CVE List - 2015 / September
Showing 301 - 400 of 493 CVEs for September 2015 (Page 4 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2015-5903 | 2015-09-18 | The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and... |
| CVE-2015-5904 | 2015-09-18 | Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted web site. |
| CVE-2015-5905 | 2015-09-18 | Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. |
| CVE-2015-5906 | 2015-09-18 | The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote... |
| CVE-2015-5907 | 2015-09-18 | WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509... |
| CVE-2015-5909 | 2015-09-18 | IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances... |
| CVE-2015-5910 | 2015-09-18 | IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. |
| CVE-2015-5911 | 2015-09-18 | Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document. |
| CVE-2015-5912 | 2015-09-18 | The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. |
| CVE-2015-5916 | 2015-09-18 | The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. |
| CVE-2015-5920 | 2015-09-18 | The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors. |
| CVE-2015-5921 | 2015-09-18 | WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. |
| CVE-2015-4638 | 2015-09-18 | The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator,... |
| CVE-2015-5274 | 2015-09-18 | rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker. |
| CVE-2015-7239 | 2015-09-18 | SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2015-7237 | 2015-09-18 | Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. |
| CVE-2015-7238 | 2015-09-18 | The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information... |
| CVE-2015-6939 | 2015-09-18 | Cross-site scripting (XSS) vulnerability in the login module in Joomla! 3.4.x before 3.4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2015-7243 | 2015-09-18 | Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted WAV file. |
| CVE-2015-3962 | 2015-09-18 | Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the network. |
| CVE-2015-6294 | 2015-09-18 | Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka... |
| CVE-2015-6296 | 2015-09-18 | Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has a default account, which allows local users to obtain root access by leveraging knowledge of the credentials, aka Bug ID... |
| CVE-2015-6297 | 2015-09-18 | The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug... |
| CVE-2015-6456 | 2015-09-18 | GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 have hardcoded credentials for a support account, which allows remote attackers to obtain administrative access, and consequently execute arbitrary... |
| CVE-2015-6459 | 2015-09-18 | Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or delete arbitrary... |
| CVE-2015-6932 | 2015-09-18 | VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2015-6460 | 2015-09-18 | Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0. |
| CVE-2015-4304 | 2015-09-20 | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains,... |
| CVE-2015-4305 | 2015-09-20 | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains,... |
| CVE-2015-4306 | 2015-09-20 | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a... |
| CVE-2015-4307 | 2015-09-20 | The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID... |
| CVE-2015-5638 | 2015-09-20 | Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL. |
| CVE-2015-6284 | 2015-09-20 | Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices allows... |
| CVE-2015-6295 | 2015-09-20 | Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via... |
| CVE-2015-6299 | 2015-09-20 | SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug... |
| CVE-2015-6300 | 2015-09-20 | Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI... |
| CVE-2015-6301 | 2015-09-20 | The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug... |
| CVE-2015-5632 | 2015-09-20 | The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API... |
| CVE-2015-5633 | 2015-09-20 | The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. |
| CVE-2015-5634 | 2015-09-20 | The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. |
| CVE-2015-5635 | 2015-09-20 | The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. |
| CVE-2015-5636 | 2015-09-20 | The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. |
| CVE-2015-5637 | 2015-09-20 | The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. |
| CVE-2014-9227 | 2015-09-20 | Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified... |
| CVE-2014-9228 | 2015-09-20 | sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition. |
| CVE-2014-9229 | 2015-09-20 | Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging... |
| CVE-2015-5689 | 2015-09-20 | ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-extend operations before array-element... |
| CVE-2015-5690 | 2015-09-20 | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging... |
| CVE-2015-5691 | 2015-09-20 | Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary... |
| CVE-2015-5692 | 2015-09-20 | admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with... |
| CVE-2015-5693 | 2015-09-20 | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffic capture." |
| CVE-2015-6547 | 2015-09-20 | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. |
| CVE-2015-6548 | 2015-09-20 | Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute... |
| CVE-2015-2864 | 2015-09-21 | Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attackers to... |
| CVE-2015-2914 | 2015-09-21 | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf of any device, which... |
| CVE-2015-2915 | 2015-09-21 | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain... |
| CVE-2015-2916 | 2015-09-21 | Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users. |
| CVE-2015-2917 | 2015-09-21 | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking... |
| CVE-2015-5991 | 2015-09-21 | Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication... |
| CVE-2015-5992 | 2015-09-21 | Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script... |
| CVE-2015-5993 | 2015-09-21 | Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to cause a denial of service (device... |
| CVE-2015-7296 | 2015-09-21 | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a linear algorithm for selecting the ID value in the header of a DNS query... |
| CVE-2015-5603 | 2015-09-21 | The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability." |
| CVE-2015-6238 | 2015-09-21 | Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex,... |
| CVE-2015-6749 | 2015-09-21 | Buffer overflow in the aiff_open function in oggenc/audio.c in vorbis-tools 1.4.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted AIFF file. |
| CVE-2015-6923 | 2015-09-21 | The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call. |
| CVE-2015-6938 | 2015-09-21 | Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or... |
| CVE-2015-7303 | 2015-09-21 | Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header. |
| CVE-2015-7304 | 2015-09-21 | Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data. |
| CVE-2015-7305 | 2015-09-21 | The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "debug... |
| CVE-2015-7306 | 2015-09-21 | The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access administration... |
| CVE-2015-7307 | 2015-09-21 | Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration... |
| CVE-2015-5567 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-5568 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-5570 | 2015-09-22 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before... |
| CVE-2015-5571 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-5572 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-5573 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-5574 | 2015-09-22 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before... |
| CVE-2015-5575 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-5576 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-5577 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-5578 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-5579 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-5580 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-5581 | 2015-09-22 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before... |
| CVE-2015-5582 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-5584 | 2015-09-22 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before... |
| CVE-2015-5587 | 2015-09-22 | Stack-based buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK... |
| CVE-2015-5588 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-6676 | 2015-09-22 | Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before... |
| CVE-2015-6677 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-6678 | 2015-09-22 | Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before... |
| CVE-2015-6679 | 2015-09-22 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe... |
| CVE-2015-6682 | 2015-09-22 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before... |
| CVE-2015-6940 | 2015-09-22 | The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict... |
| CVE-2015-7310 | 2015-09-22 | McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before 9.5.0MR7 allow remote authenticated users to execute... |
| CVE-2015-7309 | 2015-09-22 | The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file... |
| CVE-2015-4476 | 2015-09-24 | Mozilla Firefox before 41.0 on Android allows user-assisted remote attackers to spoof address-bar attributes by leveraging lack of navigation after a paste of a URL with a nonstandard scheme, as... |
| CVE-2015-4500 | 2015-09-24 | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and... |