2015-05-07
High
Low
High
2015-05-06
High
High
Low
Low
Low
Med.
Med.
Low
Med.
High
2015-05-05
Low
Med.
High
Med.
High
Med.
High

2015-05-02
CVE-2015-0714 Cisco Finesse
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

2015-05-01
CVE-2015-0532 EMC Rsa identity management and go...
EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account.

CVE-2015-0712 Cisco Staros
The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217.

CVE-2015-0912 Kozos Easyctf
EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors.

CVE-2015-0913 Kozos Easyctf
Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0914 Kozos Easyctf
EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request.

CVE-2015-1243 Google Chrome
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object ...

CVE-2015-1250 Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2014-3598 Python Pillow
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

CVE-2014-8361 Realtek Realtek sdk
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

CVE-2015-0237 Redhat Enterprise virtualization mana...
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

CVE-2015-0257 Redhat Enterprise virtualization mana...
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

CVE-2015-2248 DELL Sonicwall secure remote access...
Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark.

CVE-2015-3153 HAXX CURL
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

CVE-2015-3337 Elasticsearch Elasticsearch
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.

CVE-2015-3435 Samsung Samsung security manager
Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.

CVE-2015-3446 Alienvault Unified security management
The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).

CVE-2015-3632 Foxitsoftware Enterprise reader
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.

CVE-2015-3633 Foxitsoftware Enterprise reader
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures.

2015-04-29
CVE-2015-1321 Oxide project Oxide
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.

Read More

 

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  
 
Full List of Vendors  

 

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  
 

Full List of Products  


Copyright 2015, cxsecurity.com