CVE Daily
← All years

Uncategorized 2015

Page 1/23.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2015-12-31
Critical

CVE-2015-5989

Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStat…

CVSS: 9.8CWE: CWE-264
Read more
Critical

CVE-2015-5988

The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session.

CVSS: 9.8CWE: CWE-255
Read more
High

CVE-2015-5987

Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by pred…

CVSS: 8.6CWE: N/A
Read more
High

CVE-2015-1947

Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is…

CVSS: 7.4CWE: N/A
Read more
High

CVE-2015-7283

The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative pr…

CVSS: 8.1CWE: CWE-255
Read more
Critical

CVE-2015-7280

The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative priv…

CVSS: 9.8CWE: CWE-255
Read more
Medium

CVE-2015-7279

Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses b…

CVSS: 5.3CWE: N/A
Read more
Critical

CVE-2015-7277

The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative…

CVSS: 9.8CWE: CWE-255
Read more
High

CVE-2015-6020

ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account.

CVSS: 8.0CWE: CWE-264
Read more
High

CVE-2015-6019

The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by…

CVSS: 8.5CWE: N/A
Read more
Critical

CVE-2015-6018

The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.

CVSS: 9.8CWE: CWE-264
Read more
Critical

CVE-2015-6016

ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows re…

CVSS: 9.8CWE: CWE-255
Read more
Critical

CVE-2015-5995

Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Coo…

CVSS: 9.8CWE: CWE-264
Read more
Medium

CVE-2015-5994

The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the media…

CVSS: 6.8CWE: CWE-255
Read more
High

CVE-2015-2876

Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows…

CVSS: 8.8CWE: N/A
Read more
Critical

CVE-2015-2874

Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root acc…

CVSS: 9.8CWE: CWE-255
Read more
High

CVE-2014-3260

Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the controller-to-base data stream by leveraging improper use of cryptography.

CVSS: 7.5CWE: CWE-310
Read more
2015-12-30
Medium

CVE-2015-7793

Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.

CVSS: 5.8CWE: CWE-17
Read more
Critical

CVE-2015-7792

Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.

CVSS: 9.8CWE: CWE-264
Read more
High

CVE-2015-7788

ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors.

CVSS: 7.3CWE: CWE-264
Read more
Critical

CVE-2015-7251

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session.

CVSS: 9.8CWE: CWE-255
Read more
Medium

CVE-2015-7249

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypass intended access restrictions via a modified request, as demonstrated by leveraging the support a…

CVSS: 4.9CWE: CWE-264
Read more
High

CVE-2015-5663

The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the u…

CVSS: 7.4CWE: CWE-264
Read more
2015-12-29
High

CVE-2015-7540

The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values to ensure successful ASN.1 memory allocation, which allows remote attackers to cause a denial of se…

CVSS: 7.5CWE: CWE-399
Read more
High

CVE-2015-5252

vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended f…

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2015-3223

The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles certain zero va…

CVSS: 5.3CWE: CWE-189
Read more
2015-12-28
High

CVE-2015-8650

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8649

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8648

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8647

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8646

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8644

Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8643

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8642

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8641

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8640

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8639

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8638

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8635

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-8634

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-6850

EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session.

CVSS: 8.4CWE: CWE-264
Read more
Medium

CVE-2015-8660

The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and m…

CVSS: 6.7CWE: CWE-264
Read more
High

CVE-2015-8543

The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users…

CVSS: 7.0CWE: N/A
Read more
Medium

CVE-2013-7446

Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket permissions or cause a denial of service (panic) via crafted e…

CVSS: 5.3CWE: N/A
Read more
2015-12-27
Critical

CVE-2015-6538

The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access…

CVSS: 9.8CWE: N/A
Read more
High

CVE-2015-8263

NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the de…

CVSS: 8.6CWE: N/A
Read more
Medium

CVE-2015-8262

Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof r…

CVSS: 6.8CWE: N/A
Read more
2015-12-24
High

CVE-2015-8664

Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly h…

CVSS: 8.8CWE: CWE-189
Read more
Critical

CVE-2015-6792

The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (applicatio…

CVSS: 9.8CWE: N/A
Read more
Critical

CVE-2015-7930

Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-8267

The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords…

CVSS: 10.0CWE: CWE-264
Read more
2015-12-23
High

CVE-2015-7924

eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveragi…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2015-7917

Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS: 7.2CWE: N/A
Read more
Critical

CVE-2015-7911

Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.2…

CVSS: 9.1CWE: CWE-255
Read more
Medium

CVE-2015-6431

Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405.

CVSS: 6.5CWE: CWE-399
Read more
2015-12-21
High

CVE-2015-4545

EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account…

CVSS: 8.0CWE: CWE-264
Read more
Critical

CVE-2015-7919

SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors.

CVSS: 10.0CWE: CWE-264
Read more
Critical

CVE-2015-7906

LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors.

CVSS: 10.0CWE: CWE-255
Read more
High

CVE-2015-6481

The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login se…

CVSS: 8.3CWE: N/A
Read more
Medium

CVE-2015-5001

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a…

CVSS: 4.3CWE: CWE-399
Read more
2015-12-19
Medium

CVE-2015-7756

The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 befor…

CVSS: 5.0CWE: CWE-310
Read more
Medium

CVE-2015-6429

The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a…

CVSS: 5.0CWE: CWE-19
Read more
2015-12-18
Medium

CVE-2015-6427

Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka…

CVSS: 5.0CWE: CWE-254
Read more
High

CVE-2015-6424

The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspeci…

CVSS: 7.2CWE: CWE-255
Read more
2015-12-17
High

CVE-2015-8600

The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vec…

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2015-8368

ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.

CVSS: 6.0CWE: CWE-254
Read more
High

CVE-2015-8341

The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allow…

CVSS: 7.8CWE: CWE-399
Read more
Medium

CVE-2015-8340

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host cr…

CVSS: 4.7CWE: CWE-17
Read more
Medium

CVE-2015-8339

The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host…

CVSS: 4.7CWE: CWE-19
Read more
High

CVE-2015-8338

Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_me…

CVSS: 7.2CWE: CWE-254
Read more
High

CVE-2015-8327

Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via `…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2015-5204

CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2015-4027

The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a p…

CVSS: 7.2CWE: CWE-264
Read more
2015-12-16
Medium

CVE-2015-8580

Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2015-8566

The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2015-8370

Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via…

CVSS: 7.4CWE: CWE-264
Read more
Low

CVE-2015-5304

Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Aud…

CVSS: 3.5CWE: CWE-264
Read more
Medium

CVE-2015-8579

Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass th…

CVSS: 6.4CWE: CWE-264
Read more
Medium

CVE-2015-8578

AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR…

CVSS: 6.4CWE: CWE-264
Read more
Low

CVE-2015-8577

The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platform…

CVSS: 2.6CWE: CWE-264
Read more
Medium

CVE-2015-6425

The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2015-7223

The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted…

CVSS: 4.0CWE: CWE-264
Read more
Medium

CVE-2015-7222

Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2015-7219

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise…

CVSS: 5.0CWE: CWE-189
Read more
Medium

CVE-2015-7218

The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header fra…

CVSS: 5.0CWE: CWE-189
Read more
Medium

CVE-2015-7213

Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote…

CVSS: 6.8CWE: CWE-189
Read more
High

CVE-2015-7212

Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary…

CVSS: 7.5CWE: CWE-189
Read more
High

CVE-2015-7210

Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has b…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2015-7205

Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause…

CVSS: 10.0CWE: CWE-189
Read more
Medium

CVE-2015-7204

Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.

CVSS: 6.8CWE: CWE-17
Read more
2015-12-15
Medium

CVE-2015-8571

Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow.

CVSS: 6.8CWE: CWE-189
Read more
High

CVE-2015-8570

The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request.

CVSS: 7.4CWE: CWE-264
Read more
High

CVE-2015-5312

The xmlStringLenDecodeEntities function in parser.c in libxml2 before 2.9.3 does not properly prevent entity expansion, which allows context-dependent attackers to cause a denial of service (CPU cons…

CVSS: 7.1CWE: CWE-399
Read more
Medium

CVE-2015-6399

The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted param…

CVSS: 6.8CWE: CWE-399
Read more
2015-12-14
Critical

CVE-2015-8548

Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknow…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-6791

Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2015-6788

The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, wh…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2015-6422

The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed reques…

CVSS: 4.0CWE: CWE-399
Read more
2015-12-13
Medium

CVE-2015-6413

Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiti…

CVSS: 4.0CWE: CWE-264
Read more
2015-12-12
High

CVE-2015-6415

Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect 6200 devices allows remote attackers to cause a denial of service (CPU consumption or device outage) via a SYN flood on the SSH po…

CVSS: 7.1CWE: CWE-399
Read more
Medium

CVE-2015-6417

Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to databa…

CVSS: 6.5CWE: CWE-264
Read more
Medium

CVE-2015-6395

Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID C…

CVSS: 6.5CWE: CWE-264
Read more
2015-12-11
Medium

CVE-2015-7804

Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer derefere…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2015-7803

The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash)…

CVSS: 6.8CWE: N/A
Read more
Critical

CVE-2015-7082

Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2015-7081

iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity r…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2015-7078

Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects.

CVSS: 7.2CWE: N/A
Read more
High

CVE-2015-7076

The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

CVSS: 7.2CWE: N/A
Read more
Critical

CVE-2015-7071

The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname.

CVSS: 10.0CWE: CWE-264
Read more
Critical

CVE-2015-7070

Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2015-7069

Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability…

CVSS: 9.3CWE: N/A
Read more
Low

CVE-2015-7067

IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NULL pointer dereference) via an unspecified userclient type.

CVSS: 2.1CWE: N/A
Read more
High

CVE-2015-7063

The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname.

CVSS: 7.2CWE: CWE-264
Read more
Medium

CVE-2015-7062

Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors.

CVSS: 4.6CWE: CWE-264
Read more
Medium

CVE-2015-7054

zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remo…

CVSS: 6.8CWE: CWE-19
Read more
High

CVE-2015-7052

kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors.

CVSS: 7.2CWE: CWE-264
Read more
Critical

CVE-2015-7051

MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted a…

CVSS: 9.3CWE: CWE-264
Read more
Medium

CVE-2015-7045

Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors.

CVSS: 5.0CWE: CWE-17
Read more
High

CVE-2015-7044

The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root priv…

CVSS: 7.6CWE: CWE-254
Read more
Medium

CVE-2015-7043

The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-20…

CVSS: 4.3CWE: N/A
Read more
>