Search Results (26340 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-1308 1 Kde 2 Kde-workspace, Plasma-workspace 2025-04-12 N/A
kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locked.
CVE-2015-1306 1 Sympa 1 Sympa 2025-04-12 N/A
The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2015-1303 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.
CVE-2015-1300 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call.
CVE-2015-1285 4 Debian, Google, Opensuse and 1 more 8 Debian Linux, Chrome, Opensuse and 5 more 2025-04-12 N/A
The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.
CVE-2015-0922 1 Mcafee 1 Epolicy Orchestrator 2025-04-12 N/A
McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 uses the same secret key across different customers' installations, which allows attackers to obtain the administrator password by leveraging knowledge of the encrypted password.
CVE-2015-0902 1 Semperfiwebdesign 1 All In One Seo Pack 2025-04-12 N/A
The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attackers to obtain sensitive information by reading HTML source code.
CVE-2015-0851 1 Xmltooling Project 1 Xmltooling 2025-04-12 N/A
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data.
CVE-2015-0850 1 Fusionforge 1 Fusionforge 2025-04-12 N/A
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.
CVE-2015-0846 1 Django-markupfield Project 1 Django-markupfield 2025-04-12 N/A
django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors.
CVE-2015-0844 2 Fedoraproject, Wesnoth 2 Fedora, Battle For Wesnoth 2025-04-12 N/A
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.
CVE-2015-0834 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: and stuns: URIs but accesses the TURN or STUN server without using TLS, which makes it easier for man-in-the-middle attackers to discover credentials by spoofing a server and completing a brute-force attack within a short time window.
CVE-2015-0800 2 Google, Mozilla 2 Android, Firefox 2025-04-12 N/A
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2012-2808.
CVE-2015-0799 3 Canonical, Mozilla, Opensuse 3 Ubuntu Linux, Firefox, Opensuse 2025-04-12 N/A
The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 allows man-in-the-middle attackers to bypass an intended X.509 certificate-verification step for an SSL server by specifying that server in the uri-host field of an Alt-Svc HTTP/2 response header.
CVE-2014-9900 2 Google, Linux 2 Android, Linux Kernel 2025-04-12 N/A
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.
CVE-2015-0770 1 Cisco 1 Telepresence Tc Software 2025-04-12 N/A
CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341.
CVE-2015-0764 1 Cisco 1 Unified Meetingplace 2025-04-12 N/A
Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603.
CVE-2015-0763 1 Cisco 1 Unified Meetingplace 2025-04-12 N/A
Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338.
CVE-2014-0868 1 Ibm 2 Algo Credit Limits, Algorithmics 2025-04-12 N/A
RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data.
CVE-2015-0760 1 Cisco 1 Adaptive Security Appliance Software 2025-04-12 N/A
The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259.