CVE-2015-1822

chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service uninitialized pointer dereference and daemon crash or possibly execute arbitrary code via a large number of...

DEBIAN-CVE-2015-1821

Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service chronyd crash or possibly execute arbitrary code by configuring the 1 NTP or 2 cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the...

UBUNTU-CVE-2015-0441

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Encryption...

UBUNTU-CVE-2015-0433

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML...

CVE-2015-0251

The moddavsvn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences...

CVE-2015-3030

CVE-2015-3030 affects McAfee Advanced Threat Defense (MATD) web interface prior to version 3.4.4.63. The vulnerability allows remote authenticated users to obtain sensitive configuration information via unspecified vectors (information disclosure). Impact is limited to disclosure of configuration...

CVE-2015-3028

The CVE-2015-3028 entry affects McAfee Advanced Threat Defense (MATD) versions prior to 3.4.4.63. The issue allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters, indicating an access-control weakness that enables conf...

CVE-2015-2823

Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC TIA Portal 13 SP1 Upd2, SIMATIC HMI Comfort Panels before WinCC TIA Portal 13 SP1 Upd2, SIMATIC WinCC Runtime Advanced before WinCC TIA Portal 13 SP1 Upd2, SIMATIC WinCC Runtime Professional before WinCC TIA Portal 13 SP1 Upd2, SIMATIC...

CVE-2014-5405

Hospira MedNet before 6.1 uses a hardcoded cleartext password to control SQL database authorization, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge of this password...

Code injection

Cisco Unified Communications Domain Manager 8.14 allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168...

CVE-2015-0682

Cisco Unified Communications Domain Manager 8.1(4) is affected by CVE-2015-0682 (Bug CSCup90168). The issue allows an authenticated, remote attacker to execute arbitrary code by visiting a deprecated page, as described in Cisco’s advisory Cisco-SA-20150331-CVE-2015-0682. Connected documents corro...

Code injection

The SNMP implementation in Cisco IOS 15.12SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System VSS is configured, allows remote authenticated users to cause a denial of service device crash by performing SNMP polling, aka Bug ID CSCuq04574...

CVE-2015-0687

Cisco Catalyst 4500 devices running Cisco IOS 15.1(2)SG4 with a single-switch VSS configuration are vulnerable to a SNMP polling DoS (device crash) when an authenticated remote user polls SNMP. Root cause is described as an issue in the SNMP implementation; exact condition is not fully detailed i...

CVE-2015-0687

The SNMP implementation in Cisco IOS 15.12SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System VSS is configured, allows remote authenticated users to cause a denial of service device crash by performing SNMP polling, aka Bug ID CSCuq04574...

CVE-2014-9713

CVE-2014-9713 affects the OpenLDAP package in Debian where the default slapd configuration allows an authenticated remote user to modify their own permissions and other user attributes via unspecified vectors. The issue stems from a unsafe/default access-control setup, enabling attribute manipula...

CVE-2014-9713

The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors...

Code injection

Unspecified vulnerability in Powershell Operations in HP Operations Orchestration 9.x and 10.x allows remote authenticated users to obtain sensitive information via unknown vectors...

Code injection

Cisco Unified Call Manager CM 9.12.1000.28 does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq44439...

CVE-2015-2757

The ePO extension in McAfee Data Loss Prevention Endpoint DLPe before 9.3 Patch 4 Hotfix 16 9.3.416.4 allows remote authenticated users to cause a denial of service database lock or license corruption via unspecified vectors...

CVE-2015-0673

Cisco Mobility Services Engine MSE 8.0110.0 allows remote authenticated users to discover the passwords of arbitrary users by 1 reading log files or 2 using an unspecified GUI feature, aka Bug ID CSCut24792...