Search

Search Results (366374 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-4244 1 Cisco 1 Asr 5000 Series Software 2025-04-12 N/A
The boot implementation on Cisco ASR 5000 and 5500 devices with software 14.0 allows local users to execute arbitrary Linux commands by leveraging administrative privileges for storage of these commands in a Compact Flash (CF) file, aka Bug ID CSCuu75278.
CVE-2015-4252 1 Cisco 1 Telepresence Isdn Gw 3241 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ISDN Gateway devices with software 2.2(1.106) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90724.
CVE-2015-4253 1 Cisco 1 Telepresence Serial Gateway 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Serial Gateway devices with software 1.0(1.42) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90728.
CVE-2015-4254 1 Cisco 1 Telepresence Advanced Media Gateway 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90732.
CVE-2015-4255 1 Cisco 1 Telepresence Ip Gateway 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90734.
CVE-2015-4256 1 Cisco 1 Telepresence Ip Vcr 3.0 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90736.
CVE-2015-3447 1 Sonicwall 1 Sonicos 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter.
CVE-2015-3448 2 Redhat, Rest-client Project 4 Cloudforms Managementengine, Satellite, Satellite Capsule and 1 more 2025-04-12 N/A
REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log.
CVE-2015-3449 1 Sap 1 Afaria 2025-04-12 N/A
The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: write) for the install folder, which allows local users to gain privileges via a Trojan horse XeService.exe file.
CVE-2015-3451 5 Canonical, Debian, Fedoraproject and 2 more 5 Ubuntu Linux, Debian Linux, Fedora and 2 more 2025-04-12 N/A
The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
CVE-2015-3455 4 Fedoraproject, Oracle, Redhat and 1 more 5 Fedora, Linux, Solaris and 2 more 2025-04-12 N/A
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.
CVE-2015-3456 3 Qemu, Redhat, Xen 7 Qemu, Enterprise Linux, Enterprise Virtualization and 4 more 2025-04-12 N/A
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
CVE-2015-3457 1 Magento 1 Magento 2025-04-12 N/A
Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter.
CVE-2015-3458 1 Magento 1 Magento 2025-04-12 N/A
The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a template path, which allows remote administrators to include and execute arbitrary PHP files via the phar:// stream wrapper, related to the setScriptPath function. NOTE: it is not clear whether this issue crosses privilege boundaries, since administrators might already have privileges to include arbitrary files.
CVE-2015-3459 1 Hospira 3 Lifecare Pca3, Lifecare Pca5, Lifecare Pcainfusion Firmware 2025-04-12 N/A
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
CVE-2015-3610 1 Siemens 1 Homecontrol For Room Automation 2025-04-12 N/A
The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information or modify data via a crafted certificate.
CVE-2015-3620 1 Fortinet 2 Fortianalyzer Firmware, Fortimanager Firmware 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2015-3621 1 Sap 1 Enterprise Central Component 2025-04-12 N/A
Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program.
CVE-2015-3622 4 Fedoraproject, Gnu, Opensuse and 1 more 4 Fedora, Libtasn1, Opensuse and 1 more 2025-04-12 N/A
The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate.
CVE-2015-3623 1 Qlik 1 Qlikview 2025-04-12 N/A
XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.