Lucene search

K

36 matches found

CVE
CVE
added 2015/07/20 11:59 p.m.1524 views

CVE-2015-3185

The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather than an authentication setting, which allows remote attackers to bypass intended access restrictions...

4.3CVSS6.6AI score0.06515EPSS
CVE
CVE
added 2015/07/16 10:59 a.m.1108 views

CVE-2015-2590

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-4732.

10CVSS4.2AI score0.76849EPSS
CVE
CVE
added 2015/07/23 12:59 a.m.302 views

CVE-2015-1283

Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a relate...

6.8CVSS8.4AI score0.05699EPSS
CVE
CVE
added 2015/07/06 2:0 a.m.160 views

CVE-2015-2721

Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attack...

4.3CVSS4.1AI score0.00516EPSS
CVE
CVE
added 2015/07/14 5:59 p.m.139 views

CVE-2015-5143

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.

7.8CVSS6.3AI score0.04798EPSS
CVE
CVE
added 2015/07/16 10:59 a.m.133 views

CVE-2015-2582

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

4CVSS4.6AI score0.00679EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.118 views

CVE-2015-4757

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier and 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

3.5CVSS4.6AI score0.00725EPSS
CVE
CVE
added 2015/07/16 10:59 a.m.116 views

CVE-2015-2620

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.

4.3CVSS4.4AI score0.00464EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.116 views

CVE-2015-2648

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4CVSS4.6AI score0.00725EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.115 views

CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.

4CVSS4.6AI score0.00501EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.108 views

CVE-2015-2739

The ArrayBufferBuilder::append function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which has unspecified impact and attack vectors.

10CVSS4.4AI score0.00748EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.107 views

CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

4CVSS4.6AI score0.00725EPSS
CVE
CVE
added 2015/07/06 2:0 a.m.104 views

CVE-2015-2724

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code ...

10CVSS6.2AI score0.01739EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.104 views

CVE-2015-2738

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

10CVSS4.4AI score0.00945EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.102 views

CVE-2015-4737

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.

3.5CVSS4.4AI score0.00243EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.100 views

CVE-2015-2639

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Firewall.

3.5CVSS4.5AI score0.00323EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.98 views

CVE-2015-2734

The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D 9 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

10CVSS4.4AI score0.00945EPSS
CVE
CVE
added 2015/07/14 5:59 p.m.98 views

CVE-2015-5144

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a ...

4.3CVSS6.5AI score0.01493EPSS
CVE
CVE
added 2015/07/14 4:59 p.m.97 views

CVE-2015-3258

Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a small line size in a print job.

7.5CVSS8.1AI score0.10406EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.95 views

CVE-2015-2737

The rx::d3d11::SetBufferData function in the Direct3D 11 implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors.

10CVSS4.4AI score0.00945EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.93 views

CVE-2015-2740

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

10CVSS5AI score0.04143EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.92 views

CVE-2015-2735

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

9.3CVSS4.4AI score0.0272EPSS
CVE
CVE
added 2015/07/06 3:59 p.m.92 views

CVE-2015-3281

The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realign a buffer that is used for pending outgoing data, which allows remote attackers to obtain sensitive information (uninitialized memory contents of previous requests) via a crafted request.

5CVSS6AI score0.00094EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.87 views

CVE-2015-2736

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

9.3CVSS4.4AI score0.0272EPSS
CVE
CVE
added 2015/07/16 11:1 a.m.86 views

CVE-2015-4769

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4767.

3.5CVSS4.6AI score0.00822EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.84 views

CVE-2015-2661

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client.

2.1CVSS4.6AI score0.0012EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.83 views

CVE-2015-4761

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached.

3.5CVSS4.5AI score0.00661EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.77 views

CVE-2015-2641

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.

3.5CVSS4.5AI score0.0072EPSS
CVE
CVE
added 2015/07/16 10:59 a.m.75 views

CVE-2015-2611

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4CVSS4.5AI score0.0077EPSS
CVE
CVE
added 2015/07/16 11:0 a.m.73 views

CVE-2015-4767

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different vulnerability than CVE-2015-4769.

1.7CVSS4.6AI score0.00822EPSS
CVE
CVE
added 2015/07/16 10:59 a.m.72 views

CVE-2015-2617

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition.

6.5CVSS4.5AI score0.0066EPSS
CVE
CVE
added 2015/07/16 11:1 a.m.72 views

CVE-2015-4771

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to RBR.

3.5CVSS4.5AI score0.0072EPSS
CVE
CVE
added 2015/07/16 11:1 a.m.69 views

CVE-2015-4772

Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.

4CVSS4.5AI score0.0077EPSS
CVE
CVE
added 2015/07/14 4:59 p.m.68 views

CVE-2015-3279

Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line size in a print job, which triggers a heap-based buffer overflow.

7.5CVSS8.1AI score0.1072EPSS
CVE
CVE
added 2015/07/01 2:59 p.m.67 views

CVE-2015-1330

unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which allows remote man-in-the-middle attackers to upload and execute arbitrary packages via unspecified vect...

6.8CVSS7.1AI score0.00087EPSS
CVE
CVE
added 2015/07/26 10:59 p.m.60 views

CVE-2015-1872

The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via craf...

6.8CVSS7AI score0.00725EPSS