Weekly Vulnerabilities Reports > April 13 to 19, 2015
Overview
195 new vulnerabilities reported during this period, including 45 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 153 products from 44 vendors including Oracle, Microsoft, Suse, Opensuse, and Redhat. Vulnerabilities are notably categorized as "Cross-site Scripting", "Resource Management Errors", "Permissions, Privileges, and Access Controls", "Information Exposure", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 169 reported vulnerabilities are remotely exploitables.
- 7 reported vulnerabilities have public exploit available.
- 29 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 153 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 78 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 32 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
45 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-04-16 | CVE-2015-0491 | Oracle Suse Opensuse | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0459. | 10.0 |
2015-04-16 | CVE-2015-0469 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | 10.0 |
2015-04-16 | CVE-2015-0459 | Oracle Novell Opensuse | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2015-0491. | 10.0 |
2015-04-14 | CVE-2015-3042 | Adobe Linux Apple Microsoft Opensuse Suse Redhat | Memory Corruption vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043. | 10.0 |
2015-04-14 | CVE-2015-3041 | Adobe Linux Redhat Apple Microsoft Opensuse Suse | Memory Corruption vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3042, and CVE-2015-3043. | 10.0 |
2015-04-14 | CVE-2015-3039 | Redhat Adobe Linux Opensuse Suse Apple Microsoft | Remote Code Execution vulnerability in Adobe Flash Player APSB15-06 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-0358. | 10.0 |
2015-04-14 | CVE-2015-3038 | Adobe Linux Apple Microsoft Redhat Opensuse Suse | Memory Corruption vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | 10.0 |
2015-04-14 | CVE-2015-2113 | HP | Remote Code Execution vulnerability in HP Easy Tools 3.0.1 Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote attackers to execute arbitrary code via unknown vectors. | 10.0 |
2015-04-14 | CVE-2015-0360 | Adobe Linux Redhat Apple Microsoft Opensuse Suse | Memory Corruption vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | 10.0 |
2015-04-14 | CVE-2015-0359 | Adobe Apple Microsoft Linux | Remote Code Execution vulnerability in Adobe Flash Player APSB15-06 Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346. | 10.0 |
2015-04-14 | CVE-2015-0358 | Opensuse Suse Adobe Linux Redhat Apple Microsoft | Remote Code Execution vulnerability in Adobe Flash Player APSB15-06 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0351, and CVE-2015-3039. | 10.0 |
2015-04-14 | CVE-2015-0356 | Adobe Linux Apple Microsoft | Remote Code Execution vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion." <a href="http://cwe.mitre.org/data/definitions/843.html">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a> | 10.0 |
2015-04-14 | CVE-2015-0355 | Adobe Linux Opensuse Suse Apple Microsoft Redhat | Memory Corruption vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | 10.0 |
2015-04-14 | CVE-2015-0354 | Adobe Linux Apple Microsoft Opensuse Suse Redhat | Memory Corruption vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | 10.0 |
2015-04-14 | CVE-2015-0353 | Adobe Linux Opensuse Suse Apple Microsoft Redhat | Memory Corruption vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | 10.0 |
2015-04-14 | CVE-2015-0352 | Adobe Apple Microsoft Redhat Linux Opensuse Suse | Memory Corruption vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | 10.0 |
2015-04-14 | CVE-2015-0351 | Adobe Apple Microsoft Opensuse Suse Linux Redhat | Remote Code Execution vulnerability in Adobe Flash Player APSB15-06 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and CVE-2015-3039. | 10.0 |
2015-04-14 | CVE-2015-0350 | Adobe Linux Apple Microsoft Opensuse Suse Redhat | Memory Corruption vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | 10.0 |
2015-04-14 | CVE-2015-0349 | Adobe Apple Microsoft Redhat Opensuse Suse Linux | Remote Code Execution vulnerability in Adobe Flash Player APSB15-06 Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0351, CVE-2015-0358, and CVE-2015-3039. | 10.0 |
2015-04-14 | CVE-2015-0348 | Redhat Adobe Apple Microsoft Linux Opensuse Suse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2015-04-14 | CVE-2015-0347 | Adobe Linux Opensuse Suse Redhat Apple Microsoft | Memory Corruption vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, CVE-2015-3042, and CVE-2015-3043. | 10.0 |
2015-04-14 | CVE-2015-0346 | Redhat Opensuse Suse Adobe Apple Microsoft Linux | Remote Code Execution vulnerability in Adobe Flash Player APSB15-06 Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0359. | 10.0 |
2015-04-14 | CVE-2015-1635 | Microsoft | Code Injection vulnerability in Microsoft products HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability." | 10.0 |
2015-04-14 | CVE-2015-2788 | Debian | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Debian Dbd-Firebird and Debian Linux Multiple stack-based buffer overflows in the ib_fill_isqlda function in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have unspecified impact via unknown vectors that trigger an error condition, related to binding octets to columns. | 10.0 |
2015-04-14 | CVE-2014-9488 | Opensuse GNU | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read. | 10.0 |
2015-04-14 | CVE-2015-3043 | Adobe Opensuse Novell Redhat | Out-of-bounds Write vulnerability in multiple products Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in April 2015, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3042. | 9.8 |
2015-04-17 | CVE-2015-0691 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Desktop A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001. | 9.3 |
2015-04-16 | CVE-2015-0492 | Suse Opensuse Oracle | Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0484. | 9.3 |
2015-04-16 | CVE-2015-0460 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | 9.3 |
2015-04-14 | CVE-2015-1668 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11 Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
2015-04-14 | CVE-2015-1667 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
2015-04-14 | CVE-2015-1666 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1652. | 9.3 |
2015-04-14 | CVE-2015-1665 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1659 and CVE-2015-1662. | 9.3 |
2015-04-14 | CVE-2015-1662 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1659 and CVE-2015-1665. | 9.3 |
2015-04-14 | CVE-2015-1660 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 9 Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
2015-04-14 | CVE-2015-1659 | Microsoft | Remote Memory Corruption vulnerability in Microsoft Internet Explorer 11 Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1662 and CVE-2015-1665. | 9.3 |
2015-04-14 | CVE-2015-1657 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer 10/11/9 Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | 9.3 |
2015-04-14 | CVE-2015-1652 | Microsoft | Resource Management Errors vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1666. | 9.3 |
2015-04-14 | CVE-2015-1651 | Microsoft | Use After Free Remote Code Execution vulnerability in Microsoft Office Compatibility Pack, Word and Word Viewer Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> | 9.3 |
2015-04-14 | CVE-2015-1650 | Microsoft | Use After Free Remote Code Execution vulnerability in Microsoft Office Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> | 9.3 |
2015-04-14 | CVE-2015-1649 | Microsoft | Use After Free Remote Code Execution vulnerability in Microsoft Office Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps Server 2010 SP2 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Component Use After Free Vulnerability." <a href="http://cwe.mitre.org/data/definitions/416.html">CWE-416: Use After Free</a> | 9.3 |
2015-04-14 | CVE-2015-1645 | Microsoft | Code Injection vulnerability in Microsoft products Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) image, aka "EMF Processing Remote Code Execution Vulnerability." | 9.3 |
2015-04-13 | CVE-2015-2846 | Bittorrent | Command Injection vulnerability in Bittorrent Sync BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | 9.3 |
2015-04-16 | CVE-2015-0457 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-2629. | 9.0 |
2015-04-14 | CVE-2015-2112 | HP | Privilege Escalation vulnerability in HP Easy Tools 3.0.1 Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote authenticated users to execute arbitrary code via unknown vectors. | 9.0 |
29 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-04-13 | CVE-2015-0675 | Cisco | Improper Access Control vulnerability in Cisco Adaptive Security Appliance Software The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication messages, which allows remote attackers to reconfigure an ASA device, and consequently obtain administrative control, by sending crafted UDP packets over the local network to the failover interface, aka Bug ID CSCur21069. | 8.3 |
2015-04-17 | CVE-2015-0695 | Cisco | Resource Management Errors vulnerability in Cisco IOS XR Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, QoS, or an ACL is configured, does not properly handle bridge-group virtual interface (BVI) traffic, which allows remote attackers to cause a denial of service (chip and card hangs and reloads) by triggering use of a BVI interface for IPv4 packets, aka Bug ID CSCur62957. | 7.8 |
2015-04-14 | CVE-2015-1641 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, and Office Web Apps Server 2010 SP2 and 2013 SP1 allow remote attackers to execute arbitrary code via a crafted RTF document, aka "Microsoft Office Memory Corruption Vulnerability." | 7.8 |
2015-04-16 | CVE-2015-0458 | Oracle Novell Opensuse | Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 7.6 |
2015-04-13 | CVE-2015-2775 | Canonical Debian Redhat GNU | Path Traversal vulnerability in multiple products Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. | 7.6 |
2015-04-19 | CVE-2015-3335 | Google Opensuse | Permissions, Privileges, and Access Controls vulnerability in Google Chrome The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox. | 7.5 |
2015-04-19 | CVE-2015-3333 | Google Debian Canonical | Security vulnerability in Google V8 Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 7.5 |
2015-04-18 | CVE-2015-0968 | Searchblox | Unspecified vulnerability in Searchblox Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the image/jpeg content type, a different vulnerability than CVE-2013-3590. | 7.5 |
2015-04-17 | CVE-2015-0845 | Sixapart | Code Injection vulnerability in Sixapart Movabletype Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related to localization of templates. | 7.5 |
2015-04-16 | CVE-2015-0495 | Oracle | Unspecified vulnerability in Oracle Commerce Guided Search and Experience Manager Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.x and 11.x allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Workbench. | 7.5 |
2015-04-16 | CVE-2013-7439 | X ORG Canonical Debian | Numeric Errors vulnerability in multiple products Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen macros in include/X11/Xlibint.h in X11R6.x and libX11 before 1.6.0 allow remote attackers to have unspecified impact via a crafted request, which triggers a buffer overflow. | 7.5 |
2015-04-14 | CVE-2014-8360 | Glpi Project | Path Traversal vulnerability in Glpi-Project Glpi Directory traversal vulnerability in inc/autoload.function.php in GLPI before 0.84.8 allows remote attackers to include and execute arbitrary local files via a .._ (dot dot underscore) in an item type to the getItemForItemtype, as demonstrated by the itemtype parameter in ajax/common.tabs.php. | 7.5 |
2015-04-14 | CVE-2014-9145 | Fiyo | SQL Injection vulnerability in Fiyo CMS 2.0.1.8 Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an edit action to dapur/index.php; (2) cat, (3) user, or (4) level parameter to dapur/apps/app_article/controller/article_list.php; or (5) email parameter in an email action or (6) username parameter in a user action to dapur/apps/app_user/controller/check_user.php. | 7.5 |
2015-04-17 | CVE-2015-1318 | Apport Project | Permissions, Privileges, and Access Controls vulnerability in Apport Project Apport The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). | 7.2 |
2015-04-17 | CVE-2015-0530 | EMC | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in EMC Networker Buffer overflow in an unspecified function in nsr_render_log in EMC NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before 8.2.1.2 allows local users to gain privileges via unknown vectors. | 7.2 |
2015-04-16 | CVE-2015-2577 | Oracle | Local Security vulnerability in Oracle Solaris 10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Accounting commands. | 7.2 |
2015-04-16 | CVE-2015-0448 | Oracle | Local Security vulnerability in Oracle Solaris 11.2 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system. | 7.2 |
2015-04-15 | CVE-2015-1898 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1897. | 7.2 |
2015-04-15 | CVE-2015-1897 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM Tivoli Storage Manager Fastback Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1898. | 7.2 |
2015-04-15 | CVE-2015-0693 | Cisco | Improper Input Validation vulnerability in Cisco web Security Appliance 8.5Base Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 do not properly restrict use of the pickle Python module during certain tunnel-status checks, which allows local users to execute arbitrary Python code and gain privileges via a crafted pickle file, aka Bug ID CSCut39259. | 7.2 |
2015-04-14 | CVE-2015-1644 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows MS-DOS Device Name Vulnerability." | 7.2 |
2015-04-14 | CVE-2015-1643 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "NtCreateTransactionManager Type Confusion Vulnerability." | 7.2 |
2015-04-14 | CVE-2015-0098 | Microsoft | Remote Privilege Escalation vulnerability in Microsoft Windows Task Scheduler Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of Privilege Vulnerability." <a href="https://cwe.mitre.org/data/definitions/701.html">CWE-701: Weaknesses Introduced During Design</a> | 7.2 |
2015-04-14 | CVE-2015-2831 | DAS Watchdog Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in DAS Watchdog Project DAS Watchdog 0.9.0 Buffer overflow in das_watchdog 0.9.0 allows local users to execute arbitrary code with root privileges via a large string in the XAUTHORITY environment variable. | 7.2 |
2015-04-16 | CVE-2015-2578 | Oracle | Remote Security vulnerability in Oracle Solaris 11.2 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap. | 7.1 |
2015-04-13 | CVE-2015-2942 | Mediawiki | Resource Management Errors vulnerability in Mediawiki MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an (1) SVG file or (2) XMP metadata in a PDF file, aka a "billion laughs attack," a different vulnerability than CVE-2015-2937. | 7.1 |
2015-04-13 | CVE-2015-2937 | Mediawiki | Resource Management Errors vulnerability in Mediawiki MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) via an XML file containing an entity declaration with long replacement text and many references to this entity, a different vulnerability than CVE-2015-2942. | 7.1 |
2015-04-13 | CVE-2015-2936 | Mediawiki | Resource Management Errors vulnerability in Mediawiki 1.24.0/1.24.1 MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password. | 7.1 |
2015-04-16 | CVE-2015-0461 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.5/11.1.1.7 Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Authentication Engine. | 7.0 |
96 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-04-18 | CVE-2015-0970 | Searchblox | Cross-Site Request Forgery (CSRF) vulnerability in Searchblox Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
2015-04-17 | CVE-2015-0700 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Secure Access Control Server Solution Engine 5.4.0.46.6/5.5.0.36/5.5.0.46.4 Cross-site request forgery (CSRF) vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.5(0.46.5) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924. | 6.8 |
2015-04-16 | CVE-2015-0484 | Oracle Suse Opensuse | Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX 2.2.76, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-0492. | 6.8 |
2015-04-16 | CVE-2015-0455 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. | 6.8 |
2015-04-15 | CVE-2015-0907 | Lhaplus | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Lhaplus Buffer overflow in Lhaplus before 1.70 allows remote attackers to execute arbitrary code via a crafted archive. | 6.8 |
2015-04-14 | CVE-2015-2114 | HP Microsoft | 7PK - Security Features vulnerability in HP Support Solution Framework 11.51.0027 HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors. | 6.8 |
2015-04-13 | CVE-2015-2940 | Mediawiki | Cross-Site Request Forgery (CSRF) vulnerability in Mediawiki Checkuser Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors. | 6.8 |
2015-04-16 | CVE-2015-2570 | Oracle | Remote Security vulnerability in Oracle Demand Planning Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 11.5.10, 12.0, 12.1, and 12.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security. | 6.5 |
2015-04-16 | CVE-2015-0482 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 12.1.2.0.0/12.1.3.0.0 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.2.0 and 12.1.3.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to WLS-WebServices. | 6.0 |
2015-04-16 | CVE-2015-0480 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. | 5.8 |
2015-04-15 | CVE-2015-0906 | Lhaplus | Path Traversal vulnerability in Lhaplus Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive. | 5.8 |
2015-04-15 | CVE-2015-0697 | Cisco | Open Redirect vulnerability in Cisco Telepresence TC Software Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka Bug ID CSCuq94980. | 5.8 |
2015-04-14 | CVE-2015-1638 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Server 2012 R2 Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka "Active Directory Federation Services Information Disclosure Vulnerability." | 5.8 |
2015-04-16 | CVE-2015-0501 | Juniper Oracle Debian Canonical Mariadb Redhat Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. | 5.7 |
2015-04-17 | CVE-2015-1856 | Openstack Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-versions-location container. | 5.5 |
2015-04-16 | CVE-2015-0476 | Oracle | Remote Security vulnerability in Oracle SQL Trace Analyzer 12.1.10 Unspecified vulnerability in the SQL Trace Analyzer component in Oracle Support Tools before 12.1.11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
2015-04-18 | CVE-2015-0969 | Searchblox | Information Exposure vulnerability in Searchblox SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. | 5.0 |
2015-04-17 | CVE-2015-0938 | Blue Coat | Information Exposure vulnerability in Blue Coat Malware Analysis Appliance search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents, by providing matching keywords in conjunction with a crafted parameter. | 5.0 |
2015-04-16 | CVE-2015-3323 | Lenovo | Improper Input Validation vulnerability in Lenovo Thinkserver System Manager Baseboard Management Controller Firmware The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of service (web interface crash) via a malformed HTTP request during authentication. | 5.0 |
2015-04-16 | CVE-2015-3322 | Lenovo | Cryptographic Issues vulnerability in Lenovo products Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwords via unspecified vectors. | 5.0 |
2015-04-16 | CVE-2015-2568 | Oracle Debian Canonical Mariadb Redhat Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges. | 5.0 |
2015-04-16 | CVE-2015-0488 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. | 5.0 |
2015-04-16 | CVE-2015-0486 | Oracle Opensuse | Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | 5.0 |
2015-04-16 | CVE-2015-0464 | Oracle | Remote Security vulnerability in Oracle Transportation Management Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote attackers to affect confidentiality via unknown vectors related to Security. | 5.0 |
2015-04-16 | CVE-2015-0449 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.3.6/12.1.1/12.1.2.0.0 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related to Console. | 5.0 |
2015-04-16 | CVE-2015-0440 | Oracle | Remote Security vulnerability in Oracle Right NOW Service Cloud 8.2.3.10.1/8.4.7.2 Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Information Manager Console. | 5.0 |
2015-04-16 | CVE-2015-3319 | Hotspotexpress | Information Exposure vulnerability in Hotspotexpress Hotex Billing Manager 73.0 Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | 5.0 |
2015-04-15 | CVE-2015-0699 | Cisco | SQL Injection vulnerability in Cisco Unified Communications Domain Manager 10.5(1.98991.13) SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut21563. | 5.0 |
2015-04-14 | CVE-2015-3044 | Redhat Novell Opensuse Adobe Apple Microsoft Linux | Information Exposure vulnerability in multiple products Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | 5.0 |
2015-04-14 | CVE-2015-3040 | Redhat Adobe Linux Opensuse Suse Apple Microsoft | Information Exposure vulnerability in multiple products Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357. | 5.0 |
2015-04-14 | CVE-2015-0357 | Adobe Linux Apple Microsoft | Information Exposure vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3040. | 5.0 |
2015-04-14 | CVE-2015-0844 | Wesnoth Fedoraproject | Information Exposure vulnerability in multiple products The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. | 5.0 |
2015-04-14 | CVE-2014-5032 | Glpi Project | Permissions, Privileges, and Access Controls vulnerability in Glpi-Project Glpi GLPI before 0.84.7 does not properly restrict access to cost information, which allows remote attackers to obtain sensitive information via the cost criteria in the search bar. | 5.0 |
2015-04-13 | CVE-2015-2935 | Mediawiki | Information Exposure vulnerability in Mediawiki MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style element in an SVG file, as demonstrated by "@imporT." | 5.0 |
2015-04-16 | CVE-2015-2575 | Debian Suse Mysql | Remote Security vulnerability in Oracle MySQL Connectors Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J. | 4.9 |
2015-04-16 | CVE-2015-0490 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 6.1.3.0 Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BAS - Base Component. | 4.9 |
2015-04-16 | CVE-2015-2572 | Oracle Microsoft | Local Security vulnerability in Oracle Hyperion Smart View for Office Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | 4.6 |
2015-04-16 | CVE-2015-0471 | Oracle | Local Security vulnerability in Oracle Solaris 10/11.2 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign. | 4.4 |
2015-04-19 | CVE-2015-3336 | Google Debian Opensuse | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL. | 4.3 |
2015-04-19 | CVE-2015-3334 | Google Debian Opensuse | Code vulnerability in Google Chrome browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited. | 4.3 |
2015-04-18 | CVE-2015-0967 | Searchblox | Cross-site Scripting vulnerability in Searchblox Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the title field in the Create Featured Result form in admin/main.jsp. | 4.3 |
2015-04-17 | CVE-2015-0937 | Blue Coat | Cross-site Scripting vulnerability in Blue Coat Malware Analysis Appliance Cross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-04-16 | CVE-2015-3324 | Lenovo | Cryptographic Issues vulnerability in Lenovo Thinkserver System Manager Baseboard Management Controller Firmware 118.71532 The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "encrypted remote KVM session," which allows man-in-the-middle attackers to spoof servers. | 4.3 |
2015-04-16 | CVE-2015-2565 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Create Item Instance. | 4.3 |
2015-04-16 | CVE-2015-0510 | Oracle | Remote Security vulnerability in Oracle Commerce Platform 10.0/10.2/9.4 Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Application Framework - HTML Admin User Interface. | 4.3 |
2015-04-16 | CVE-2015-0509 | Oracle | Remote Security vulnerability in Oracle Hyperion 11.1.2.2/11.1.2.3 Unspecified vulnerability in the Oracle Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to Reporting and Analysis. | 4.3 |
2015-04-16 | CVE-2015-0502 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1 and 8.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework. | 4.3 |
2015-04-16 | CVE-2015-0497 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.1 Unspecified vulnerability in the PeopleSoft Enterprise Portal Interaction Hub component in Oracle PeopleSoft Products 9.1.00 allows remote attackers to affect integrity via unknown vectors related to Enterprise Portal. | 4.3 |
2015-04-16 | CVE-2015-0494 | Oracle | Remote Security vulnerability in Oracle Retail Central Office Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Retail Applications 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2015-04-16 | CVE-2015-0478 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect confidentiality via vectors related to JCE. | 4.3 |
2015-04-16 | CVE-2015-0477 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity via unknown vectors related to Beans. | 4.3 |
2015-04-16 | CVE-2015-0473 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.5/12.1.0.6 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control MOS 12.1.0.5 and 12.1.0.6 allows remote attackers to affect integrity via unknown vectors related to My Oracle Support Plugin. | 4.3 |
2015-04-16 | CVE-2015-0470 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect integrity via unknown vectors related to Hotspot. | 4.3 |
2015-04-16 | CVE-2015-0466 | Oracle | Remote Security vulnerability in Oracle Retail Back Office Unspecified vulnerability in the Oracle Retail Back Office component in Oracle Retail Applications 12.0, 12.0IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2015-04-16 | CVE-2015-0456 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.8.0 Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Portlet Services. | 4.3 |
2015-04-16 | CVE-2015-0452 | Oracle | Remote Security vulnerability in Oracle VM Server 3.1/3.2 Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote attackers to affect confidentiality via unknown vectors related to Ldom Manager. | 4.3 |
2015-04-16 | CVE-2015-0450 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.8.0 Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to WebCenter Spaces Application. | 4.3 |
2015-04-16 | CVE-2015-0447 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Configurator DMZ rules. | 4.3 |
2015-04-15 | CVE-2015-0698 | Cisco | Cross-site Scripting vulnerability in Cisco web Security Appliance Multiple cross-site scripting (XSS) vulnerabilities in filter search forms in admin web pages on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut39213. | 4.3 |
2015-04-15 | CVE-2015-0696 | Cisco | Cross-site Scripting vulnerability in Cisco Telepresence TC Software Cross-site scripting (XSS) vulnerability in the login page in Cisco TC Software before 7.1.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuq94977. | 4.3 |
2015-04-15 | CVE-2015-0345 | Adobe | Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0 Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-04-14 | CVE-2015-1661 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Internet Explorer Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." | 4.3 |
2015-04-14 | CVE-2015-1653 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability." | 4.3 |
2015-04-14 | CVE-2015-1646 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft XML Core Services 3.0 Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka "MSXML3 Same Origin Policy SFB Vulnerability." | 4.3 |
2015-04-14 | CVE-2015-1640 | Microsoft | Cross-site Scripting vulnerability in Microsoft Project Server 2010/2013 Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability." | 4.3 |
2015-04-14 | CVE-2015-1639 | Microsoft | Cross-site Scripting vulnerability in Microsoft Office 2011 Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Outlook App for Mac XSS Vulnerability." | 4.3 |
2015-04-14 | CVE-2015-2926 | Zoneo Soft | Cross-site Scripting vulnerability in Zoneo-Soft PHPtraffica 2.2.1/2.3 Cross-site scripting (XSS) vulnerability in Php/stats/statsRecent.inc.php in phpTrafficA 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header to index.php. | 4.3 |
2015-04-14 | CVE-2015-2781 | Hotspot Express | Cross-site Scripting vulnerability in Hotspot Express Hotex Billing Manager 73 Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi in Hotspot Express hotEx Billing Manager 73 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. | 4.3 |
2015-04-14 | CVE-2015-2223 | Palo Alto Networks | Cross-site Scripting vulnerability in Palo Alto Networks Traps 3.1.2.1546 Multiple cross-site scripting (XSS) vulnerabilities in the web-based console management interface in Palo Alto Networks Traps (formerly Cyvera Endpoint Protection) 3.1.2.1546 allow remote attackers to inject arbitrary web script or HTML via the (1) Arguments, (2) FileName, or (3) URL parameter in a SOAP request. | 4.3 |
2015-04-14 | CVE-2014-9146 | Fiyo | Cross-site Scripting vulnerability in Fiyo CMS 2.0.1.8 Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php. | 4.3 |
2015-04-13 | CVE-2015-2941 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to inject arbitrary web script or HTML via an invalid parameter in a wddx format request to api.php, which is not properly handled in an error message, related to unsafe calls to wddx_serialize_value. | 4.3 |
2015-04-13 | CVE-2015-2939 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Scribunto Cross-site scripting (XSS) vulnerability in the Scribunto extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via a function name, which is not properly handled in a Lua error backtrace. | 4.3 |
2015-04-13 | CVE-2015-2938 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when previewing the file. | 4.3 |
2015-04-13 | CVE-2015-2934 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 does not properly handle when the Zend interpreter xml_parse function does not expand entities, which allows remote attackers to inject arbitrary web script or HTML via a crafted SVG file. | 4.3 |
2015-04-13 | CVE-2015-2933 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in the Html class in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a LanguageConverter substitution string when using a language variant. | 4.3 |
2015-04-13 | CVE-2015-2932 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an animated href XLink element. | 4.3 |
2015-04-13 | CVE-2015-2931 | Mediawiki | Cross-site Scripting vulnerability in Mediawiki Incomplete blacklist vulnerability in includes/upload/UploadBase.php in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via an application/xml MIME type for a nested SVG with a data: URI. | 4.3 |
2015-04-13 | CVE-2015-0840 | Debian Canonical | Improper Access Control vulnerability in multiple products The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc). | 4.3 |
2015-04-13 | CVE-2014-9714 | Cross-site Scripting vulnerability in Facebook Hiphop Virtual Machine Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function. | 4.3 | |
2015-04-16 | CVE-2015-2573 | Oracle Mariadb Canonical Debian Suse Redhat | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. | 4.0 |
2015-04-16 | CVE-2015-2571 | Oracle Debian Mariadb Canonical Suse Redhat | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | 4.0 |
2015-04-16 | CVE-2015-0508 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-0506. | 4.0 |
2015-04-16 | CVE-2015-0503 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. | 4.0 |
2015-04-16 | CVE-2015-0500 | Oracle Suse | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. | 4.0 |
2015-04-16 | CVE-2015-0496 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.53/8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via vectors related to PIA Search Functionality. | 4.0 |
2015-04-16 | CVE-2015-0487 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.53/8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2015-0472. | 4.0 |
2015-04-16 | CVE-2015-0483 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors. | 4.0 |
2015-04-16 | CVE-2015-0479 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.3/11.2.0.4/12.1.0.1 Unspecified vulnerability in the XDK and XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect availability via unknown vectors. | 4.0 |
2015-04-16 | CVE-2015-0475 | Oracle | Remote Security vulnerability in Oracle JD Edwards products 9.1 Unspecified vulnerability in the JD Edwards EnterpriseOne Technology component in Oracle JD Edwards Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Runtime Security. | 4.0 |
2015-04-16 | CVE-2015-0465 | Oracle | Remote Security vulnerability in Oracle Transportation Management Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure. | 4.0 |
2015-04-16 | CVE-2015-0463 | Oracle | Remote Security vulnerability in Oracle Transportation Management Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 4.0 |
2015-04-16 | CVE-2015-0462 | Oracle | Remote Security vulnerability in Oracle Transportation Management Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 4.0 |
2015-04-16 | CVE-2015-0441 | Oracle Debian Canonical Redhat Suse Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption. | 4.0 |
2015-04-16 | CVE-2015-0439 | Suse Novell Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability than CVE-2015-4756. | 4.0 |
2015-04-16 | CVE-2015-0433 | Oracle Debian Canonical Redhat Suse Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. | 4.0 |
2015-04-14 | CVE-2015-3293 | Fortinet | Information Exposure vulnerability in Fortinet Fortimail FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. | 4.0 |
25 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-04-16 | CVE-2015-2567 | Oracle Novell | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. | 3.5 |
2015-04-16 | CVE-2015-0507 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. | 3.5 |
2015-04-16 | CVE-2015-0506 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB, a different vulnerability than CVE-2015-0508. | 3.5 |
2015-04-16 | CVE-2015-0505 | Suse Oracle Mariadb Debian Canonical Redhat | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. | 3.5 |
2015-04-16 | CVE-2015-0499 | Oracle Debian Canonical Suse Redhat Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated. | 3.5 |
2015-04-16 | CVE-2015-0485 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.1/9.2 Unspecified vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 3.5 |
2015-04-16 | CVE-2015-0472 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.53/8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology, a different vulnerability than CVE-2015-0487. | 3.5 |
2015-04-16 | CVE-2015-0451 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 3.004 Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 3.0-04 allows remote authenticated users to affect confidentiality via vectors related to OpenSSO Web Agents. | 3.5 |
2015-04-14 | CVE-2014-9311 | Shareaholic | Cross-site Scripting vulnerability in Shareaholic Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php. | 3.5 |
2015-04-16 | CVE-2013-4866 | Lixil | Security vulnerability in My SATIS for Android The LIXIL Corporation My SATIS Genius Toilet application for Android has a hardcoded Bluetooth PIN, which allows physically proximate attackers to trigger physical resource consumption (water or heat) or user discomfort. | 3.3 |
2015-04-16 | CVE-2015-0453 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.53/8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via vectors related to PORTAL. | 3.3 |
2015-04-16 | CVE-2015-2566 | Novell Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. | 2.8 |
2015-04-16 | CVE-2015-0511 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. | 2.8 |
2015-04-16 | CVE-2015-0504 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 12.0.6/12.1.3 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Error Messages. | 2.6 |
2015-04-14 | CVE-2015-1648 | Microsoft | Data Processing Errors vulnerability in Microsoft .Net Framework ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-file information via a crafted request, aka "ASP.NET Information Disclosure Vulnerability." | 2.6 |
2015-04-16 | CVE-2015-3320 | Lenovo | Information Exposure vulnerability in Lenovo USB Enhanced Performance Keyboard Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output. | 2.1 |
2015-04-16 | CVE-2015-1314 | Usaa | Information Exposure vulnerability in Usaa Mobile Banking 7.10 The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain banking account numbers and balances. | 2.1 |
2015-04-16 | CVE-2015-2579 | Oracle | Local Security vulnerability in Oracle Health Sciences Applications 8.0 Unspecified vulnerability in the Oracle Health Sciences Argus Safety component in Oracle Health Sciences Applications 8.0 allows local users to affect confidentiality via vectors related to BIP Installer. | 2.1 |
2015-04-16 | CVE-2015-2576 | Suse Oracle | Local Security vulnerability in Oracle MySQL Utilities Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. | 2.1 |
2015-04-16 | CVE-2015-2574 | Oracle | Local Security vulnerability in Oracle Solaris 10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities. | 2.1 |
2015-04-14 | CVE-2015-1647 | Microsoft | Improper Input Validation vulnerability in Microsoft Windows 8.1 and Windows Server 2012 Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 allows guest OS users to cause a denial of service (VMM functionality loss) via a crafted application, aka "Windows Hyper-V DoS Vulnerability." | 2.1 |
2015-04-16 | CVE-2015-0498 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication. | 1.7 |
2015-04-16 | CVE-2015-0493 | Oracle | Local Heap Buffer Overflow vulnerability in Oracle Fusion Middleware 8.4.1/8.5.0/8.5.1 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0474. | 1.5 |
2015-04-16 | CVE-2015-0474 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.4.1/8.5.0/8.5.1 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0493. | 1.5 |
2015-04-16 | CVE-2015-0489 | Oracle | Local Security vulnerability in Oracle E-Business Suite Application Management Pack 121020/121030 Unspecified vulnerability in the Application Management Pack for Oracle E-Business Suite component in Oracle E-Business Suite AMP 121030 and 121020 allows local users to affect confidentiality via vectors related to EBS Plugin. | 1.2 |