Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0838 | 2 Debian, Dulwich Project | 2 Debian Linux, Dulwich | 2015-03-31 | 7.5 HIGH | N/A |
| Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file. | |||||
| CVE-2015-2792 | 1 Wpml | 1 Wpml | 2015-03-31 | 7.5 HIGH | N/A |
| The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request containing an action POST parameter, an action GET parameter, and a valid nonce for the action GET parameter. | |||||
| CVE-2015-0985 | 1 Xzeres | 2 442sr, 442sr Os | 2015-03-31 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to hijack the authentication of admins for requests that modify the default user's password via a GET request. | |||||
| CVE-2015-0900 | 1 Nishishi | 1 Fumy Teachers Schedule Board | 2015-03-31 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi Factory Fumy Teacher's Schedule Board 1.10 through 2.21 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2014-9209 | 1 Rockwellautomation | 2 Factorytalk Services Platform, Factorytalk View Studio | 2015-03-31 | 6.9 MEDIUM | N/A |
| Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
| CVE-2015-2769 | 1 Websense | 1 Triton Ap Email | 2015-03-30 | 6.8 MEDIUM | N/A |
| Multiple cross-site request forgery (CSRF) vulnerabilities in the Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2015-2770 | 1 Websense | 1 V-series Appliances | 2015-03-30 | 6.8 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in the command line page in Websense TRITON V-Series appliances before 8.0.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||||
| CVE-2015-2785 | 1 Gnome | 1 Byzanz | 2015-03-30 | 7.5 HIGH | N/A |
| The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command. | |||||
| CVE-2014-9205 | 1 Microsys | 1 Promotic | 2015-03-30 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the PmBase64Decode function in an unspecified demonstration application in MICROSYS PROMOTIC stable before 8.2.19 and PROMOTIC development before 8.3.2 allows remote attackers to execute arbitrary code by providing a large amount of data. | |||||
| CVE-2014-5428 | 1 Johnsoncontrols | 12 Application And Data Server, Extended Application And Data Server, Lonworks Control Server Lcs8520 and 9 more | 2015-03-30 | 10.0 HIGH | N/A |
| Unrestricted file upload vulnerability in unspecified web services in Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to execute arbitrary code by uploading a shell script. | |||||
| CVE-2014-5427 | 1 Johnsoncontrols | 12 Application And Data Server, Extended Application And Data Server, Lonworks Control Server Lcs8520 and 9 more | 2015-03-30 | 5.0 MEDIUM | N/A |
| Johnson Controls Metasys 4.1 through 6.5, as used in Application and Data Server (ADS), Extended Application and Data Server (aka ADX), LonWorks Control Server 85 LCS8520, Network Automation Engine (NAE) 55xx-x, Network Integration Engine (NIE) 5xxx-x, and NxE8500, allows remote attackers to read password hashes via a POST request. | |||||
| CVE-2014-0005 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jboss Enterprise Brms Platform | 2015-03-27 | 3.6 LOW | N/A |
| PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application. | |||||
| CVE-2013-2184 | 1 Sixapart | 1 Movable Type | 2015-03-27 | 7.5 HIGH | N/A |
| Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter. | |||||
| CVE-2015-0898 | 1 Futomi | 1 Mp Form Mail Cgi | 2015-03-27 | 7.5 HIGH | N/A |
| futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors. | |||||
| CVE-2015-0649 | 1 Cisco | 1 Ios | 2015-03-27 | 7.8 HIGH | N/A |
| Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. | |||||
| CVE-2015-0647 | 1 Cisco | 1 Ios | 2015-03-26 | 7.8 HIGH | N/A |
| Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. | |||||
| CVE-2015-0648 | 1 Cisco | 1 Ios | 2015-03-26 | 7.8 HIGH | N/A |
| Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun49658. | |||||
| CVE-2015-1388 | 1 Arubanetworks | 1 Arubaos | 2015-03-26 | 7.2 HIGH | N/A |
| The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.2.4 on Aruba access points in Remote Access Point (AP) mode allows remote attackers to execute arbitrary commands via unspecified vectors. | |||||
| CVE-2012-4398 | 1 Linux | 1 Linux Kernel | 2015-03-25 | 4.9 MEDIUM | N/A |
| The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 does not set a certain killable attribute, which allows local users to cause a denial of service (memory consumption) via a crafted application. | |||||
| CVE-2013-2899 | 1 Linux | 1 Linux Kernel | 2015-03-25 | 4.7 MEDIUM | N/A |
| drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device. | |||||