 Navigate | 2015-08-19 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Navigate module for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5497 | 1 Web Links Project | 1 Web Links | 2015-08-19 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Links module 6.x-2.x before 6.x-2.6 and 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5495 | 1 Mobile Sliding Menu Project | 1 Mobile Sliding Menu | 2015-08-19 | 2.1 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-5493 | 1 Entityform Block Project | 1 Entityform Block | 2015-08-19 | 5.0 MEDIUM | N/A |
| The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityforms via unspecified vectors. | |||||
| CVE-2015-5492 | 1 Video Consultation Project | 1 Video Consultation | 2015-08-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6514 | 1 Splunk | 1 Splunk | 2015-08-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-6515 | 1 Splunk | 1 Splunk | 2015-08-19 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via a header. | |||||
| CVE-2015-6512 | 1 Codelogic | 1 Freichat | 2015-08-19 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in the get_messages function in server/plugins/chatroom/chatroom.php in FreiChat 9.6 allows remote attackers to execute arbitrary SQL commands via the time parameter to server/freichat.php. | |||||
| CVE-2015-6254 | 1 Picketlink | 1 Picketlink | 2015-08-19 | 6.0 MEDIUM | N/A |
| The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types. | |||||