Export limit exceeded: 365308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (365308 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-1304 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2025-04-12 | N/A |
| object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call. | ||||
| CVE-2015-1305 | 2 Mcafee, Microsoft | 2 Data Loss Prevention Endpoint, Windows Xp | 2025-04-12 | N/A |
| McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 IOCTL call. | ||||
| CVE-2015-1306 | 1 Sympa | 1 Sympa | 2025-04-12 | N/A |
| The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors. | ||||
| CVE-2015-1307 | 1 Kde | 1 Plasma-workspace | 2025-04-12 | N/A |
| plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package. | ||||
| CVE-2015-1308 | 1 Kde | 2 Kde-workspace, Plasma-workspace | 2025-04-12 | N/A |
| kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked. | ||||
| CVE-2015-1309 | 1 Sap | 1 Netweaver Abap | 2025-04-12 | N/A |
| XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML request, related to ECATT_DISPLAY_XMLSTRING_REMOTE, aka SAP Note 2016638. | ||||
| CVE-2015-1310 | 1 Sybase | 1 Adaptive Server Enterprise | 2025-04-12 | N/A |
| SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2015-1311 | 1 Sap | 1 Hana Extended Application Services | 2025-04-12 | N/A |
| The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2015-1312 | 1 Sap | 1 Enterprise Resource Planning | 2025-04-12 | N/A |
| The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2015-1314 | 1 Usaa | 1 Mobile Banking | 2025-04-12 | N/A |
| The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances. | ||||
| CVE-2015-1315 | 2 Canonical, Info-zip | 2 Ubuntu Linux, Unzip | 2025-04-12 | N/A |
| Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string from CP866 to UTF-8. | ||||
| CVE-2015-1317 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2025-04-12 | N/A |
| Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists. | ||||
| CVE-2015-1319 | 1 Canonical | 1 Ubuntu Linux | 2025-04-12 | N/A |
| The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive. | ||||
| CVE-2015-1321 | 2 Canonical, Oxide Project | 2 Ubuntu Linux, Oxide | 2025-04-12 | N/A |
| Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage. | ||||
| CVE-2015-1322 | 2 Canonical, Ubuntu | 2 Ubuntu Linux, Network-manager | 2025-04-12 | N/A |
| Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or read arbitrary files via a .. (dot dot) in the file name in a request to read modem device contexts (com.canonical.NMOfono.ReadImsiContexts). | ||||
| CVE-2015-1356 | 1 Siemens | 1 Simatic Step 7 | 2025-04-12 | N/A |
| Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitrary authorization data via a modified file. | ||||
| CVE-2015-1328 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2025-04-12 | N/A |
| The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace. | ||||
| CVE-2015-1330 | 2 Canonical, Debian | 2 Ubuntu Linux, Unattended-upgrades | 2025-04-12 | N/A |
| unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vectors. | ||||
| CVE-2015-1331 | 1 Linuxcontainers | 1 Lxc | 2025-04-12 | N/A |
| lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | ||||
| CVE-2015-1365 | 1 Pixabay Images Project | 1 Pixabay Images | 2025-04-12 | N/A |
| Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter. | ||||