The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2015-1200 | Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to bypass the intended access restrictions. | Low | Jan 26, 2015 |
CVE-2015-1199 | Directory traversal vulnerability in ppmd 10.1-5. | Medium | Sep 5, 2017 |
CVE-2015-1198 | Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. | Medium | Sep 6, 2017 |
CVE-2015-1197 | cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive.<a href=http://cwe.mitre.org/data/definitions/61.html>CWE-61: UNIX Symbolic Link (Symlink) Following</a> | Low | Feb 20, 2015 |
CVE-2015-1196 | GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | Medium | Jan 23, 2015 |
CVE-2015-1195 | The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-9493. | Medium | Jan 25, 2015 |
CVE-2015-1194 | pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | Medium | Jan 23, 2015 |
CVE-2015-1193 | Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. | Medium | Jan 23, 2015 |
CVE-2015-1192 | Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive. | Medium | Jan 23, 2015 |
CVE-2015-1191 | Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. | Medium | Jan 23, 2015 |
CVE-2015-1188 | The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors. | High | May 21, 2015 |
CVE-2015-1187 | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp. | HIGH | Sep 21, 2017 |
CVE-2015-1182 | The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ASN.1 sequence in a certificate.<a href=http://cwe.mitre.org/data/definitions/824.html>CWE-824: Access of Uninitialized Pointer</a> | High | Jan 28, 2015 |
CVE-2015-1180 | Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet. | Medium | Jan 26, 2015 |
CVE-2015-1179 | Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2) dpxid, or (3) pid parameter. | Medium | Jan 26, 2015 |
CVE-2015-1178 | Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id parameter. | Medium | Jan 26, 2015 |
CVE-2015-1177 | Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. | Medium | Aug 31, 2017 |
CVE-2015-1176 | Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action. | Medium | Jan 26, 2015 |
CVE-2015-1175 | Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter. | Medium | Jan 26, 2015 |
CVE-2015-1174 | Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id. | High | Aug 7, 2017 |
CVE-2015-1173 | Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted received parameters. | High | Sep 17, 2015 |
CVE-2015-1172 | Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory.<a href=http://cwe.mitre.org/data/definitions/434.html>CWE-434: Unrestricted Upload of File with Dangerous Type</a> | High | Feb 12, 2015 |
CVE-2015-1171 | Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file. | HIGH | Aug 28, 2015 |
CVE-2015-1170 | The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a kernel administrator check, which allows local users to gain administrator privileges via unspecified API calls. | High | Mar 9, 2015 |
CVE-2015-1169 | Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP authentication. | High | Feb 11, 2015 |
CVE-2015-1165 | RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. | Medium | Mar 10, 2015 |
CVE-2015-1164 | Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.<a href=http://cwe.mitre.org/data/definitions/601.html>CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a> | Medium | Jan 23, 2015 |
CVE-2015-1160 | Rejected reason: This candidate is unused by its CNA. | -- | Nov 7, 2023 |
CVE-2015-1159 | A cross-site scripting bug in the CUPS templating engine allows this bug to be exploited when a user browses the web. This XSS is reachable in the default configuration for Linux instances of CUPS, and allows an attacker to bypass default configuration settings that bind the CUPS scheduler to the \'localhost\' or loopback interface. | MEDIUM | Jun 13, 2015 |
CVE-2015-1158 | Cupsd uses reference-counted strings with global scope. When parsing a print job request, cupsd over-decrements the reference count for a string from the request. As a result, an attacker can prematurely free an arbitrary string of global scope. They can use this to dismantle ACLs protecting privileged operations, and upload a replacement configuration file, and subsequently run arbitrary code on a target machine. | HIGH | Jun 13, 2015 |
CVE-2015-1157 | CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message. | High | May 28, 2015 |
CVE-2015-1156 | The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass the Same Origin Policy for a link's target, and spoof the user interface, via a crafted web site. | Medium | May 13, 2015 |
CVE-2015-1155 | The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. | Medium | May 13, 2015 |
CVE-2015-1154 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153. | Medium | May 13, 2015 |
CVE-2015-1153 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154. | Medium | May 13, 2015 |
CVE-2015-1152 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154. | Medium | May 13, 2015 |
CVE-2015-1151 | Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. | Medium | Apr 29, 2015 |
CVE-2015-1150 | The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule blocking was intended. | Medium | Apr 29, 2015 |
CVE-2015-1149 | Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type conversion. | High | Apr 14, 2015 |
CVE-2015-1148 | Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. | Medium | Apr 14, 2015 |
CVE-2015-1147 | Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by sniffing the network. | Medium | Apr 14, 2015 |
CVE-2015-1146 | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1145. | Low | Apr 14, 2015 |
CVE-2015-1145 | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE-2015-1146. | Low | Apr 14, 2015 |
CVE-2015-1144 | Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted Uniform Type Identifier. | High | Apr 14, 2015 |
CVE-2015-1143 | LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted localized string, related to a type confusion issue.<a href=http://cwe.mitre.org/data/definitions/843.html>CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a> | High | Apr 14, 2015 |
CVE-2015-1142 | LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. | Low | Apr 14, 2015 |
CVE-2015-1141 | The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. | Medium | Apr 14, 2015 |
CVE-2015-1140 | Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors. | High | Apr 14, 2015 |
CVE-2015-1139 | ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted .sgi file. | Medium | Apr 14, 2015 |
CVE-2015-1138 | Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. | Medium | Apr 14, 2015 |