Uncategorized CVEs — 2015 (Page 5/23)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2015-10-21

Medium

CVE-2015-4862

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVSS: 4.0CWE: N/A

Low

CVE-2015-4861

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

CVSS: 3.5CWE: N/A

Critical

CVE-2015-4860

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI…

CVSS: 10.0CWE: N/A

Medium

CVE-2015-4859

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect confidentiality and integ…

CVSS: 5.8CWE: N/A

Medium

CVE-2015-4858

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerabi…

CVSS: 4.0CWE: N/A

Medium

CVE-2015-4857

Unspecified vulnerability in the RDBMS component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

CVSS: 5.5CWE: N/A

Medium

CVE-2015-4856

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.30, 4.1.38, 4.2.30, 4.3.26, and 5.0.0 allows local users to affect availability via unkn…

CVSS: 4.9CWE: N/A

Medium

CVE-2015-4854

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vect…

CVSS: 4.3CWE: N/A

Medium

CVE-2015-4851

Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and avai…

CVSS: 6.8CWE: N/A

Medium

CVE-2015-4850

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors re…

CVSS: 5.5CWE: N/A

Medium

CVE-2015-4849

Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and a…

CVSS: 6.8CWE: N/A

Medium

CVE-2015-4848

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown v…

CVSS: 5.0CWE: N/A

Medium

CVE-2015-4847

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related…

CVSS: 4.3CWE: N/A

Low

CVE-2015-4846

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentia…

CVSS: 3.6CWE: N/A

Medium

CVE-2015-4845

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality…

CVSS: 4.3CWE: N/A

Critical

CVE-2015-4844

CVSS: 10.0CWE: N/A

Critical

CVE-2015-4843

CVSS: 10.0CWE: N/A

Medium

CVE-2015-4842

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP.

CVSS: 5.0CWE: N/A

Medium

CVE-2015-4841

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM IP2014 and IP2015 allows remote attackers to affect confidentiality via unknown vectors related to Servi…

CVSS: 4.3CWE: N/A

Medium

CVE-2015-4840

Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D.

CVSS: 5.0CWE: N/A

Critical

CVE-2015-4839

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via…

CVSS: 10.0CWE: N/A

Medium

CVE-2015-4838

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote authenticated users to affect confidentiality via vectors…

CVSS: 4.0CWE: N/A

Medium

CVE-2015-4837

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Security.

CVSS: 6.6CWE: N/A

Low

CVE-2015-4836

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP.

CVSS: 2.8CWE: N/A

Critical

CVE-2015-4835

CVSS: 10.0CWE: N/A

Low

CVE-2015-4834

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones.

CVSS: 3.7CWE: N/A

Medium

CVE-2015-4833

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition.

CVSS: 4.0CWE: N/A

Medium

CVE-2015-4832

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.2, and 11.1.2.3 allows remote attackers to affect integrity via vectors related to OIM…

CVSS: 4.3CWE: N/A

Medium

CVE-2015-4831

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4822.

CVSS: 4.9CWE: N/A

Medium

CVE-2015-4830

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Pri…

CVSS: 4.0CWE: N/A

Medium

CVE-2015-4828

Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via vectors related to FIN Resource…

CVSS: 4.0CWE: N/A

Medium

CVE-2015-4827

Unspecified vulnerability in the Oracle Retail Open Commerce Platform component in Oracle Retail Applications 3.0 allows remote attackers to affect confidentiality and integrity via unknown vectors r…

CVSS: 6.4CWE: N/A

Medium

CVE-2015-4826

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types.

CVSS: 4.0CWE: N/A

Low

CVE-2015-4825

Unspecified vulnerability in the PeopleSoft Enterprise FIN Expenses component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related…

CVSS: 3.5CWE: N/A

Low

CVE-2015-4824

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Secu…

CVSS: 2.1CWE: N/A

Low

CVE-2015-4823

Unspecified vulnerability in the Hyperion Installation Technology component in Oracle Hyperion 11.1.2.3 allows local users to affect confidentiality via unknown vectors related to Essbase Rapid Deplo…

CVSS: 1.2CWE: N/A

Low

CVE-2015-4822

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831.

CVSS: 1.2CWE: N/A

Critical

CVE-2015-4821

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, an…

CVSS: 9.3CWE: N/A

Medium

CVE-2015-4820

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnera…

CVSS: 6.2CWE: N/A

High

CVE-2015-4819

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to C…

CVSS: 7.2CWE: N/A

Medium

CVE-2015-4818

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors r…

CVSS: 5.5CWE: N/A

Medium

CVE-2015-4817

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver.

CVSS: 6.2CWE: N/A

Medium

CVE-2015-4816

Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.

CVSS: 4.0CWE: N/A

Medium

CVE-2015-4815

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.

CVSS: 4.0CWE: N/A

Low

CVE-2015-4813

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users…

CVSS: 2.1CWE: N/A

Low

CVE-2015-4812

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module.

CVSS: 2.6CWE: N/A

Low

CVE-2015-4811

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In…

CVSS: 1.5CWE: N/A

Medium

CVE-2015-4810

Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS: 6.9CWE: N/A

Low

CVE-2015-4809

CVSS: 1.5CWE: N/A

Low

CVE-2015-4807

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors relat…

CVSS: 3.5CWE: N/A

Medium

CVE-2015-4806

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.

CVSS: 6.4CWE: N/A

Critical

CVE-2015-4805

CVSS: 10.0CWE: N/A

Medium

CVE-2015-4804

Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Management component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via un…

CVSS: 4.0CWE: N/A

Medium

CVE-2015-4803

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different v…

CVSS: 5.0CWE: N/A

Medium

CVE-2015-4802

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition,…

CVSS: 4.0CWE: N/A

Low

CVE-2015-4801

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones.

CVSS: 2.1CWE: N/A

Medium

CVE-2015-4800

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

CVSS: 4.0CWE: N/A

Medium

CVE-2015-4799

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.1, and 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related…

CVSS: 4.3CWE: N/A

Critical

CVE-2015-4798

CVSS: 10.0CWE: N/A

Low

CVE-2015-4797

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security.

CVSS: 3.5CWE: N/A

Critical

CVE-2015-4796

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, in…

CVSS: 9.0CWE: N/A

High

CVE-2015-4795

Unspecified vulnerability in the Oracle Utilities Work and Asset Management component in Oracle Industry Applications 1.9.1.1.2 allows remote attackers to affect confidentiality, integrity, and avail…

CVSS: 7.5CWE: N/A

Critical

CVE-2015-4794

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability…

CVSS: 9.0CWE: N/A

Medium

CVE-2015-4793

Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors…

CVSS: 4.3CWE: N/A

Low

CVE-2015-4792

CVSS: 1.7CWE: N/A

Low

CVE-2015-4791

Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.

CVSS: 3.5CWE: N/A

Low

CVE-2015-4766

Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.

CVSS: 1.9CWE: N/A

Medium

CVE-2015-4762

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related…

CVSS: 4.0CWE: N/A

Medium

CVE-2015-4734

Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS.

CVSS: 5.0CWE: N/A

Medium

CVE-2015-4730

Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.

CVSS: 4.0CWE: N/A

Medium

CVE-2015-2642

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip.

CVSS: 4.4CWE: N/A

Low

CVE-2015-2633

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.0.1 and 12.2.2 allows remote authenticated users to affect confidentiality and…

CVSS: 3.6CWE: N/A

Critical

CVE-2015-2608

Unspecified vulnerability in (1) the Oracle Communications Diameter Signaling Router (DSR) component in Oracle Communications Applications 4.1.6 and earlier, 5.1.0 and earlier, 6.0.2 and earlier, and…

CVSS: 10.0CWE: N/A

Medium

CVE-2015-1829

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unkno…

CVSS: 5.0CWE: N/A

Medium

CVE-2015-5954

The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users…

CVSS: 4.0CWE: N/A

High

CVE-2015-4717

The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote…

CVSS: 7.8CWE: CWE-399

Medium

CVE-2015-7823

Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in th…

CVSS: 5.8CWE: N/A

2015-10-19

Medium

CVE-2015-7863

The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended No…

CVSS: 5.0CWE: CWE-254

Medium

CVE-2015-7862

Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote a…

CVSS: 5.0CWE: CWE-264

Critical

CVE-2015-7861

Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment…

CVSS: 10.0CWE: CWE-264

High

CVE-2015-7752

The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2…

CVSS: 7.8CWE: CWE-399

Medium

CVE-2015-7751

Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 befor…

CVSS: 6.9CWE: CWE-264

Medium

CVE-2015-7833

The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of serv…

CVSS: 4.9CWE: CWE-17

Medium

CVE-2015-7799

The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL po…

CVSS: 4.9CWE: N/A

Medium

CVE-2015-6937

The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have u…

CVSS: 4.9CWE: N/A

Low

CVE-2015-6252

The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that trig…

CVSS: 2.1CWE: CWE-399

Medium

CVE-2015-0275

The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.

CVSS: 4.9CWE: CWE-17

2015-10-18

Medium

CVE-2015-6482

Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request.

CVSS: 5.0CWE: N/A

Medium

CVE-2015-6846

EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption keys, which makes it easier for attackers to obtain access by examining how a program's code conducts cryptographic operations.

CVSS: 6.8CWE: CWE-255

High

CVE-2015-6845

EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID.

CVSS: 7.5CWE: N/A

Critical

CVE-2015-7648

Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2.202.540 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type conf…

CVSS: 10.0CWE: N/A

Critical

CVE-2015-7647

CVSS: 10.0CWE: N/A

Critical

CVE-2015-7642

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before…

CVSS: 10.0CWE: N/A

Critical

CVE-2015-7641

CVSS: 10.0CWE: N/A

Critical

CVE-2015-7640

CVSS: 10.0CWE: N/A

Critical

CVE-2015-7639

CVSS: 10.0CWE: N/A

Critical

CVE-2015-7638

CVSS: 10.0CWE: N/A

Critical

CVE-2015-7637

CVSS: 10.0CWE: N/A

Critical

CVE-2015-7636

CVSS: 10.0CWE: N/A

Critical

CVE-2015-7635

CVSS: 10.0CWE: N/A

2015-10-16

Critical

CVE-2015-7856

OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attackers to obtain access by leveraging knowledge of the credentials.

CVSS: 10.0CWE: CWE-255

High

CVE-2015-1814

The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.

CVSS: 7.5CWE: CWE-264

Medium

CVE-2015-1810

The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote…

CVSS: 4.6CWE: CWE-264

Medium

CVE-2015-1806

The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code o…

CVSS: 6.5CWE: CWE-264

High

CVE-2014-6451

J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors.

CVSS: 7.8CWE: N/A

Medium

CVE-2014-6449

Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R…

CVSS: 5.0CWE: CWE-399

Medium

CVE-2015-6333

Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

CVSS: 4.6CWE: CWE-264

Medium

CVE-2015-4948

netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVSS: 6.9CWE: CWE-264

High

CVE-2013-7445

The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a deni…

CVSS: 7.8CWE: CWE-399

2015-10-15

High

CVE-2015-7840

The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature.

CVSS: 7.5CWE: CWE-264

High

CVE-2015-7834

Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknow…

CVSS: 7.5CWE: N/A

High

CVE-2015-7645

Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF f…

CVSS: 7.8CWE: N/A

High

CVE-2015-6763

Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVSS: 7.5CWE: N/A

High

CVE-2015-6762

The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the…

CVSS: 7.5CWE: CWE-254

High

CVE-2015-6760

The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attack…

CVSS: 7.5CWE: CWE-17

Medium

CVE-2015-6758

The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, w…

CVSS: 6.8CWE: CWE-17

High

CVE-2015-6757

Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a…

CVSS: 7.5CWE: N/A

Medium

CVE-2015-6756

Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of s…

CVSS: 6.8CWE: N/A

High

CVE-2015-6755

The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent…

CVSS: 7.5CWE: CWE-264

Critical

CVE-2015-7644

CVSS: 10.0CWE: N/A