2015-05-04
Med.
Med.
High
Low
High
Med.
2015-05-03
High
High
2015-05-01
High
Med.
High
2015-04-30
Med.
Med.
Med.
Med.
High
High
Low
Med.
2015-04-29
Med.

2015-05-02
CVE-2015-0714 Cisco Finesse
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

2015-05-01
CVE-2015-0532 EMC Rsa identity management and go...
EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the reset process for an arbitrary valid account name, as demonstrated by a privileged account.

CVE-2015-0712 Cisco Staros
The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malformed HTTP packets, aka Bug ID CSCud14217.

CVE-2015-0912 Kozos Easyctf
EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors.

CVE-2015-0913 Kozos Easyctf
Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVE-2015-0914 Kozos Easyctf
EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request.

CVE-2015-1243 Google Chrome
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object ...

CVE-2015-1250 Google Chrome
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2014-3598 Python Pillow
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

CVE-2015-2248 DELL Sonicwall secure remote access...
Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark.

CVE-2015-3153 HAXX CURL
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.

CVE-2015-3337 Elasticsearch Elasticsearch
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.

CVE-2015-3435 Samsung Samsung security manager
Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.

CVE-2015-3446 Alienvault Unified security management
The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).

CVE-2015-3632 Foxitsoftware Enterprise reader
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.

CVE-2015-3633 Foxitsoftware Enterprise reader
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures.

2015-04-29
CVE-2015-1321 Oxide project Oxide
Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted webpage.

CVE-2015-1322 Ubuntu Network-manager
Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0ubuntu7.1 allows local users to change the modem device configuration or ready arbitrary files via a .. (dot dot) in the file name in a request to read ...

CVE-2015-3026 XIPH Icecast
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."

CVE-2015-3447 DELL Sonicwall sonicos
Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchSpoof or (2) searchSpoofIpDet parameter.

Read More

 

Top Vendors:

Apple   Microsoft   Google   Oracle   Apache   IBM   Red Hat   HP   Adobe   Mozilla  
 
Full List of Vendors  

 

Top Products:

Linux Kernel   Mac OS X   Windows XP   Windows 7   Flash Player   Adobe Reader   PHP   JRE   JDK  
Wordpress   Joomla   Chrome   IE   Firefox   Safari   HTTPD   Tomcat   Nginx  
 

Full List of Products  


Copyright 2015, cxsecurity.com