Latest CVE Feed
-
2.1
LOWCVE-2015-1996
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information by leveraging an unattended workstation.... Read more
- Published: Nov. 08, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-1995
Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.... Read more
- Published: Nov. 08, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-1994
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to... Read more
- Published: Nov. 08, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-1993
IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an ht... Read more
- Published: Nov. 08, 2015
- Modified: Apr. 12, 2025
-
6.5
MEDIUMCVE-2015-1989
SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.... Read more
- Published: Nov. 08, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2015-7395
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 FP002 for SmartCloud Control Desk; and Maximo Asset Manag... Read more
Affected Products : maximo_asset_management maximo_for_life_sciences maximo_for_nuclear_power maximo_for_oil_and_gas maximo_for_transportation maximo_for_utilities smartcloud_control_desk change_and_configuration_management_database maximo_for_government tivoli_asset_management_for_it +1 more products- Published: Nov. 08, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-7254
Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.... Read more
- Published: Nov. 07, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-6476
Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x devices with firmware before 1.98, and EKI-136x devices with firmware before 1.27 have hardcoded SSH keys, which makes it easier for remote attackers to obtain access via an SSH session.... Read more
Affected Products : eki-1321_series_firmware eki-1322_series_firmware eki-1361_series_firmware eki-1362_series_firmware eki-122x_series_firmware eki-1221 eki-1221d eki-1222 eki-1222d eki-1224 +4 more products- Published: Nov. 07, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-8082
The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection mechanism by leveraging a contributed user authentication ... Read more
Affected Products : login_disable- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-8081
The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block.... Read more
Affected Products : field_as_block- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-7809
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template.... Read more
Affected Products : twig- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-7763
rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a... Read more
Affected Products : openafs- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-7762
rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attackers to obtain sensitive information by (1) conducting a r... Read more
- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-6855
hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain IDE commands, as demonstrated by a WIN_READ_NATIVE_MAX c... Read more
Affected Products : ubuntu_linux fedora debian_linux qemu linux_enterprise_server linux_enterprise_desktop eos- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-5225
Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspe... Read more
- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025
-
4.0
MEDIUMCVE-2014-9749
Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest authentication is used, allow remote authenticated users to retain access by leveraging a stale nonce, aka "Nonce replay vulnerability."... Read more
- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025
-
4.3
MEDIUMCVE-2015-7697
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.... Read more
- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-7696
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.... Read more
- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025
-
9.0
HIGHCVE-2015-7394
The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP G... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_edge_gateway +8 more products- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025
-
6.1
MEDIUMCVE-2015-6546
The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, and LTM 11.0.0 before 11.6.0, BIG-IP AAM 11.4.0 before 11.6.0, BIG-IP AFM and PEM 11.3.0 before 11.6.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.0.0 through 11.3.0, BIG-IP PSM 11... Read more
Affected Products : big-ip_access_policy_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_application_acceleration_manager big-ip_application_security_manager big-ip_global_traffic_manager big-ip_link_controller big-ip_local_traffic_manager big-ip_policy_enforcement_manager big-ip_edge_gateway +3 more products- Published: Nov. 06, 2015
- Modified: Apr. 12, 2025