Total
3098 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-7265 | 1 Proxygen Project | 1 Proxygen | 2024-11-21 | N/A |
| Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks. | ||||
| CVE-2015-7263 | 1 Proxygen Project | 1 Proxygen | 2024-11-21 | N/A |
| The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value. | ||||
| CVE-2015-7244 | 1 Mobatek | 1 Mobaxterm | 2024-11-21 | N/A |
| The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attackers to execute arbitrary commands or obtain sensitive information via X11 packets. | ||||
| CVE-2015-7184 | 1 Mozilla | 1 Firefox | 2024-11-21 | N/A |
| The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP response body in certain situations where user credentials are supplied but the CORS cross-origin request algorithm is improperly followed, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
| CVE-2015-7055 | 1 Apple | 2 Iphone Os, Tvos | 2024-11-21 | N/A |
| AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | ||||
| CVE-2015-6984 | 1 Apple | 1 Mac Os X | 2024-11-21 | N/A |
| libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack. | ||||
| CVE-2015-6933 | 1 Vmware | 4 Esxi, Fusion, Player and 1 more | 2024-11-21 | N/A |
| The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 allows Windows guest OS users to gain guest OS privileges or cause a denial of service (guest OS kernel memory corruption) via unspecified vectors. | ||||
| CVE-2015-6928 | 1 Cubecart | 1 Cubecart | 2024-11-21 | N/A |
| classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administrator password via a recovery request with a space character in the validate parameter and the administrator email in the email parameter. | ||||
| CVE-2015-6867 | 1 Hp | 1 Vertica | 2024-11-21 | N/A |
| The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. | ||||
| CVE-2015-6862 | 1 Hp | 1 Ucmdb Browser | 2024-11-21 | N/A |
| HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors. | ||||
| CVE-2015-6851 | 1 Rsa | 1 Securid Web Agent | 2024-11-21 | N/A |
| EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector. | ||||
| CVE-2015-6848 | 1 Emc | 1 Isilon Onefs | 2024-11-21 | N/A |
| EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD users to obtain root privileges via unspecified vectors. | ||||
| CVE-2015-6675 | 1 Siemens | 1 Ruggedcom Rugged Operating System | 2024-11-21 | N/A |
| Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP forwarding feature, which allows remote attackers to bypass a VLAN isolation protection mechanism via IP traffic. | ||||
| CVE-2015-6552 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-11-21 | N/A |
| The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to make arbitrary RPC calls via unspecified vectors. | ||||
| CVE-2015-6550 | 1 Veritas | 2 Netbackup, Netbackup Appliance | 2024-11-21 | N/A |
| bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through 2.6.1.2, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary commands via crafted input. | ||||
| CVE-2015-6478 | 1 Unitronics | 1 Visilogic Oplc Ide | 2024-11-21 | N/A |
| Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site. | ||||
| CVE-2015-6366 | 1 Cisco | 1 Ios | 2024-11-21 | N/A |
| Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circumstances by using a tunnel, aka Bug ID CSCur01042. | ||||
| CVE-2015-6317 | 1 Cisco | 1 Identity Services Engine Software | 2024-11-21 | N/A |
| Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. | ||||
| CVE-2015-6023 | 1 Netcommwireless | 2 Hspa 3g10wve, Hspa 3g10wve Firmware | 2024-11-21 | N/A |
| ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands. | ||||
| CVE-2015-5960 | 1 Mozilla | 1 Firefox Os | 2024-11-21 | N/A |
| Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation. | ||||