| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2015-3000 | SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory co... | E | |
| CVE-2015-3001 | SysAid Help Desk before 15.2 uses a hardcoded password of Password1 for the sa SQL Server Express us... | E | |
| CVE-2015-3002 | Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, an... | | |
| CVE-2015-3003 | Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, 12... | | |
| CVE-2015-3004 | J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D35, 12.1X46 before 12.1X46-D25, ... | | |
| CVE-2015-3005 | Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-... | | |
| CVE-2015-3006 | Junos: QFX Series: Insufficient entropy on QFX3500 and QFX3600 platforms when the system boots up | S | |
| CVE-2015-3007 | The Juniper SRX Series services gateways with Junos OS 12.1X46 before 12.1X46-D35, 12.1X47 before 12... | | |
| CVE-2015-3008 | Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x before 12.8.2, and 13.x before 1... | | |
| CVE-2015-3010 | ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allo... | | |
| CVE-2015-3011 | Multiple cross-site scripting (XSS) vulnerabilities in the contacts application in ownCloud Server C... | | |
| CVE-2015-3012 | Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, all... | S | |
| CVE-2015-3013 | ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated us... | S | |
| CVE-2015-3026 | Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote at... | E | |
| CVE-2015-3027 | Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way th... | | |
| CVE-2015-3028 | McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass in... | | |
| CVE-2015-3029 | The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restric... | | |
| CVE-2015-3030 | The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticat... | | |
| CVE-2015-3035 | Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with firmware before 150317, C7 (2.0) w... | KEV E | |
| CVE-2015-3036 | Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux ... | E | |
| CVE-2015-3038 | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and... | S | |
| CVE-2015-3039 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17... | S | |
| CVE-2015-3040 | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and... | S | |
| CVE-2015-3041 | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and... | S | |
| CVE-2015-3042 | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and... | E S | |
| CVE-2015-3043 | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and... | KEV E S | |
| CVE-2015-3044 | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and... | S | |
| CVE-2015-3045 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-3046 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3047 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3048 | Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows a... | S | |
| CVE-2015-3049 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3050 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3051 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3052 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3053 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11... | S | |
| CVE-2015-3054 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11... | S | |
| CVE-2015-3055 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11... | S | |
| CVE-2015-3056 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3057 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3058 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3059 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11... | S | |
| CVE-2015-3060 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3061 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3062 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3063 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3064 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3065 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3066 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3067 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3068 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3069 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3070 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3071 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3072 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3073 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | E S | |
| CVE-2015-3074 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3075 | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11... | S | |
| CVE-2015-3076 | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attac... | S | |
| CVE-2015-3077 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | S | |
| CVE-2015-3078 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | S | |
| CVE-2015-3079 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | S | |
| CVE-2015-3080 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17... | E S | |
| CVE-2015-3081 | Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Wi... | E S | |
| CVE-2015-3082 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | E S | |
| CVE-2015-3083 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | E S | |
| CVE-2015-3084 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | S | |
| CVE-2015-3085 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | S | |
| CVE-2015-3086 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | S | |
| CVE-2015-3087 | Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on ... | E S | |
| CVE-2015-3088 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0... | E S | |
| CVE-2015-3089 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | E S | |
| CVE-2015-3090 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | S | |
| CVE-2015-3091 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | S | |
| CVE-2015-3092 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | S | |
| CVE-2015-3093 | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and... | E S | |
| CVE-2015-3094 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-3095 | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC ... | S | |
| CVE-2015-3096 | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and... | S | |
| CVE-2015-3097 | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.... | S | |
| CVE-2015-3098 | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and... | S | |
| CVE-2015-3099 | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and... | S | |
| CVE-2015-3100 | Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.... | S | |
| CVE-2015-3101 | The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on ... | S | |
| CVE-2015-3102 | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and... | S | |
| CVE-2015-3103 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18... | S | |
| CVE-2015-3104 | Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on ... | S | |
| CVE-2015-3105 | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and... | S | |
| CVE-2015-3106 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18... | E S | |
| CVE-2015-3107 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18... | E S | |
| CVE-2015-3108 | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and... | S | |
| CVE-2015-3109 | Adobe Photoshop CC before 16.0 (aka 2015.0.0) allows attackers to execute arbitrary code or cause a ... | | |
| CVE-2015-3110 | Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 al... | | |
| CVE-2015-3111 | Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC befo... | | |
| CVE-2015-3112 | Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to exe... | | |
| CVE-2015-3113 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and 14.x through 18.x before 18.0... | KEV S | |
| CVE-2015-3114 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3115 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3116 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3117 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3118 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18... | E S | |
| CVE-2015-3119 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3120 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3121 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3122 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3123 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3124 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18... | E S | |
| CVE-2015-3125 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3126 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3127 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18... | S | |
| CVE-2015-3128 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18... | S | |
| CVE-2015-3129 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18... | S | |
| CVE-2015-3130 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3131 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18... | S | |
| CVE-2015-3132 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18... | S | |
| CVE-2015-3133 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | S | |
| CVE-2015-3134 | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and... | E S | |
| CVE-2015-3135 | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0... | S | |
| CVE-2015-3136 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18... | S | |
| CVE-2015-3137 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18... | S | |
| CVE-2015-3138 | print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentatio... | S | |
| CVE-2015-3140 | Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan befor... | M | |
| CVE-2015-3141 | Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Bui... | E | |
| CVE-2015-3142 | The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check... | | |
| CVE-2015-3143 | cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remot... | | |
| CVE-2015-3144 | The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an i... | | |
| CVE-2015-3145 | The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calcul... | | |
| CVE-2015-3146 | The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before... | | |
| CVE-2015-3147 | daemon/abrt-handle-upload.in in Automatic Bug Reporting Tool (ABRT), when moving problem reports fro... | S | |
| CVE-2015-3148 | cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, w... | | |
| CVE-2015-3149 | The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise Linux 6 and 7 allows local users... | | |
| CVE-2015-3150 | abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local users to delete or change the ownershi... | S | |
| CVE-2015-3151 | Directory traversal vulnerability in abrt-dbus in Automatic Bug Reporting Tool (ABRT) allows local u... | S | |
| CVE-2015-3152 | Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka libmysqlclient) before 6.1.3, and MariaDB b... | E S | |
| CVE-2015-3153 | The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the p... | S | |
| CVE-2015-3154 | CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2... | E | |
| CVE-2015-3155 | Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, wh... | S | |
| CVE-2015-3156 | The _write_config function in trove/guestagent/datastore/experimental/mongodb/service.py, reset_conf... | | |
| CVE-2015-3157 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2015-3158 | The invokeNextValve function in identity/federation/bindings/tomcat/idp/AbstractIDPValve.java in Pic... | | |
| CVE-2015-3159 | The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) ... | S | |
| CVE-2015-3160 | XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote au... | | |
| CVE-2015-3161 | The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape tags in... | S | |
| CVE-2015-3162 | Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beak... | | |
| CVE-2015-3163 | The admin pages for power types and key types in Beaker before 20.1 do not have any access controls,... | E S | |
| CVE-2015-3164 | The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authen... | | |
| CVE-2015-3165 | Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3... | | |
| CVE-2015-3166 | The snprintf implementation in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9... | | |
| CVE-2015-3167 | contrib/pgcrypto in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before... | | |
| CVE-2015-3168 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-3164. Reason: This candida... | R | |
| CVE-2015-3169 | Cross-site scripting (XSS) vulnerability in askbot 0.7.51-4.el6.noarch.... | | |
| CVE-2015-3170 | selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows local users to cause a denial ... | | |
| CVE-2015-3171 | sosreport 3.2 uses weak permissions for generated sosreport archives, which allows local users with ... | S | |
| CVE-2015-3172 | EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.... | E | |
| CVE-2015-3173 | custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PH... | E | |
| CVE-2015-3174 | mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x b... | | |
| CVE-2015-3175 | Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.... | | |
| CVE-2015-3176 | The account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, ... | | |
| CVE-2015-3177 | Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe capability before entering su... | | |
| CVE-2015-3178 | Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php... | | |
| CVE-2015-3179 | login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before... | | |
| CVE-2015-3180 | lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x be... | | |
| CVE-2015-3181 | files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x be... | | |
| CVE-2015-3182 | epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.... | | |
| CVE-2015-3183 | The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly... | S | |
| CVE-2015-3184 | mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache ht... | | |
| CVE-2015-3185 | The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14... | | |
| CVE-2015-3186 | Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 allows remote authenticated c... | | |
| CVE-2015-3187 | The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.... | | |
| CVE-2015-3188 | The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrar... | | |
| CVE-2015-3189 | With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or ear... | | |
| CVE-2015-3190 | With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or ear... | | |
| CVE-2015-3191 | With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or ear... | | |
| CVE-2015-3192 | Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not properly process inline DTD decla... | | |
| CVE-2015-3193 | The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.... | S | |
| CVE-2015-3194 | crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attacker... | S | |
| CVE-2015-3195 | The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 befo... | | |
| CVE-2015-3196 | ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and 1.0.2 before 1.0.2d, when use... | S | |
| CVE-2015-3197 | ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disable... | S | |
| CVE-2015-3198 | The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before 10.0.0.Alpha1 allows remote atta... | | |
| CVE-2015-3199 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2015-3200 | mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a bas... | E | |
| CVE-2015-3201 | Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which al... | E | |
| CVE-2015-3202 | fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount... | E | |
| CVE-2015-3203 | Unrestricted file upload vulnerability in h5ai before 0.25.0 allows remote attackers to execute arbi... | E | |
| CVE-2015-3204 | libreswan 3.9 through 3.12 allows remote attackers to cause a denial of service (daemon restart) via... | | |
| CVE-2015-3205 | libmimedir allows remote attackers to execute arbitrary code via a VCF file with two NULL bytes at t... | E | |
| CVE-2015-3206 | The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communica... | S | |
| CVE-2015-3207 | In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.... | S | |
| CVE-2015-3208 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2015-3209 | Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitr... | | |
| CVE-2015-3210 | Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to exec... | E | |
| CVE-2015-3211 | php-fpm allows local users to write to or create arbitrary files via a symlink attack.... | | |
| CVE-2015-3212 | Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a d... | | |
| CVE-2015-3213 | The gesture handling code in Clutter before 1.16.2 allows physically proximate attackers to bypass t... | E | |
| CVE-2015-3214 | The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not dist... | E S | |
| CVE-2015-3215 | The NetKVM Windows Virtio driver allows remote attackers to cause a denial of service (guest crash) ... | S | |
| CVE-2015-3216 | Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes f... | | |
| CVE-2015-3217 | PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow rem... | E S | |
| CVE-2015-3218 | The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in Policy... | | |
| CVE-2015-3219 | Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (... | E S | |
| CVE-2015-3220 | The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (... | S | |
| CVE-2015-3221 | OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTable... | | |
| CVE-2015-3222 | syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitr... | | |
| CVE-2015-3223 | The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, as used in the AD LDAP server... | | |
| CVE-2015-3224 | request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly re... | | |
| CVE-2015-3225 | lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used with Ruby on Rails 3.x and 4.... | S | |
| CVE-2015-3226 | Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x ... | | |
| CVE-2015-3227 | The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby on Rails before 4.1.11 and 4.2... | | |
| CVE-2015-3228 | Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earl... | | |
| CVE-2015-3229 | fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to conduct man-in-the-middle attac... | S | |
| CVE-2015-3230 | 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3C... | S | |
| CVE-2015-3231 | The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows r... | | |
| CVE-2015-3232 | Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers... | | |
| CVE-2015-3233 | Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers ... | S | |
| CVE-2015-3234 | The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into ... | S | |
| CVE-2015-3235 | Foreman before 1.9.0 allows remote authenticated users with the edit_users permission to edit admini... | | |
| CVE-2015-3236 | cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous... | S | |
| CVE-2015-3237 | The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers t... | S | |
| CVE-2015-3238 | The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, whe... | E | |
| CVE-2015-3239 | Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows lo... | E | |
| CVE-2015-3240 | The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allow... | | |
| CVE-2015-3241 | OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration ... | | |
| CVE-2015-3242 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2015-3243 | rsyslog uses weak permissions for generating log files, which allows local users to obtain sensitive... | | |
| CVE-2015-3244 | The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with th... | | |
| CVE-2015-3245 | Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before ... | E | |
| CVE-2015-3246 | libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode p... | E | |
| CVE-2015-3247 | Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authent... | | |
| CVE-2015-3248 | openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi dir... | | |
| CVE-2015-3249 | The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers ... | | |
| CVE-2015-3250 | Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecifie... | | |
| CVE-2015-3251 | Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive p... | | |
| CVE-2015-3252 | Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual m... | | |
| CVE-2015-3253 | The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows re... | S | |
| CVE-2015-3254 | The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a... | S | |
| CVE-2015-3255 | The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit... | | |
| CVE-2015-3256 | PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corrupti... | | |
| CVE-2015-3257 | Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not properly sanitize path input,... | | |
| CVE-2015-3258 | Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-fi... | | |
| CVE-2015-3259 | Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local g... | S | |
| CVE-2015-3260 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2015-3261 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2015-3262 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2015-3263 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2015-3264 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2015-3265 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2015-3266 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2015-3267 | Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network b... | | |
| CVE-2015-3268 | Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFor... | S | |
| CVE-2015-3269 | Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.... | S | |
| CVE-2015-3270 | Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administr... | | |
| CVE-2015-3271 | Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitra... | | |
| CVE-2015-3272 | Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.1... | | |
| CVE-2015-3273 | mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups ca... | | |
| CVE-2015-3274 | Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Mo... | | |
| CVE-2015-3275 | Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.... | | |
| CVE-2015-3276 | The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse Open... | S | |
| CVE-2015-3277 | The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to inc... | | |
| CVE-2015-3278 | The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expe... | | |
| CVE-2015-3279 | Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote atta... | | |
| CVE-2015-3280 | OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) does not properl... | | |
| CVE-2015-3281 | The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and 1.6-dev does not properly realig... | S | |
| CVE-2015-3282 | vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack da... | | |
| CVE-2015-3283 | OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors.... | | |
| CVE-2015-3284 | pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands... | | |
| CVE-2015-3285 | The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the r... | | |
| CVE-2015-3286 | Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause... | | |
| CVE-2015-3287 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-6587. Reason: This candida... | R | |
| CVE-2015-3288 | mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to... | S | |
| CVE-2015-3289 | OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of servi... | S | |
| CVE-2015-3290 | arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies ... | E | |
| CVE-2015-3291 | arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly ... | | |
| CVE-2015-3292 | The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up th... | | |
| CVE-2015-3293 | FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug... | | |
| CVE-2015-3294 | The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the ... | E | |
| CVE-2015-3295 | markdown-it before 4.1.0 does not block data: URLs.... | S | |
| CVE-2015-3296 | Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before 0.7 allow remote attackers to i... | S | |
| CVE-2015-3297 | Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.1 through 1.5.2 allows rem... | | |
| CVE-2015-3298 | Yubico ykneo-openpgp before 1.0.10 has a typo in which an invalid PIN can be used. When first powere... | E M | |
| CVE-2015-3299 | Cross-site scripting (XSS) vulnerability in the Floating Social Bar plugin before 1.1.7 for WordPres... | S | |
| CVE-2015-3300 | Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka... | E S | |
| CVE-2015-3301 | Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional ... | E S | |
| CVE-2015-3302 | The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin fo... | E | |
| CVE-2015-3306 | The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files vi... | E | |
| CVE-2015-3307 | The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5... | E S | |
| CVE-2015-3308 | Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to ... | | |
| CVE-2015-3309 | Directory traversal vulnerability in node/utils/Minify.js in Etherpad 1.1.2 through 1.5.4 allows rem... | | |
| CVE-2015-3310 | Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 ... | | |
| CVE-2015-3313 | SQL injection vulnerability in WordPress Community Events plugin before 1.4.... | E | |
| CVE-2015-3314 | SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.... | E | |
| CVE-2015-3315 | Automatic Bug Reporting Tool (ABRT) allows local users to read, change the ownership of, or have oth... | E S | |
| CVE-2015-3316 | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Sys... | | |
| CVE-2015-3317 | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Sys... | | |
| CVE-2015-3318 | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Sys... | | |
| CVE-2015-3319 | Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, ... | | |
| CVE-2015-3320 | Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in S... | S | |
| CVE-2015-3321 | Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows lo... | M | |
| CVE-2015-3322 | Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption t... | S | |
| CVE-2015-3323 | The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ... | | |
| CVE-2015-3324 | The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ... | S | |
| CVE-2015-3325 | SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows... | E | |
| CVE-2015-3326 | Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Ho... | | |
| CVE-2015-3329 | Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP befor... | E S | |
| CVE-2015-3330 | The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.... | E S | |
| CVE-2015-3331 | The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel befo... | | |
| CVE-2015-3332 | A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not pro... | | |
| CVE-2015-3333 | Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before ... | | |
| CVE-2015-3334 | browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always... | E | |
| CVE-2015-3335 | The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_san... | E | |
| CVE-2015-3336 | Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTIN... | E | |
| CVE-2015-3337 | Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site ... | E S | |
| CVE-2015-3339 | Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows ... | | |
| CVE-2015-3340 | Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service doma... | S | |
| CVE-2015-3342 | Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal all... | S | |
| CVE-2015-3343 | Cross-site request forgery (CSRF) vulnerability in the OPAC module before 7.x-2.3 for Drupal allows ... | S | |
| CVE-2015-3344 | Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x bef... | S | |
| CVE-2015-3345 | SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remot... | S | |
| CVE-2015-3346 | SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers... | S | |
| CVE-2015-3347 | Cross-site request forgery (CSRF) vulnerability in the Cloudwords for Multilingual Drupal module bef... | S | |
| CVE-2015-3348 | Cross-site scripting (XSS) vulnerability in the Cloudwords for Multilingual Drupal module before 7.x... | S | |
| CVE-2015-3349 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Htaccess module before 7.x-2.3 for... | S | |
| CVE-2015-3350 | Cross-site request forgery (CSRF) vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x... | S | |
| CVE-2015-3351 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Log Watcher module before 6.x-1.2 ... | S | |
| CVE-2015-3352 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Jammer module before 6.x-1.8 and 7... | S | |
| CVE-2015-3353 | Cross-site scripting (XSS) vulnerability in the Field Display Label module before 7.x-1.3 for Drupal... | S | |
| CVE-2015-3354 | Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x be... | S | |
| CVE-2015-3355 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Batch Jobs module before 7.x-1.2 f... | S | |
| CVE-2015-3356 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Tadaa! module before 7.x-1.4 for D... | S | |
| CVE-2015-3357 | Cross-site scripting (XSS) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.... | S | |
| CVE-2015-3358 | Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote a... | S | |
| CVE-2015-3359 | Multiple cross-site scripting (XSS) vulnerabilities in the Room Reservations module before 7.x-1.1 f... | S | |
| CVE-2015-3360 | Cross-site scripting (XSS) vulnerability in the Term Merge module before 7.x-1.2 for Drupal allows r... | S | |
| CVE-2015-3361 | Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-... | S | |
| CVE-2015-3362 | Cross-site scripting (XSS) vulnerability in the Video module before 7.x-2.11 for Drupal, when using ... | S | |
| CVE-2015-3363 | Cross-site request forgery (CSRF) vulnerability in the Contact Form Fields module before 6.x-2.3 for... | S | |
| CVE-2015-3364 | Cross-site scripting (XSS) vulnerability in the Content Analysis module before 6.x-1.7 for Drupal al... | S | |
| CVE-2015-3365 | Cross-site scripting (XSS) vulnerability in the nodeauthor module for Drupal allows remote authentic... | S | |
| CVE-2015-3366 | Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal all... | S | |
| CVE-2015-3367 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Patterns module before 7.x-2.2 for... | S | |
| CVE-2015-3368 | Cross-site scripting (XSS) vulnerability in the administration user interface in the Classified Ads ... | S | |
| CVE-2015-3369 | Cross-site scripting (XSS) vulnerability in the Taxonews module before 6.x-1.2 and 7.x-1.x before 7.... | S | |
| CVE-2015-3370 | Cross-site request forgery (CSRF) vulnerability in the Node Invite module before 6.x-2.5 for Drupal ... | S | |
| CVE-2015-3371 | Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attack... | S | |
| CVE-2015-3372 | Cross-site scripting (XSS) vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows ... | S | |
| CVE-2015-3373 | The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the... | S | |
| CVE-2015-3374 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow rem... | S | |
| CVE-2015-3375 | Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4... | S | |
| CVE-2015-3376 | Cross-site scripting (XSS) vulnerability in the Quizzler module before 7-x.1.16 for Drupal allows re... | S | |
| CVE-2015-3377 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2015-3378 | Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x... | S | |
| CVE-2015-3379 | The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal doe... | S | |
| CVE-2015-3380 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allo... | S | |
| CVE-2015-3381 | Cross-site scripting (XSS) vulnerability in the Node basket module for Drupal allows remote authenti... | S | |
| CVE-2015-3382 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allo... | | |
| CVE-2015-3383 | Open redirect vulnerability in the Node basket module for Drupal allows remote attackers to redirect... | S | |
| CVE-2015-3384 | Cross-site scripting (XSS) vulnerability in the Bank Account Listing Page in the Commerce Balanced P... | S | |
| CVE-2015-3385 | Cross-site scripting (XSS) vulnerability in the Taxonomy Path module before 7.x-1.2 for Drupal allow... | S | |
| CVE-2015-3386 | Cross-site scripting (XSS) vulnerability in the Node Access Product module for Drupal allows remote ... | S | |
| CVE-2015-3387 | Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Tools module before 7.x-1.4 for ... | S | |
| CVE-2015-3388 | Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal ... | S | |
| CVE-2015-3389 | Cross-site scripting (XSS) vulnerability in the Download counts report page in the Public Download C... | S | |
| CVE-2015-3390 | Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher module for Drupal allows remo... | S | |
| CVE-2015-3391 | The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended acc... | S | |
| CVE-2015-3392 | Cross-site scripting (XSS) vulnerability in the Ajax Timeline module before 7.x-1.1 for Drupal allow... | S | |
| CVE-2015-3393 | Open redirect vulnerability in the Commerce WeDeal module before 7.x-1.3 for Drupal allows remote at... | S | |
| CVE-2015-3395 | The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and 11.x before 11.4 and FFmpeg be... | | |
| CVE-2015-3397 | Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 allows remote attackers to in... | S | |
| CVE-2015-3400 | sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world ... | S | |
| CVE-2015-3404 | The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which all... | S | |
| CVE-2015-3405 | ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with... | S | |
| CVE-2015-3406 | The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsi... | S | |
| CVE-2015-3407 | Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via... | | |
| CVE-2015-3408 | Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a craf... | | |
| CVE-2015-3409 | Untrusted search path vulnerability in Module::Signature before 0.75 allows local users to gain priv... | | |
| CVE-2015-3411 | PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %... | E | |
| CVE-2015-3412 | PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %... | E | |
| CVE-2015-3414 | SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which all... | S | |
| CVE-2015-3415 | The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison... | S | |
| CVE-2015-3416 | The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision a... | S | |
| CVE-2015-3417 | Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg befo... | S | |
| CVE-2015-3418 | The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.1... | | |
| CVE-2015-3419 | vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inj... | | |
| CVE-2015-3420 | The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote atta... | | |
| CVE-2015-3421 | The eshop_checkout function in checkout.php in the Wordpress Eshop plugin 6.3.11 and earlier does no... | | |
| CVE-2015-3422 | Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to injec... | E | |
| CVE-2015-3423 | Multiple SQL injection vulnerabilities in NetCracker Resource Management System before 8.2 allow rem... | E | |
| CVE-2015-3424 | SQL injection vulnerability in Accentis Content Resource Management System before the October 2015 p... | E | |
| CVE-2015-3425 | Cross-site scripting (XSS) vulnerability in Accentis Content Resource Management System before Octob... | E | |
| CVE-2015-3427 | Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL datab... | | |
| CVE-2015-3429 | Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in Word... | E | |
| CVE-2015-3431 | Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via u... | | |
| CVE-2015-3432 | Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly AjaXplorer) before 6.0.7 allo... | S | |
| CVE-2015-3435 | Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uplo... | | |
| CVE-2015-3436 | provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7... | | |
| CVE-2015-3438 | Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used wi... | E S | |
| CVE-2015-3439 | Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2... | E S | |
| CVE-2015-3440 | Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows r... | E S | |
| CVE-2015-3441 | The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated u... | | |
| CVE-2015-3442 | Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercep... | M | |
| CVE-2015-3443 | Cross-site scripting (XSS) vulnerability in the basic dashboard in Thycotic Secret Server 8.6.x, 8.7... | E | |
| CVE-2015-3446 | The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers t... | S | |
| CVE-2015-3447 | Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS... | E | |
| CVE-2015-3448 | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local... | | |
| CVE-2015-3449 | The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions (Everyone: read and Everyone: writ... | | |
| CVE-2015-3450 | Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a denial of service (memory cor... | | |
| CVE-2015-3451 | The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, w... | | |
| CVE-2015-3454 | TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow r... | S | |
| CVE-2015-3455 | Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when co... | | |
| CVE-2015-3456 | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local gue... | E | |
| CVE-2015-3457 | Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers t... | S | |
| CVE-2015-3458 | The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) ... | E S | |
| CVE-2015-3459 | The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require aut... | | |
| CVE-2015-3569 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3569. Reason: This candida... | R | |
| CVE-2015-3571 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3571. Reason: This candida... | R | |
| CVE-2015-3572 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3572. Reason: This candida... | R | |
| CVE-2015-3591 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-3591. Reason: This candida... | R | |
| CVE-2015-3610 | The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.5... | | |
| CVE-2015-3611 | A Command Injection vulnerability exists in FortiManager 5.2.1 and earlier and FortiManager 5.0.10 a... | | |
| CVE-2015-3612 | A Cross-site Scripting (XSS) vulnerability exists in FortiManager 5.2.1 and earlier and 5.0.10 and e... | | |
| CVE-2015-3613 | A vulnerability exists in in FortiManager 5.2.1 and earlier and 5.0.10 and earlier in the WebUI FTP ... | | |
| CVE-2015-3614 | Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbi... | | |
| CVE-2015-3615 | Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before ... | | |
| CVE-2015-3616 | SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows ... | | |
| CVE-2015-3617 | Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges vi... | | |
| CVE-2015-3618 | Cross-site scripting (XSS) vulnerability in Nagios Business Process Intelligence (BPI) before 2.3.4 ... | | |
| CVE-2015-3619 | Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in the VirtueMart component before... | S | |
| CVE-2015-3620 | Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnaly... | E | |
| CVE-2015-3621 | Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to ... | | |
| CVE-2015-3622 | The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote atta... | E | |
| CVE-2015-3623 | XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attacke... | E | |
| CVE-2015-3624 | Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.asp... | E | |
| CVE-2015-3625 | The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before 346.72, R349 before 349.16, R343 be... | S | |
| CVE-2015-3626 | Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) ... | | |
| CVE-2015-3627 | Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process be... | | |
| CVE-2015-3628 | The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before ... | E | |
| CVE-2015-3629 | Libcontainer 1.6.0, as used in Docker Engine, allows local users to escape containerization ("mount ... | | |
| CVE-2015-3630 | Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, (2) /proc/timer_stats, (3) /p... | | |
| CVE-2015-3631 | Docker Engine before 1.6.1 allows local users to set arbitrary Linux Security Modules (LSM) and dock... | | |
| CVE-2015-3632 | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denia... | E | |
| CVE-2015-3633 | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denia... | S | |
| CVE-2015-3634 | The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 ... | S | |
| CVE-2015-3636 | The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a c... | | |
| CVE-2015-3637 | SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote a... | | |
| CVE-2015-3638 | phpMyBackupPro before 2.5 does not validate integer input, which allows remote authenticated users t... | S | |
| CVE-2015-3639 | phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authent... | S | |
| CVE-2015-3640 | phpMyBackupPro 2.5 and earlier does not properly escape the "." character in request parameters, whi... | | |
| CVE-2015-3641 | bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled funct... | | |
| CVE-2015-3642 | The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) ... | | |
| CVE-2015-3643 | usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 L... | E | |
| CVE-2015-3644 | Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to t... | S | |
| CVE-2015-3646 | OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument... | S | |
| CVE-2015-3647 | Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plu... | E S | |
| CVE-2015-3648 | Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.672... | E | |
| CVE-2015-3649 | The open-uri-cached rubygem allows local users to execute arbitrary Ruby code by creating a director... | | |
| CVE-2015-3650 | vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 and 11.x before 11.1.1, VMware P... | S | |
| CVE-2015-3653 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authentica... | | |
| CVE-2015-3654 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authentica... | | |
| CVE-2015-3655 | Cross-site request forgery (CSRF) vulnerability in Aruba Networks ClearPass Policy Manager before 6.... | | |
| CVE-2015-3656 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authentica... | | |
| CVE-2015-3657 | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authentica... | | |
| CVE-2015-3658 | The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x bef... | | |
| CVE-2015-3659 | The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x befor... | | |
| CVE-2015-3660 | Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6... | | |
| CVE-2015-3661 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other produc... | S | |
| CVE-2015-3662 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other produc... | S | |
| CVE-2015-3663 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other produc... | S | |
| CVE-2015-3664 | QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary cod... | S | |
| CVE-2015-3665 | QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary cod... | S | |
| CVE-2015-3666 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other produc... | S | |
| CVE-2015-3667 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other produc... | S | |
| CVE-2015-3668 | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other produc... | S | |
| CVE-2015-3669 | QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary cod... | S | |
| CVE-2015-3670 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-3671 | Admin Framework in Apple OS X before 10.10.4 does not properly verify XPC entitlements, which allows... | S | |
| CVE-2015-3672 | Admin Framework in Apple OS X before 10.10.4 does not properly handle authentication errors, which a... | S | |
| CVE-2015-3673 | Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig ... | E S | |
| CVE-2015-3674 | afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a ... | S | |
| CVE-2015-3675 | The default configuration of the Apache HTTP Server on Apple OS X before 10.10.4 does not enable the... | S | |
| CVE-2015-3676 | AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout... | S | |
| CVE-2015-3677 | The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to ... | S | |
| CVE-2015-3678 | AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local users to gain privileges or cau... | S | |
| CVE-2015-3679 | Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary ... | S | |
| CVE-2015-3680 | Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary ... | S | |
| CVE-2015-3681 | Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary ... | S | |
| CVE-2015-3682 | Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary ... | S | |
| CVE-2015-3683 | The Bluetooth HCI interface implementation in Apple OS X before 10.10.4 allows attackers to execute ... | S | |
| CVE-2015-3684 | The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 a... | S | |
| CVE-2015-3685 | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrar... | S | |
| CVE-2015-3686 | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrar... | S | |
| CVE-2015-3687 | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrar... | S | |
| CVE-2015-3688 | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrar... | S | |
| CVE-2015-3689 | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrar... | S | |
| CVE-2015-3690 | The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain ... | S | |
| CVE-2015-3691 | The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X befo... | S | |
| CVE-2015-3692 | Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a... | S | |
| CVE-2015-3693 | Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly ... | S | |
| CVE-2015-3694 | FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitr... | S | |
| CVE-2015-3695 | Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain... | S | |
| CVE-2015-3696 | Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain... | S | |
| CVE-2015-3697 | Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain... | S | |
| CVE-2015-3698 | Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain... | S | |
| CVE-2015-3699 | Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain... | S | |
| CVE-2015-3700 | Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain... | S | |
| CVE-2015-3701 | Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain... | S | |
| CVE-2015-3702 | Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain... | S | |
| CVE-2015-3703 | ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary... | S | |
| CVE-2015-3704 | runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 d... | E S | |
| CVE-2015-3705 | IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a pri... | S | |
| CVE-2015-3706 | IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a pri... | S | |
| CVE-2015-3707 | The FireWire driver in IOFireWireFamily in Apple OS X before 10.10.4 allows attackers to execute arb... | S | |
| CVE-2015-3708 | kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a ... | S | |
| CVE-2015-3709 | Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended sign... | S | |
| CVE-2015-3710 | Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh op... | S | |
| CVE-2015-3711 | The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-lay... | S | |
| CVE-2015-3712 | The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code i... | S | |
| CVE-2015-3713 | QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a ... | | |
| CVE-2015-3714 | Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature veri... | S | |
| CVE-2015-3715 | The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries th... | S | |
| CVE-2015-3716 | Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted ... | S | |
| CVE-2015-3717 | Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and... | S | |
| CVE-2015-3718 | systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret ... | S | |
| CVE-2015-3719 | TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers... | S | |
| CVE-2015-3720 | The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, wh... | S | |
| CVE-2015-3721 | The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, ... | S | |
| CVE-2015-3722 | Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows... | | |
| CVE-2015-3723 | CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a de... | | |
| CVE-2015-3724 | CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a de... | | |
| CVE-2015-3725 | MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which... | | |
| CVE-2015-3726 | The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arb... | | |
| CVE-2015-3727 | WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS be... | | |
| CVE-2015-3728 | The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger a... | | |
| CVE-2015-3729 | Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and o... | | |
| CVE-2015-3730 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3731 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3732 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | | |
| CVE-2015-3733 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3734 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3735 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3736 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3737 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3738 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3739 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3740 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3741 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3742 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3743 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3744 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3745 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3746 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3747 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3748 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3749 | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ... | S | |
| CVE-2015-3750 | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8... | | |
| CVE-2015-3751 | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8... | | |
| CVE-2015-3752 | The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8,... | | |
| CVE-2015-3753 | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8... | | |
| CVE-2015-3754 | The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.... | | |
| CVE-2015-3755 | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8... | | |
| CVE-2015-3756 | The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within th... | | |
| CVE-2015-3757 | Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, whi... | | |
| CVE-2015-3758 | UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation req... | | |
| CVE-2015-3759 | Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on f... | | |
| CVE-2015-3760 | dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which all... | | |
| CVE-2015-3761 | The kernel in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, whi... | | |
| CVE-2015-3762 | The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attacker... | | |
| CVE-2015-3763 | Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows ... | | |
| CVE-2015-3764 | Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, w... | | |
| CVE-2015-3765 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-3766 | The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_por... | | |
| CVE-2015-3767 | udf in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service ... | | |
| CVE-2015-3768 | Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to... | | |
| CVE-2015-3769 | IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denia... | | |
| CVE-2015-3770 | IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial... | | |
| CVE-2015-3771 | IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denia... | | |
| CVE-2015-3772 | IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denia... | | |
| CVE-2015-3773 | The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cau... | | |
| CVE-2015-3774 | The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle a... | | |
| CVE-2015-3775 | Apple OS X before 10.10.5 does not properly implement authentication, which allows local users to ob... | | |
| CVE-2015-3776 | IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code i... | | |
| CVE-2015-3777 | Multiple buffer overflows in blued in the Bluetooth subsystem in Apple OS X before 10.10.5 allow loc... | | |
| CVE-2015-3778 | bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentiall... | | |
| CVE-2015-3779 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-3780 | The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel mem... | | |
| CVE-2015-3781 | Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote at... | | |
| CVE-2015-3782 | CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user... | | |
| CVE-2015-3783 | SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a d... | E | |
| CVE-2015-3784 | Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbi... | | |
| CVE-2015-3785 | The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows l... | | |
| CVE-2015-3786 | The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center ... | | |
| CVE-2015-3787 | The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of se... | | |
| CVE-2015-3788 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause ... | S | |
| CVE-2015-3789 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause ... | S | |
| CVE-2015-3790 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause ... | S | |
| CVE-2015-3791 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause ... | S | |
| CVE-2015-3792 | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause ... | S | |
| CVE-2015-3793 | CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox prote... | | |
| CVE-2015-3794 | The Speech UI in Apple OS X before 10.10.5, when speech alerts are enabled, allows remote attackers ... | | |
| CVE-2015-3795 | libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code ... | | |
| CVE-2015-3796 | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent a... | E | |
| CVE-2015-3797 | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent a... | | |
| CVE-2015-3798 | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent a... | E | |
| CVE-2015-3799 | The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passw... | | |
| CVE-2015-3800 | The DiskImages component in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gai... | | |
| CVE-2015-3801 | The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS bef... | | |
| CVE-2015-3802 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection... | | |
| CVE-2015-3803 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection... | | |
| CVE-2015-3804 | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbi... | | |
| CVE-2015-3805 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection... | | |
| CVE-2015-3806 | Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing protection... | | |
| CVE-2015-3807 | libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitiv... | | |
| CVE-2015-3808 | The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1... | | |
| CVE-2015-3809 | The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the LBMR dissector in Wireshark 1... | | |
| CVE-2015-3810 | epan/dissectors/packet-websocket.c in the WebSocket dissector in Wireshark 1.12.x before 1.12.5 uses... | | |
| CVE-2015-3811 | epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x befo... | | |
| CVE-2015-3812 | Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 d... | S | |
| CVE-2015-3813 | The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.... | | |
| CVE-2015-3814 | The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee802... | | |
| CVE-2015-3815 | The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.... | | |
| CVE-2015-3823 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or c... | | |
| CVE-2015-3824 | The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.... | | |
| CVE-2015-3825 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-3837. Reason: This candidate... | R | |
| CVE-2015-3826 | The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android be... | | |
| CVE-2015-3827 | The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.... | | |
| CVE-2015-3828 | The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android be... | | |
| CVE-2015-3829 | Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright ... | | |
| CVE-2015-3830 | The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoo... | E | |
| CVE-2015-3831 | Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnecti... | | |
| CVE-2015-3832 | Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I all... | | |
| CVE-2015-3833 | The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerServi... | | |
| CVE-2015-3834 | Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstag... | | |
| CVE-2015-3835 | Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagef... | | |
| CVE-2015-3836 | The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Andr... | | |
| CVE-2015-3837 | The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.... | | |
| CVE-2015-3839 | The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial o... | | |
| CVE-2015-3840 | The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows loc... | E | |
| CVE-2015-3842 | Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in And... | | |
| CVE-2015-3843 | The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or ... | | |
| CVE-2015-3844 | The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService... | | |
| CVE-2015-3845 | The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M d... | | |
| CVE-2015-3847 | Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafte... | | |
| CVE-2015-3849 | The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android be... | | |
| CVE-2015-3854 | packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allow... | S | |
| CVE-2015-3858 | The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48... | | |
| CVE-2015-3860 | packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LM... | E | |
| CVE-2015-3861 | Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in l... | | |
| CVE-2015-3862 | mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process cr... | | |
| CVE-2015-3863 | Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before ... | | |
| CVE-2015-3864 | Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright... | E | |
| CVE-2015-3865 | The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a craft... | | |
| CVE-2015-3867 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or c... | | |
| CVE-2015-3868 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or c... | | |
| CVE-2015-3869 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or c... | | |
| CVE-2015-3870 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or c... | | |
| CVE-2015-3871 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or c... | | |
| CVE-2015-3872 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or c... | | |
| CVE-2015-3873 | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or c... | | |
| CVE-2015-3874 | The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary co... | | |
| CVE-2015-3875 | libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a... | | |
| CVE-2015-3876 | libstagefright in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via... | | |
| CVE-2015-3877 | Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or c... | | |
| CVE-2015-3878 | Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to by... | | |
| CVE-2015-3879 | Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a craf... | | |
| CVE-2015-3880 | Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before 3.1.4 allows remote attackers to... | S | |
| CVE-2015-3881 | Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via... | E | |
| CVE-2015-3882 | qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/u... | E | |
| CVE-2015-3883 | Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arb... | E | |
| CVE-2015-3884 | Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (... | E | |
| CVE-2015-3885 | Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to ca... | | |
| CVE-2015-3886 | libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers... | S | |
| CVE-2015-3887 | Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileg... | S | |
| CVE-2015-3888 | Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof phone numbers and trigger calls t... | E | |
| CVE-2015-3890 | Use-after-free vulnerability in Open Litespeed before 1.3.10.... | | |
| CVE-2015-3897 | Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 allows remote attackers to read ... | E | |
| CVE-2015-3898 | Multiple open redirect vulnerabilities in Bonita BPM Portal before 6.5.3 allow remote attackers to r... | E | |
| CVE-2015-3900 | RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostn... | S | |
| CVE-2015-3902 | Multiple cross-site request forgery (CSRF) vulnerabilities in the setup process in phpMyAdmin 4.0.x ... | S | |
| CVE-2015-3903 | libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before... | E S | |
| CVE-2015-3904 | Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin before ... | E S | |
| CVE-2015-3905 | Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote atta... | E | |
| CVE-2015-3906 | The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.1... | | |
| CVE-2015-3907 | CodeIgniter Rest Server (aka codeigniter-restserver) 2.7.1 allows XXE attacks.... | E | |
| CVE-2015-3908 | Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's... | | |
| CVE-2015-3910 | Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before ... | | |
| CVE-2015-3911 | Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows remote attackers to bypass authe... | | |
| CVE-2015-3912 | Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 all... | | |
| CVE-2015-3913 | The IP stack in multiple Huawei Campus series switch models allows remote attackers to cause a denia... | | |
| CVE-2015-3919 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-3921 | Cross-site scripting (XSS) vulnerability in contact.php in Coppermine Photo Gallery before 1.5.36 al... | | |
| CVE-2015-3922 | Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote atta... | | |
| CVE-2015-3923 | Coppermine Photo Gallery before 1.5.36 allows remote attackers to enumerate directories via a full p... | E | |
| CVE-2015-3931 | Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks ... | | |
| CVE-2015-3932 | Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks vi... | | |
| CVE-2015-3933 | Multiple SQL injection vulnerabilities in inc/lib/User.class.php in MetalGenix GeniXCMS before 0.0.3... | E S | |
| CVE-2015-3934 | Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbit... | | |
| CVE-2015-3935 | Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.5 and 3.6 allow remote att... | E | |
| CVE-2015-3938 | The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote ... | | |
| CVE-2015-3939 | Directory traversal vulnerability in the NC854 and NC856 modules for IDS RTU 850C devices allows rem... | | |
| CVE-2015-3940 | Untrusted search path vulnerability in Schneider Electric Wonderware System Platform before 2014 R2 ... | S | |
| CVE-2015-3941 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2015-3942 | Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 ... | | |
| CVE-2015-3943 | Advantech WebAccess before 8.1 allows remote attackers to read sensitive cleartext information about... | | |
| CVE-2015-3944 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2015-3945 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2015-3946 | Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote atta... | | |
| CVE-2015-3947 | SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to e... | | |
| CVE-2015-3948 | Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticat... | | |
| CVE-2015-3949 | Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows attackers to discover clearte... | | |
| CVE-2015-3950 | Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on 442SR wind turbines allows rem... | | |
| CVE-2015-3951 | RLE Nova-Wind Turbine HMI devices store cleartext credentials, which allows remote attackers to obta... | | |
| CVE-2015-3952 | Wireless keys are stored in plain text on Hospira Plum A+ Infusion System version 13.4 and prior, Pl... | M | |
| CVE-2015-3953 | Hard-coded accounts may be used to access Hospira Plum A+ Infusion System version 13.4 and prior, Pl... | M | |
| CVE-2015-3954 | Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and pr... | M | |
| CVE-2015-3955 | Stack-based buffer overflow in Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly ot... | | |
| CVE-2015-3956 | Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and pr... | M | |
| CVE-2015-3957 | Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unsp... | | |
| CVE-2015-3958 | Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly other versions, allows remote att... | | |
| CVE-2015-3959 | The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches has a hardco... | | |
| CVE-2015-3960 | The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcod... | | |
| CVE-2015-3961 | The web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches ... | | |
| CVE-2015-3962 | Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the clie... | | |
| CVE-2015-3963 | Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x befor... | S | |
| CVE-2015-3964 | SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain... | | |
| CVE-2015-3965 | Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanti... | | |
| CVE-2015-3966 | The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allow... | | |
| CVE-2015-3967 | Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices a... | S | |
| CVE-2015-3968 | The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which mak... | S | |
| CVE-2015-3969 | Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-c... | S | |
| CVE-2015-3970 | Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 51... | S | |
| CVE-2015-3971 | The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authenticati... | S | |
| CVE-2015-3972 | The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values ... | S | |
| CVE-2015-3973 | Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it e... | S | |
| CVE-2015-3974 | EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x before 2.0.5.21, as used in Acc... | | |
| CVE-2015-3975 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2015-3976 | Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and ear... | | |
| CVE-2015-3977 | Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol... | | |
| CVE-2015-3978 | SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords v... | | |
| CVE-2015-3979 | Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers t... | | |
| CVE-2015-3980 | SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers... | | |
| CVE-2015-3981 | SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka ... | | |
| CVE-2015-3982 | The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly f... | S | |
| CVE-2015-3983 | The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie ... | | |
| CVE-2015-3986 | Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The... | E | |
| CVE-2015-3987 | Multiple unquoted Windows search path vulnerabilities in the (1) Client Management and (2) Gateway i... | | |
| CVE-2015-3988 | Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow ... | | |
| CVE-2015-3989 | Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers... | S | |
| CVE-2015-3990 | The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, Analyzer, and UMA EM5000 before 7.2... | | |
| CVE-2015-3991 | strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or ex... | | |
| CVE-2015-3993 | Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to b... | | |
| CVE-2015-3994 | The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389... | | |
| CVE-2015-3995 | SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary fil... | | |
| CVE-2015-3996 | The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNet... | | |
| CVE-2015-3998 | Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in the adsense-click-fraud-monit... | | |
| CVE-2015-3999 | Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files,... | |