CVE List - 2015 / May
Showing 1 - 100 of 410 CVEs for May 2015 (Page 1 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2015-0532 | 2015-05-01 | EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use... |
| CVE-2015-0712 | 2015-05-01 | The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via... |
| CVE-2015-0912 | 2015-05-01 | EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors. |
| CVE-2015-0913 | 2015-05-01 | Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-0914 | 2015-05-01 | EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request. |
| CVE-2015-1243 | 2015-05-01 | Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service... |
| CVE-2015-1250 | 2015-05-01 | Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. |
| CVE-2014-3598 | 2015-05-01 | The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image. |
| CVE-2015-0237 | 2015-05-01 | Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial... |
| CVE-2015-0257 | 2015-05-01 | Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to... |
| CVE-2015-2248 | 2015-05-01 | Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack... |
| CVE-2015-3153 | 2015-05-01 | The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information... |
| CVE-2015-3337 | 2015-05-01 | Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors. |
| CVE-2015-3435 | 2015-05-01 | Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. |
| CVE-2015-3446 | 2015-05-01 | The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg). |
| CVE-2015-3632 | 2015-05-01 | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file. |
| CVE-2015-3633 | 2015-05-01 | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. |
| CVE-2015-0714 | 2015-05-02 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID... |
| CVE-2015-0531 | 2015-05-07 | EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. |
| CVE-2015-0538 | 2015-05-07 | ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 allows remote attackers to execute arbitrary commands via crafted packets. |
| CVE-2015-0701 | 2015-05-07 | Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961. |
| CVE-2015-0715 | 2015-05-07 | SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug IDs CSCut33447... |
| CVE-2015-0716 | 2015-05-07 | Cross-site request forgery (CSRF) vulnerability in the CUCReports page in Cisco Unity Connection 11.0(0.98000.225) and 11.0(0.98000.332) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut33659. |
| CVE-2015-3610 | 2015-05-07 | The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2015-1152 | 2015-05-08 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption... |
| CVE-2015-1153 | 2015-05-08 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption... |
| CVE-2015-1154 | 2015-05-08 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption... |
| CVE-2015-1155 | 2015-05-08 | The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read... |
| CVE-2015-1156 | 2015-05-08 | The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element,... |
| CVE-2014-0919 | 2015-05-08 | IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users... |
| CVE-2015-1907 | 2015-05-08 | The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors. |
| CVE-2014-9716 | 2015-05-08 | Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via a file name. |
| CVE-2015-2347 | 2015-05-08 | Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to... |
| CVE-2015-3011 | 2015-05-08 | Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server Community Edition before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allow remote authenticated users to inject arbitrary... |
| CVE-2015-3012 | 2015-05-08 | Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font... |
| CVE-2015-3013 | 2015-05-08 | ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8... |
| CVE-2015-3294 | 2015-05-08 | The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial... |
| CVE-2014-8616 | 2015-05-12 | Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.2.x before 5.2.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) user group or... |
| CVE-2014-8618 | 2015-05-12 | Cross-site scripting (XSS) vulnerability in the theme login page in Fortinet FortiADC D models before 4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-8619 | 2015-05-12 | Cross-site scripting (XSS) vulnerability in the autolearn configuration page in Fortinet FortiWeb 5.1.2 through 5.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-9326 | 2015-05-12 | The automatic signature update functionality in the (1) Phone Home feature in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, GTM, and Link Controller 11.5.0 through 11.6.0, ASM 10.0.0 through 11.6.0,... |
| CVE-2015-1858 | 2015-05-12 | Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash)... |
| CVE-2015-1859 | 2015-05-12 | Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash)... |
| CVE-2015-1860 | 2015-05-12 | Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault) and possibly... |
| CVE-2015-1880 | 2015-05-12 | Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-2170 | 2015-05-12 | The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. |
| CVE-2015-2219 | 2015-05-12 | Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the... |
| CVE-2015-2221 | 2015-05-12 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. |
| CVE-2015-2222 | 2015-05-12 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. |
| CVE-2015-2233 | 2015-05-12 | Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a... |
| CVE-2015-2234 | 2015-05-12 | Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to... |
| CVE-2015-2668 | 2015-05-12 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. |
| CVE-2015-2829 | 2015-05-12 | Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via... |
| CVE-2015-2842 | 2015-05-12 | Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a... |
| CVE-2015-2843 | 2015-05-12 | Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the... |
| CVE-2015-2844 | 2015-05-12 | The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO. |
| CVE-2015-2845 | 2015-05-12 | The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO. |
| CVE-2015-3451 | 2015-05-12 | The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to... |
| CVE-2015-3620 | 2015-05-12 | Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 through 5.2.1 allows... |
| CVE-2015-3622 | 2015-05-12 | The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. |
| CVE-2015-3646 | 2015-05-12 | OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading... |
| CVE-2015-3978 | 2015-05-12 | SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. |
| CVE-2015-3979 | 2015-05-12 | Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. |
| CVE-2015-3980 | 2015-05-12 | SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. |
| CVE-2015-3981 | 2015-05-12 | SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. |
| CVE-2014-9160 | 2015-05-13 | Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code via unknown vectors. |
| CVE-2015-1658 | 2015-05-13 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2015-1670 | 2015-05-13 | The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via... |
| CVE-2015-1672 | 2015-05-13 | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in... |
| CVE-2015-1673 | 2015-05-13 | The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allow user-assisted remote attackers to execute arbitrary code via... |
| CVE-2015-1674 | 2015-05-13 | The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local... |
| CVE-2015-1675 | 2015-05-13 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1... |
| CVE-2015-1676 | 2015-05-13 | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold... |
| CVE-2015-1677 | 2015-05-13 | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold... |
| CVE-2015-1678 | 2015-05-13 | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold... |
| CVE-2015-1679 | 2015-05-13 | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold... |
| CVE-2015-1680 | 2015-05-13 | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold... |
| CVE-2015-1681 | 2015-05-13 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1... |
| CVE-2015-1682 | 2015-05-13 | Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Office 2013 RT SP1, Excel... |
| CVE-2015-1683 | 2015-05-13 | Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." |
| CVE-2015-1684 | 2015-05-13 | VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 through 11 and other products, allows remote attackers to bypass the ASLR protection mechanism via... |
| CVE-2015-1685 | 2015-05-13 | Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass." |
| CVE-2015-1686 | 2015-05-13 | The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass... |
| CVE-2015-1688 | 2015-05-13 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." |
| CVE-2015-1689 | 2015-05-13 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-1691 | 2015-05-13 | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-1692 | 2015-05-13 | Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka "Internet Explorer Clipboard Information Disclosure Vulnerability." |
| CVE-2015-1694 | 2015-05-13 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-1695 | 2015-05-13 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1... |
| CVE-2015-1696 | 2015-05-13 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1... |
| CVE-2015-1697 | 2015-05-13 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1... |
| CVE-2015-1698 | 2015-05-13 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1... |
| CVE-2015-1699 | 2015-05-13 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1... |
| CVE-2015-1700 | 2015-05-13 | Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content,... |
| CVE-2015-1702 | 2015-05-13 | The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server... |
| CVE-2015-1703 | 2015-05-13 | Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1704. |
| CVE-2015-1704 | 2015-05-13 | Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-1703. |
| CVE-2015-1705 | 2015-05-13 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-1706 | 2015-05-13 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2015-1708 | 2015-05-13 | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |