CVE-2015-4538

CVE-2015-4538 affects EMC Atmos XML parser, where XML External Entity (XXE) processing in the parser prior to 2.2.3.426 and 2.3.x prior to 2.3.1.0 allows remote authenticated users to read arbitrary files or trigger a denial of service via an external entity and entity reference. Root cause is XX...

CVE-2015-1516

Cross-site scripting XSS vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2015-5189

The vulnerability CVE-2015-5189 affects the pcsd component of PCS (pcsd web UI) in PCS versions up to 0.9.139. It is a race condition where a global username-validation variable can be exploited by an authenticated remote user to perform actions with higher privileges after another user is authen...

PT-2015-6793 · Pcs +2 · Pcs +2

Name of the Vulnerable Software and Affected Versions: PCS versions 0.9.139 and earlier Description: A race condition exists in the pcsd web UI backend, allowing remote authenticated users to gain privileges by sending a command that is checked for security after another user is authenticated. Th...

Code injection

CheckMK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330...

UBUNTU-CVE-2014-2332

CheckMK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330...

CVE-2015-6743

Basware Banking (Maksuliikenne) 8.90.07.X is affected by a hardcoded password vulnerability. The hardcoded credential allows remote authenticated users to bypass intended access restrictions by exploiting knowledge of the password. Public descriptions indicate the issue affects 8.90.07.X and earl...

CVE-2015-6742

CVE-2015-6742 affects Basware Banking (Maksuliikenne) prior to 8.90.07.X, where a hard-coded ANCO account password allows remote authenticated users to bypass access restrictions. The issue is documented across multiple sources (including CNVD-2015-05813) as a hard-coded-credential vulnerability ...

CVE-2015-3966

CVE-2015-3966 affects Innominate mGuard devices running firmware 8.x prior to 8.1.7. The vulnerability exists in the IPsec SA establishment process and can be triggered by a peer sending a crafted configuration with compression, leading to a denial-of-service (VPN service restart). Affected firmw...

CVE-2015-5405

HP Systems Insight Manager SIM before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors...

Design/Logic Flaw

HP Virtual Connect Enterprise Manager VCEM SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors...

CVE-2015-2139

HP Systems Insight Manager SIM before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5403...

CVE-2015-5405

HP Systems Insight Manager SIM before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify data, or cause a denial of service via unspecified vectors...

PT-2015-3391 · Google +4 · Protobuf +4

Name of the Vulnerable Software and Affected Versions: protobuf affected versions not specified Description: The issue is related to a heap-based buffer overflow that can be caused by remote authenticated attackers. It is associated with an error in handling an integer variable during the...

CVE-2015-5411

HP Version Control Repository Manager VCRM before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors...

mysql: unspecified vulnerability related to Server:Security:Encryption (CPU April 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption...

mysql: unspecified vulnerability related to Server:Optimizer (CPU April 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer...

mysql: unspecified vulnerability related to Server:DML (CPU July 2015)

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML...

Design/Logic Flaw

Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on arbitrary build pods via unspecified vectors...

CVE-2014-3612

The LDAPLoginModule implementation in the Java Authentication and Authorization Service JAAS in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with an empty password and valid username, which triggers an unauthenticated bind. NOTE: this identifier...