Search for vulnerabilities


CVE-ID
Description
CVSS-Score
V2
V3
CVE-2015-1171 Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.

10.0

None

CVE-2015-1170 The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 before 347.52 does not properly validate local client impersonation levels when performing a "kernel administrator check," wh...

7.2

None

CVE-2015-1169 Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid password to bypass LDAP au...

7.5

None

CVE-2015-1165 RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors.

5.0

None

CVE-2015-1164 Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash sla...

4.3

None

CVE-2015-1159 Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter t...

4.3

None

CVE-2015-1158 The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption f...

10.0

None

CVE-2015-1157 CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifica...

7.8

None

CVE-2015-1156 The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remote attackers to bypass...

4.3

None

CVE-2015-1155 The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site...

4.3

None

CVE-2015-1154 WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted...

6.8

None

CVE-2015-1153 WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted...

6.8

None

CVE-2015-1152 WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted...

6.8

None

CVE-2015-1151 Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client.

5.0

None

CVE-2015-1150 The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for which custom-rule block...

5.0

None

CVE-2015-1149 Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorrect result of a type c...

7.5

None

CVE-2015-1148 Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file.

5.0

None

CVE-2015-1147 Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitive information by snif...

5.0

None

CVE-2015-1146 The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE...

1.9

None

CVE-2015-1145 The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different vulnerability than CVE...

1.9

None