CVE Daily
← All years

Uncategorized 2015

Page 6/23.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2015-10-15
Critical

CVE-2015-7643

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-7631

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-7629

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before…

CVSS: 9.3CWE: N/A
Read more
2015-10-14
Medium

CVE-2015-7623

The ANAuthenticateResource method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-7620

The ANSendForBrowserReview method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-7616

The ANVerifyComments method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Con…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-7614

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 o…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6725

The ANSendForSharedReview method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader D…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6724

The ANSendForApproval method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Co…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6723

The ANTrustPropagateAll method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6722

The CBSharedReviewStatusDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Rea…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6721

The CBSharedReviewSecurityDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat R…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6720

The ANRunSharedReviewEmailStep method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Rea…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6719

The CBSharedReviewCloseDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Read…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6718

The CBSharedReviewIfOfflineDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6717

The DynamicAnnotStore method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Co…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6716

The ANSendForFormDistribution method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Read…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6715

The Function apply implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6714

The Function bind implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader D…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2015-6713

The Function call implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader D…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2015-6712

The ANSendApprovalToAuthorEnabled method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6711

The DoIdentityDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Con…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6710

The CBBBRInit method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6709

The CBBBRInvite method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuo…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6708

The ANStartApproval method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Cont…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-6707

The ANSendForReview method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Cont…

CVSS: 6.8CWE: N/A
Read more
Critical

CVE-2015-5569

Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK &…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2015-7371

Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2015-6051

Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-6047

The broker EditWith feature in Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the AppContainer protection mechanism and gain privileges via a DelegateExecute launch of an…

CVSS: 6.8CWE: CWE-264
Read more
Medium

CVE-2015-6044

Microsoft Internet Explorer 8 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevati…

CVSS: 6.8CWE: CWE-264
Read more
Critical

CVE-2015-2558

Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pac…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-2555

Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 and 2…

CVSS: 9.3CWE: N/A
Read more
High

CVE-2015-2554

The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2015-2553

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandl…

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2015-2552

The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows physically proximate attackers to bypass the Trusted Boot protection me…

CVSS: 7.2CWE: CWE-254
Read more
High

CVE-2015-2550

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows l…

CVSS: 7.2CWE: CWE-264
Read more
Critical

CVE-2015-2548

Use-after-free vulnerability in the Tablet Input Band in Windows Shell in Microsoft Windows Vista SP2 and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "…

CVSS: 9.3CWE: N/A
Read more
2015-10-13
Medium

CVE-2015-6332

Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID CSCuv56830.

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2015-6315

Cisco Aironet 1850 access points with software 8.1(112.4) allow local users to gain privileges via crafted CLI commands, aka Bug ID CSCuv79694.

CVSS: 7.2CWE: CWE-264
Read more
2015-10-12
Medium

CVE-2015-6322

The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-…

CVSS: 6.6CWE: CWE-264
Read more
Medium

CVE-2015-4325

The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process…

CVSS: 6.9CWE: CWE-264
Read more
Medium

CVE-2015-4265

Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C…

CVSS: 4.9CWE: CWE-399
Read more
Critical

CVE-2015-2342

The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitr…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2015-6263

The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers,…

CVSS: 6.3CWE: CWE-399
Read more
High

CVE-2015-4548

EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file.

CVSS: 7.2CWE: CWE-264
Read more
2015-10-09
Critical

CVE-2015-7766

PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as…

CVSS: 9.0CWE: CWE-264
Read more
Critical

CVE-2015-7765

ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access…

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2015-7760

libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by…

CVSS: 5.0CWE: CWE-399
Read more
Critical

CVE-2015-5922

Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2015-5915

Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.

CVSS: 5.0CWE: CWE-17
Read more
Medium

CVE-2015-5914

The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted cod…

CVSS: 4.7CWE: CWE-17
Read more
Medium

CVE-2015-5902

The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors.

CVSS: 4.9CWE: N/A
Read more
High

CVE-2015-5900

The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes t…

CVSS: 7.1CWE: CWE-254
Read more
Medium

CVE-2015-5897

The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.

CVSS: 4.6CWE: CWE-264
Read more
Medium

CVE-2015-5894

The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it…

CVSS: 4.3CWE: CWE-17
Read more
High

CVE-2015-5889

rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2015-5888

The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.

CVSS: 7.2CWE: CWE-264
Read more
Critical

CVE-2015-5887

The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent,…

CVSS: 10.0CWE: CWE-17
Read more
Medium

CVE-2015-5849

The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leverag…

CVSS: 6.8CWE: CWE-264
Read more
High

CVE-2015-5833

The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unatt…

CVSS: 7.2CWE: CWE-254
Read more
Low

CVE-2015-3785

The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

CVSS: 1.9CWE: N/A
Read more
2015-10-08
Medium

CVE-2015-6311

Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), 7.3(101.0), and 7.4(1.19) allow remote attackers to cause a denial of service (device outage) by sending malformed 802.11i manage…

CVSS: 6.1CWE: CWE-399
Read more
Medium

CVE-2015-6310

The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request,…

CVSS: 5.0CWE: CWE-399
Read more
2015-10-06
Medium

CVE-2015-7718

mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2015-7717

mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2…

CVSS: 9.3CWE: CWE-264
Read more
High

CVE-2015-7600

Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the Applica…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2015-6607

SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586.

CVSS: 6.8CWE: CWE-264
Read more
Critical

CVE-2015-6606

The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signatu…

CVSS: 9.3CWE: CWE-264
Read more
Medium

CVE-2015-6605

mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability th…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2015-6596

mediaserver in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bugs 20731946 and 20719651, a different vulnerability than CVE-2015-7717.

CVSS: 9.3CWE: CWE-264
Read more
Critical

CVE-2015-3879

Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325.

CVSS: 9.3CWE: CWE-264
Read more
Medium

CVE-2015-3878

Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information…

CVSS: 4.3CWE: CWE-264
Read more
Critical

CVE-2015-3865

The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bu…

CVSS: 9.3CWE: CWE-264
Read more
Medium

CVE-2015-3862

mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2015-3847

Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270.

CVSS: 6.4CWE: CWE-264
Read more
High

CVE-2015-5652

Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE…

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2015-5645

ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors.

CVSS: 6.5CWE: CWE-264
Read more
Medium

CVE-2015-5640

baserCMS before 3.0.8 allows remote authenticated users to modify arbitrary user settings via a crafted request.

CVSS: 6.5CWE: CWE-264
Read more
Medium

CVE-2015-4964

IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by…

CVSS: 6.0CWE: CWE-264
Read more
High

CVE-2015-3938

The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter.

CVSS: 7.8CWE: CWE-399
Read more
2015-10-05
Critical

CVE-2015-7709

The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted req…

CVSS: 10.0CWE: CWE-264
Read more
Medium

CVE-2015-7707

Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.

CVSS: 6.5CWE: CWE-264
Read more
Low

CVE-2015-7323

The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypa…

CVSS: 3.5CWE: CWE-264
Read more
Medium

CVE-2015-7685

GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php.

CVSS: 4.0CWE: CWE-264
Read more
Critical

CVE-2015-7684

Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrary code by adding a file with an executable extension as an attachment to a new ticket, then accessi…

CVSS: 9.0CWE: N/A
Read more
2015-10-04
Medium

CVE-2015-2030

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2015-2029

Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to hijack web sessions via a session identifier.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-2028

CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2015-2027

IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an una…

CVSS: 2.1CWE: CWE-264
Read more
Critical

CVE-2015-2016

Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unkno…

CVSS: 9.0CWE: N/A
Read more
Medium

CVE-2015-1934

IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001…

CVSS: 5.0CWE: CWE-310
Read more
2015-10-03
Medium

CVE-2015-0142

IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and…

CVSS: 4.0CWE: CWE-264
Read more
2015-10-02
Medium

CVE-2015-6309

Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests,…

CVSS: 6.8CWE: CWE-399
Read more
Medium

CVE-2015-6308

Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36…

CVSS: 4.0CWE: CWE-399
Read more
High

CVE-2015-2858

Datalex airline booking software before 2015-09-03 allows remote attackers to read or write to arbitrary user data via a modified profileId parameter to (1) ValidateFormAction.do or (2) ProfileConfir…

CVSS: 7.5CWE: N/A
Read more
2015-10-01
Low

CVE-2015-7311

libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.

CVSS: 3.6CWE: CWE-17
Read more
High

CVE-2015-7236

Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMA…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2015-6575

SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (in…

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2015-3864

Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code vi…

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2015-3863

Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an appl…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2015-3861

Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denia…

CVSS: 5.0CWE: CWE-189
Read more
Critical

CVE-2015-3858

The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypas…

CVSS: 9.3CWE: CWE-264
Read more
Critical

CVE-2015-3849

The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attacke…

CVSS: 9.3CWE: CWE-264
Read more
Medium

CVE-2015-3845

The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation,…

CVSS: 6.8CWE: CWE-264
Read more
Medium

CVE-2015-3844

The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect proce…

CVSS: 6.8CWE: CWE-264
Read more
Critical

CVE-2015-3843

The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent,…

CVSS: 9.3CWE: CWE-264
Read more
Critical

CVE-2015-3836

The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows rem…

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2015-3834

Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted appl…

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2015-3829

Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial…

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2015-1539

Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atom…

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2015-1538

Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted…

CVSS: 10.0CWE: CWE-189
Read more
High

CVE-2015-1536

Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or…

CVSS: 8.5CWE: CWE-189
Read more
Critical

CVE-2015-1528

Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2014-7917

Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2014-7916

Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.

CVSS: 10.0CWE: CWE-189
Read more
Critical

CVE-2014-7915

Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.

CVSS: 10.0CWE: CWE-189
Read more
2015-09-30
Medium

CVE-2015-5435

Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors.

CVSS: 4.0CWE: N/A
Read more
2015-09-29
Medium

CVE-2015-5442

Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors.

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2015-0852

Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width o…

CVSS: 5.0CWE: CWE-189
Read more
>