Total
416 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6592 | 1 Huawei | 2 Uap2105, Uap2105 Firmware | 2017-10-06 | 7.2 HIGH | 6.8 MEDIUM |
| Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. | |||||
| CVE-2015-1158 | 1 Cups | 1 Cups | 2017-09-23 | 10.0 HIGH | N/A |
| The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. | |||||
| CVE-2015-3715 | 1 Apple | 1 Mac Os X | 2017-09-22 | 6.8 MEDIUM | N/A |
| The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library. | |||||
| CVE-2015-3714 | 1 Apple | 1 Mac Os X | 2017-09-22 | 5.0 MEDIUM | N/A |
| Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app. | |||||
| CVE-2015-3710 | 1 Apple | 2 Iphone Os, Mac Os X | 2017-09-22 | 4.3 MEDIUM | N/A |
| Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. | |||||
| CVE-2015-7225 | 1 Tinfoilsecurity | 1 Devise-two-factor | 2017-09-21 | 3.5 LOW | 5.3 MEDIUM |
| Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not "burn" a successfully validated one-time password (aka OTP), which allows remote or physically proximate attackers with a target user's login credentials to log in as said user by obtaining the OTP through performing a man-in-the-middle attack between the provider and verifier, or shoulder surfing, and replaying the OTP in the current time-step. | |||||
| CVE-2014-9634 | 2 Apache, Jenkins | 2 Tomcat, Jenkins | 2017-09-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session. | |||||
| CVE-2014-9635 | 2 Apache, Jenkins | 2 Tomcat, Jenkins | 2017-09-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies. | |||||
| CVE-2013-5229 | 1 Apple | 2 Apple Remote Desktop, Mac Os X | 2017-09-14 | 3.7 LOW | N/A |
| The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. | |||||
| CVE-2015-7044 | 1 Apple | 1 Mac Os X | 2017-09-13 | 7.6 HIGH | N/A |
| The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root privileges. | |||||
| CVE-2015-0233 | 1 Fedoraproject | 1 389 Administration Server | 2017-09-08 | 4.6 MEDIUM | 4.2 MEDIUM |
| Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. | |||||
| CVE-2015-0599 | 1 Cisco | 1 Unified Computing System | 2017-09-08 | 4.3 MEDIUM | N/A |
| The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138. | |||||
| CVE-2014-6174 | 1 Ibm | 1 Websphere Application Server | 2017-09-08 | 4.3 MEDIUM | N/A |
| IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before 8.0.0.10, and 8.5.x before 8.5.5.4 allows remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2014-6076 | 1 Ibm | 2 Security Access Manager For Mobile, Security Access Manager For Web | 2017-09-08 | 4.3 MEDIUM | N/A |
| IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2016-2296 | 1 Meteocontrol | 4 Web\'log Basic 100, Web\'log Light, Web\'log Pro and 1 more | 2017-09-07 | 7.5 HIGH | 9.4 CRITICAL |
| Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not require authentication for "post-admin" login pages, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. | |||||
| CVE-2016-9111 | 1 Citrix | 1 Receiver Desktop | 2017-09-06 | 4.6 MEDIUM | 6.8 MEDIUM |
| Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection of a LAN cable. NOTE: as of 20161208, the vendor could not reproduce the issue, stating "the researcher was unable to provide us with information that would allow us to confirm the behaviour and, despite extensive investigation on test deployments of supported products, we were unable to reproduce the behaviour as he described. The researcher has also, despite additional requests for information, ceased to respond to us." | |||||
| CVE-2016-5306 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445. | |||||
| CVE-2016-4603 | 1 Apple | 1 Iphone Os | 2017-09-01 | 4.3 MEDIUM | 4.3 MEDIUM |
| Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. | |||||
| CVE-2016-4215 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2017-09-01 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors. | |||||
| CVE-2016-3650 | 1 Symantec | 1 Endpoint Protection Manager | 2017-09-01 | 4.0 MEDIUM | 8.8 HIGH |
| Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows remote authenticated users to discover credentials via a brute-force attack. | |||||