CVE-2015-7xxx

There are 928 CVE in this subgroup.
Last updated: 
← Back to 2015
ID Summary Flags Max Score
CVE-2015-7000 Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, wh...
CVE-2015-7001 AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mis...
CVE-2015-7002 WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot...
CVE-2015-7003 coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, ...
CVE-2015-7004 The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app....
CVE-2015-7005 WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause ...
CVE-2015-7006 Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9...
CVE-2015-7007 Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confir...
E
CVE-2015-7008 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitr...
CVE-2015-7009 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitr...
CVE-2015-7010 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitr...
CVE-2015-7011 WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to ex...
CVE-2015-7012 WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot...
S
CVE-2015-7013 WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to ex...
CVE-2015-7014 WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remot...
S
CVE-2015-7015 Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before...
CVE-2015-7016 The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration ...
CVE-2015-7017 CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attack...
S
CVE-2015-7018 FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitr...
CVE-2015-7019 The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users ...
CVE-2015-7020 The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users ...
CVE-2015-7021 The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or...
CVE-2015-7022 The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status inf...
CVE-2015-7023 CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-v...
CVE-2015-7024 Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intend...
CVE-2015-7025 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7026 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7027 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7028 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7029 Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which al...
CVE-2015-7030 The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified...
CVE-2015-7031 The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header config...
CVE-2015-7032 The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, an...
CVE-2015-7033 The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, an...
CVE-2015-7034 The Apple iWork application before 2.6 for iOS and Apple Pages before 5.6 allow remote attackers to ...
CVE-2015-7035 Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles argumen...
CVE-2015-7036 The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allo...
CVE-2015-7037 Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attacker...
CVE-2015-7038 Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS b...
CVE-2015-7039 Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS b...
E
CVE-2015-7040 The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 all...
CVE-2015-7041 The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 all...
CVE-2015-7042 The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 all...
CVE-2015-7043 The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 all...
CVE-2015-7044 The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which ...
CVE-2015-7045 Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain ...
CVE-2015-7046 The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchO...
CVE-2015-7047 The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 all...
E
CVE-2015-7048 WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to ...
CVE-2015-7049 otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service ...
CVE-2015-7050 WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows re...
CVE-2015-7051 MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cach...
CVE-2015-7052 kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local user...
CVE-2015-7053 ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows...
CVE-2015-7054 zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and...
CVE-2015-7055 AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to acc...
CVE-2015-7056 IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers...
CVE-2015-7057 otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service ...
CVE-2015-7058 Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACL...
CVE-2015-7059 The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remot...
CVE-2015-7060 The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remot...
CVE-2015-7061 The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remot...
CVE-2015-7062 Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-pro...
CVE-2015-7063 The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a cr...
CVE-2015-7064 OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows ...
CVE-2015-7065 OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to ...
CVE-2015-7066 OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows ...
CVE-2015-7067 IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NU...
CVE-2015-7068 IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 all...
CVE-2015-7069 Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary ...
CVE-2015-7070 Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary ...
CVE-2015-7071 The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protec...
CVE-2015-7072 dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation,...
CVE-2015-7073 Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote atta...
CVE-2015-7074 CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote a...
CVE-2015-7075 CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before...
CVE-2015-7076 The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileg...
CVE-2015-7077 The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileg...
E
CVE-2015-7078 Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain p...
E
CVE-2015-7079 dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attacke...
CVE-2015-7080 Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side...
CVE-2015-7081 iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary fil...
CVE-2015-7082 Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have un...
CVE-2015-7083 The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 all...
CVE-2015-7084 The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 all...
E
CVE-2015-7085 Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of ...
CVE-2015-7086 Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of ...
CVE-2015-7087 Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of ...
CVE-2015-7088 Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of ...
CVE-2015-7089 Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of ...
CVE-2015-7090 Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of ...
CVE-2015-7091 Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of ...
CVE-2015-7092 Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of ...
CVE-2015-7093 Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a cr...
CVE-2015-7094 CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle atta...
CVE-2015-7095 WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to ...
CVE-2015-7096 WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to ...
CVE-2015-7097 WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to ...
CVE-2015-7098 WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to ...
CVE-2015-7099 WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to ...
CVE-2015-7100 WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to ...
CVE-2015-7101 WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to ...
CVE-2015-7102 WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to ...
CVE-2015-7103 WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to ...
CVE-2015-7104 WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary...
CVE-2015-7105 CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 a...
CVE-2015-7106 The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileg...
E
CVE-2015-7107 QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitra...
CVE-2015-7108 The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local users to gain privileges or ca...
E
CVE-2015-7109 IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arb...
CVE-2015-7110 The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gai...
E
CVE-2015-7111 The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS befor...
CVE-2015-7112 The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS befor...
CVE-2015-7113 The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to exec...
CVE-2015-7114 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7115 libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to...
CVE-2015-7116 libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to...
CVE-2015-7117 Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of ...
CVE-2015-7118 Rejected reason: This candidate is unused by its CNA....
R
CVE-2015-7119 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7120 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7121 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7122 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7123 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7124 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7125 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7126 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7127 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7128 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7129 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7130 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7131 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7132 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7133 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7134 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7135 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7136 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7137 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7138 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7139 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7140 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7141 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7142 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7143 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7144 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7145 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7146 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7147 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7148 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7149 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7150 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7151 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7152 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7153 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7154 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7155 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7156 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7157 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7158 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7159 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7160 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7161 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7162 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7163 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7164 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7165 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7166 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7167 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7168 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7169 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7170 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7171 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7172 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7173 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7174 The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before ...
CVE-2015-7175 The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before ...
CVE-2015-7176 The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an...
CVE-2015-7177 The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allo...
CVE-2015-7178 The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41...
CVE-2015-7179 The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firef...
CVE-2015-7180 The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x befo...
CVE-2015-7181 The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.2...
CVE-2015-7182 Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3....
S
CVE-2015-7183 Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozi...
CVE-2015-7184 The fetch API implementation in Mozilla Firefox before 41.0.2 does not restrict access to the HTTP r...
CVE-2015-7185 Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscr...
CVE-2015-7186 Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Orig...
CVE-2015-7187 The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which m...
CVE-2015-7188 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Sa...
CVE-2015-7189 Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x befor...
CVE-2015-7190 The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL ...
CVE-2015-7191 Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows att...
CVE-2015-7192 The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the...
CVE-2015-7193 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin...
CVE-2015-7194 Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows re...
CVE-2015-7195 The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characte...
CVE-2015-7196 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow r...
CVE-2015-7197 Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web...
CVE-2015-7198 Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 a...
CVE-2015-7199 The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Fir...
CVE-2015-7200 The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38...
CVE-2015-7201 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefo...
CVE-2015-7202 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remo...
CVE-2015-7203 Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontL...
CVE-2015-7204 Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows ...
CVE-2015-7205 Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 an...
CVE-2015-7206 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7207 Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing AP...
CVE-2015-7208 Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote a...
CVE-2015-7209 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7210 Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows ...
CVE-2015-7211 Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows re...
CVE-2015-7212 Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla...
CVE-2015-7213 Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefrigh...
CVE-2015-7214 Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Sa...
CVE-2015-7215 The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allo...
CVE-2015-7216 The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly ena...
CVE-2015-7217 The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly ena...
CVE-2015-7218 The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial o...
CVE-2015-7219 The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial o...
CVE-2015-7220 Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 ...
CVE-2015-7221 Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox b...
S
CVE-2015-7222 Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Fir...
CVE-2015-7223 The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and ...
CVE-2015-7224 puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging c...
CVE-2015-7225 Tinfoil Devise-two-factor before 2.0.0 does not strictly follow section 5.2 of RFC 6238 and does not...
CVE-2015-7226 The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on...
S
CVE-2015-7227 The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissi...
S
CVE-2015-7228 The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated ...
S
CVE-2015-7229 The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and 7.x-6.x before 7.x-6.0 for Dr...
S
CVE-2015-7230 The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows remote authenticated users with ...
S
CVE-2015-7231 The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate ...
S
CVE-2015-7232 Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3...
S
CVE-2015-7233 Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal,...
S
CVE-2015-7234 The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are e...
S
CVE-2015-7235 Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin...
E S
CVE-2015-7236 Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allow...
CVE-2015-7237 Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x b...
CVE-2015-7238 The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for un...
CVE-2015-7239 SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE E...
CVE-2015-7241 XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01....
E
CVE-2015-7242 Cross-site scripting (XSS) vulnerability in the Push-Service-Mails feature in AVM FRITZ!OS before 6....
E S
CVE-2015-7243 Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers to cause a denial of service ...
E
CVE-2015-7244 The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control settin...
S
CVE-2015-7245 Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W20...
E
CVE-2015-7246 D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of roo...
E
CVE-2015-7247 D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, password...
E
CVE-2015-7248 ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote attackers to discover usern...
E
CVE-2015-7249 ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow remote authenticated users to bypa...
E
CVE-2015-7250 Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bh...
E
CVE-2015-7251 ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for th...
E
CVE-2015-7252 Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE...
E
CVE-2015-7253 The Web Console in Commvault Edge Server 10 R2 allows remote attackers to execute arbitrary OS comma...
CVE-2015-7254 Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attacke...
E
CVE-2015-7255 ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-un...
M
CVE-2015-7256 ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663...
CVE-2015-7257 ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authentica...
E
CVE-2015-7258 ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authentica...
E
CVE-2015-7259 ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow user accounts to ...
E
CVE-2015-7260 Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the L...
S
CVE-2015-7261 The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before ...
CVE-2015-7262 QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remot...
CVE-2015-7263 The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking...
CVE-2015-7264 The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, whic...
CVE-2015-7265 Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attack...
CVE-2015-7266 The Interactive Advertising Bureau (IAB) OpenRTB 2.3 protocol implementation might allow remote atta...
E M
CVE-2015-7267 Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives,...
CVE-2015-7268 Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives,...
CVE-2015-7269 Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops w...
CVE-2015-7270 Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows dire...
CVE-2015-7271 Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in ...
CVE-2015-7272 Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows atta...
CVE-2015-7273 Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE....
CVE-2015-7274 Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute ar...
CVE-2015-7275 Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS....
CVE-2015-7276 Technicolor C2000T and C2100T uses hard-coded cryptographic keys....
CVE-2015-7277 The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a defau...
CVE-2015-7278 Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2...
CVE-2015-7279 Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper algorithm for selecting the ID ...
CVE-2015-7280 The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default p...
CVE-2015-7281 Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 ...
CVE-2015-7282 ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source port number for every DNS query...
CVE-2015-7283 The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a defaul...
CVE-2015-7284 Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)...
CVE-2015-7285 CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from...
E
CVE-2015-7286 CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitut...
E
CVE-2015-7287 CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN ac...
E
CVE-2015-7288 CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify t...
E
CVE-2015-7289 Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 ha...
CVE-2015-7290 Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG8...
CVE-2015-7291 Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Ar...
CVE-2015-7292 Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon F...
CVE-2015-7293 Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and ea...
E
CVE-2015-7294 ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP injection attacks via a crafted u...
S
CVE-2015-7295 hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable...
CVE-2015-7296 Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with fir...
S
CVE-2015-7297 SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary...
E
CVE-2015-7298 ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNe...
CVE-2015-7299 SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 fo...
E
CVE-2015-7303 Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote...
CVE-2015-7304 Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allo...
S
CVE-2015-7305 The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, whic...
S
CVE-2015-7306 The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions,...
S
CVE-2015-7307 Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal...
S
CVE-2015-7309 The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which a...
E S
CVE-2015-7310 McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enter...
CVE-2015-7311 libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the ...
CVE-2015-7312 Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.pat...
E
CVE-2015-7313 LibTIFF allows remote attackers to cause a denial of service (memory consumption and crash) via a cr...
CVE-2015-7314 The Precious module in gollum before 4.0.1 allows remote attackers to read arbitrary files by levera...
S
CVE-2015-7315 Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 thr...
S
CVE-2015-7316 Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 t...
S
CVE-2015-7317 Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows ...
CVE-2015-7318 Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses....
S
CVE-2015-7319 SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment...
S
CVE-2015-7320 Multiple cross-site scripting (XSS) vulnerabilities in cpabc_appointments_admin_int_bookings_list.in...
S
CVE-2015-7322 The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) befo...
E
CVE-2015-7323 The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) befo...
E
CVE-2015-7324 Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento...
E
CVE-2015-7326 XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3....
E S
CVE-2015-7327 Mozilla Firefox before 41.0 does not properly restrict the availability of High Resolution Time API ...
E
CVE-2015-7328 Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world...
CVE-2015-7330 Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to bypass a host whitelist protecti...
CVE-2015-7331 The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbi...
CVE-2015-7333 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privileg...
CVE-2015-7334 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A local privileg...
CVE-2015-7335 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A race condition...
CVE-2015-7336 MITRE is populating this ID because it was assigned prior to Lenovo becoming a CNA. A vulnerability ...
CVE-2015-7337 The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote at...
CVE-2015-7338 SQL Injection exists in AcyMailing Joomla Component before 4.9.5 via exportgeolocorder in a geolocat...
E
CVE-2015-7339 JCE Joomla Component 2.5.0 to 2.5.2 allows arbitrary file upload via a .php file extension for an im...
E
CVE-2015-7340 JEvents Joomla Component before 3.4.0 RC6 has SQL Injection via evid in a Manage Events action....
E
CVE-2015-7341 JNews Joomla Component before 8.5.0 allows arbitrary File Upload via Subscribers or Templates, as de...
E
CVE-2015-7342 JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, S...
E
CVE-2015-7343 JNews Joomla Component before 8.5.0 has XSS via the mailingsearch parameter....
E
CVE-2015-7344 HikaShop Joomla Component before 2.6.0 has XSS via an injected payload[/caption]....
E
CVE-2015-7346 SQL injection vulnerability in ZCMS 1.1....
E
CVE-2015-7347 Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1....
E
CVE-2015-7348 Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and possibly earlier allows remote attack...
E
CVE-2015-7349 Cross-site scripting (XSS) vulnerability in the sample feedback.inc file in VASCO DIGIPASS authentic...
E M
CVE-2015-7357 Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) theme 2.3.0 before 2.7.10 for...
CVE-2015-7358 The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and ...
E
CVE-2015-7359 The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, ...
CVE-2015-7360 Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet Fo...
CVE-2015-7361 FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface ...
CVE-2015-7362 Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory tha...
CVE-2015-7363 Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x ...
CVE-2015-7364 The HTML_Quickform library, as used in Revive Adserver before 3.2.2, allows remote attackers to bypa...
S
CVE-2015-7365 Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 ...
CVE-2015-7366 Multiple cross-site request forgery (CSRF) vulnerabilities in Revive Adserver before 3.2.2 allow rem...
CVE-2015-7367 Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an...
CVE-2015-7368 Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses f...
S
CVE-2015-7369 The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not res...
CVE-2015-7370 Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, a...
CVE-2015-7371 Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers ...
CVE-2015-7372 Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remo...
S
CVE-2015-7373 Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2...
CVE-2015-7374 The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attack...
CVE-2015-7375 Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code ...
CVE-2015-7377 Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin...
E
CVE-2015-7378 Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" d...
E
CVE-2015-7379 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2015-7380 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2015-7381 Multiple PHP remote file inclusion vulnerabilities in install.php in Web Reference Database (aka ref...
CVE-2015-7382 SQL injection vulnerability in install.php in Web Reference Database (aka refbase) through 0.9.6 all...
CVE-2015-7383 Multiple cross-site scripting (XSS) vulnerabilities in Web Reference Database (aka refbase) through ...
CVE-2015-7384 Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service....
CVE-2015-7385 Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote a...
CVE-2015-7386 Multiple cross-site scripting (XSS) vulnerabilities in includes/metaboxes.php in the Gallery - Photo...
E
CVE-2015-7387 ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier allows remote attackers to bypass i...
E
CVE-2015-7390 SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary S...
CVE-2015-7391 Multiple cross-site scripting (XSS) vulnerabilities in TestLink before 1.9.14 allow remote attackers...
CVE-2015-7392 Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH bef...
E
CVE-2015-7393 dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 befor...
CVE-2015-7394 The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before ...
CVE-2015-7395 IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6...
CVE-2015-7396 The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and M...
CVE-2015-7397 Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 thr...
CVE-2015-7398 Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 ...
CVE-2015-7399 IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and IBM Integration Bus 9 before ...
CVE-2015-7400 The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause ...
CVE-2015-7401 IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote authenticated users to bypass...
S
CVE-2015-7402 Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 a...
CVE-2015-7403 IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0...
CVE-2015-7404 IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Pro...
CVE-2015-7407 Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows...
CVE-2015-7408 The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 and 6.x before 6.3.5.1 and 7.x b...
CVE-2015-7409 Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remot...
CVE-2015-7410 The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunctio...
CVE-2015-7411 The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 thr...
CVE-2015-7412 The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the G...
CVE-2015-7413 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0...
S
CVE-2015-7414 Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Manageme...
CVE-2015-7415 Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1...
CVE-2015-7416 AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of ser...
CVE-2015-7417 Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8....
CVE-2015-7418 IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to ...
S
CVE-2015-7419 IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a de...
CVE-2015-7420 Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers...
CVE-2015-7421 Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before 8.0.0.4 allows remote attackers...
CVE-2015-7422 Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (appl...
CVE-2015-7423 Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere Master Data Management (MDM) -...
S
CVE-2015-7424 IBM InfoSphere Master Data Management (MDM) - Collaborative Edition 9.1, 10.1, 11.0, 11.3, 11.4, and...
S
CVE-2015-7425 The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual En...
CVE-2015-7426 The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environmen...
CVE-2015-7427 IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x bef...
CVE-2015-7428 Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0...
CVE-2015-7429 The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environmen...
CVE-2015-7430 The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General ...
CVE-2015-7431 Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows ...
CVE-2015-7432 IBM Capacity Management Analytics 2.1.0.0 allows local users to decrypt usernames and passwords by l...
S
CVE-2015-7433 IBM Capacity Management Analytics 2.1.0.0 allows local users to discover cleartext usernames and pas...
S
CVE-2015-7434 IBM Capacity Management Analytics 2.1.0.0 allows local users to discover encrypted usernames and pas...
S
CVE-2015-7435 IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 th...
CVE-2015-7436 IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 th...
CVE-2015-7437 Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information ...
CVE-2015-7438 IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services inform...
CVE-2015-7439 Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM R...
CVE-2015-7440 IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before 3.0.1.6 iFix7 Interim Fix 1, 4.0....
S
CVE-2015-7441 Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced...
CVE-2015-7442 consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utili...
CVE-2015-7444 The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly repl...
S
CVE-2015-7445 IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x bef...
CVE-2015-7446 Cross-site request forgery (CSRF) vulnerability in IBM Flash System V9000 7.4 before 7.4.1.4, 7.5 be...
CVE-2015-7447 IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 C...
CVE-2015-7448 SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0....
CVE-2015-7449 IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before 4.0.7 iFix10, 5.0.x before 5.0.2 ...
S
CVE-2015-7450 Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastruct...
KEV E
CVE-2015-7451 Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7...
CVE-2015-7452 IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Manag...
CVE-2015-7453 Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3....
S
CVE-2015-7454 Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager ...
S
CVE-2015-7455 IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 C...
CVE-2015-7456 IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover ...
CVE-2015-7457 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x...
CVE-2015-7458 Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 b...
S
CVE-2015-7459 Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 b...
S
CVE-2015-7460 Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 b...
S
CVE-2015-7461 XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 be...
S
CVE-2015-7462 IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-key...
CVE-2015-7463 IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2 allow ...
S
CVE-2015-7464 Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 bef...
S
CVE-2015-7465 Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reportin...
CVE-2015-7466 Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix0...
CVE-2015-7467 Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x b...
S
CVE-2015-7468 Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 bef...
S
CVE-2015-7469 Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 bef...
S
CVE-2015-7470 Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 bef...
S
CVE-2015-7471 Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management (CLM) 3....
S
CVE-2015-7472 IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 C...
CVE-2015-7473 runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager c...
CVE-2015-7474 Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM Rational Engineering Lifecycle Ma...
S
CVE-2015-7484 IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 Interim Fix 1 and 4.0 before 4.0...
S
CVE-2015-7485 Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3....
S
CVE-2015-7486 Cross-site scripting (XSS) vulnerability in IBM Rational Engineering Lifecycle Manager 3.0 before 3....
S
CVE-2015-7487 IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6...
CVE-2015-7488 IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in certain LDAP File protocol co...
CVE-2015-7489 IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Wr...
CVE-2015-7490 IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 throug...
CVE-2015-7491 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x...
CVE-2015-7492 Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master...
CVE-2015-7493 IBM InfoSphere Information Server could allow a local user under special circumstances to execute co...
S
CVE-2015-7494 A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authe...
S
CVE-2015-7496 GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock s...
S
CVE-2015-7497 Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 ...
CVE-2015-7498 Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allow...
CVE-2015-7499 Heap-based buffer overflow in the xmlGROW function in parser.c in libxml2 before 2.9.3 allows contex...
S
CVE-2015-7500 The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to ...
CVE-2015-7501 Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualiza...
CVE-2015-7502 Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5....
CVE-2015-7503 Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 al...
CVE-2015-7504 Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS a...
S
CVE-2015-7505 Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows cont...
E
CVE-2015-7506 The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to caus...
CVE-2015-7507 libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of...
E
CVE-2015-7508 Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows con...
E
CVE-2015-7509 fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a deni...
CVE-2015-7510 Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines ...
E S
CVE-2015-7511 Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decrypti...
CVE-2015-7512 Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larg...
CVE-2015-7513 arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state...
S
CVE-2015-7514 OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authen...
S
CVE-2015-7515 The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows phy...
E
CVE-2015-7516 ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL...
S
CVE-2015-7517 Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for Wor...
CVE-2015-7518 Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 a...
CVE-2015-7519 agent/Core/Controller/SendRequest.cpp in Phusion Passenger before 4.0.60 and 5.0.x before 5.0.22, wh...
CVE-2015-7520 Multiple cross-site scripting (XSS) vulnerabilities in the (1) RadioGroup and (2) CheckBoxMultipleCh...
CVE-2015-7521 The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, 1.2.0 and 1.2.1, on clusters ...
CVE-2015-7522 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7523 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7524 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7525 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7526 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7527 lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows remote attackers to execute a...
E
CVE-2015-7528 Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container n...
CVE-2015-7529 sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain...
S
CVE-2015-7530 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7531 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7532 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7533 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7534 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7535 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7536 Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allows remot...
CVE-2015-7537 Cross-site request forgery (CSRF) vulnerability in Jenkins before 1.640 and LTS before 1.625.2 allow...
CVE-2015-7538 Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to bypass the CSRF protection mec...
CVE-2015-7539 The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plu...
CVE-2015-7540 The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 does not check return values ...
CVE-2015-7541 The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem be...
S
CVE-2015-7542 A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certi...
CVE-2015-7543 aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allo...
E S
CVE-2015-7544 redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3....
CVE-2015-7545 The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x ...
S
CVE-2015-7546 The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 ...
S
CVE-2015-7547 Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv ...
E S
CVE-2015-7548 OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before 12.0.1 (liberty), when using libvi...
CVE-2015-7549 The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) allows local guest OS privilege...
CVE-2015-7550 The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not pro...
CVE-2015-7551 The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8...
S
CVE-2015-7552 Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30....
CVE-2015-7553 Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, ...
CVE-2015-7554 The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of serv...
E
CVE-2015-7555 Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial ...
E
CVE-2015-7556 DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program....
E
CVE-2015-7557 The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dep...
CVE-2015-7558 librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loo...
CVE-2015-7559 It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ...
S
CVE-2015-7560 The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before...
CVE-2015-7561 Kubernetes in OpenShift3 allows remote authenticated users to use the private images of other users ...
CVE-2015-7562 Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote atta...
E S
CVE-2015-7563 Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attacke...
E S
CVE-2015-7564 Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to exec...
E S
CVE-2015-7565 Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.1...
CVE-2015-7566 The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows ph...
E
CVE-2015-7567 SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL com...
E
CVE-2015-7568 SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attac...
E S
CVE-2015-7569 SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to...
E S
CVE-2015-7570 Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attacke...
E S
CVE-2015-7571 Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitr...
E
CVE-2015-7572 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-0237. Reason: This candidate...
R
CVE-2015-7573 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7574 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7575 Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and ...
CVE-2015-7576 The http_basic_authenticate_with method in actionpack/lib/action_controller/metal/http_authenticatio...
CVE-2015-7577 activerecord/lib/active_record/nested_attributes.rb in Active Record in Ruby on Rails 3.1.x and 3.2....
CVE-2015-7578 Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem before 1.0.3 for Ruby on Ra...
CVE-2015-7579 Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer gem 1.0.2 for Ruby on Rails 4.2...
CVE-2015-7580 Cross-site scripting (XSS) vulnerability in lib/rails/html/scrubbers.rb in the rails-html-sanitizer ...
CVE-2015-7581 actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5...
CVE-2015-7582 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-2100. Reason: This candida...
R
CVE-2015-7583 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7584 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7585 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7586 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7587 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7588 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7589 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7590 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7591 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7592 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7593 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7594 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7595 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7596 SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified i...
S
CVE-2015-7597 SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories an...
S
CVE-2015-7598 SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installati...
S
CVE-2015-7599 Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4...
CVE-2015-7600 Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local...
E
CVE-2015-7601 Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows remote attackers to read arbitr...
E
CVE-2015-7602 Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows remote attackers to read arbitrar...
E
CVE-2015-7603 Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 allows remote attackers to read ...
E
CVE-2015-7604 Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.6 and S...
CVE-2015-7609 Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email b...
E
CVE-2015-7610 Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka...
S
CVE-2015-7611 Apache James Server 2.3.2, when configured with file-based user repositories, allows attackers to ex...
CVE-2015-7612 Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise M...
CVE-2015-7613 Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users...
E
CVE-2015-7614 Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC ...
S
CVE-2015-7615 Use-after-free vulnerability in a SaveAs feature in Adobe Reader and Acrobat 10.x before 10.1.16 and...
S
CVE-2015-7616 The ANVerifyComments method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13,...
S
CVE-2015-7617 Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13...
S
CVE-2015-7618 The CBAutoConfigCommentRepository method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x be...
S
CVE-2015-7619 The ANShareFile2 method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acr...
S
CVE-2015-7620 The ANSendForBrowserReview method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11...
S
CVE-2015-7621 Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13...
S
CVE-2015-7622 Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC ...
E S
CVE-2015-7623 The ANAuthenticateResource method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11...
S
CVE-2015-7624 Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC ...
S
CVE-2015-7625 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2....
S
CVE-2015-7626 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2....
S
CVE-2015-7627 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2....
S
CVE-2015-7628 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2....
S
CVE-2015-7629 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on W...
S
CVE-2015-7630 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2....
S
CVE-2015-7631 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on W...
S
CVE-2015-7632 Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS...
S
CVE-2015-7633 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2....
S
CVE-2015-7634 Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2....
S
CVE-2015-7635 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on W...
S
CVE-2015-7636 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on W...
S
CVE-2015-7637 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on W...
S
CVE-2015-7638 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on W...
S
CVE-2015-7639 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on W...
S
CVE-2015-7640 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on W...
S
CVE-2015-7641 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on W...
S
CVE-2015-7642 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on W...
S
CVE-2015-7643 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on W...
S
CVE-2015-7644 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on W...
S
CVE-2015-7645 Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x ...
KEV E S
CVE-2015-7646 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7647 Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2....
E S
CVE-2015-7648 Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on Windows and OS X and before 11.2....
E S
CVE-2015-7649 Adobe Shockwave Player before 12.2.1.171 allows attackers to execute arbitrary code or cause a denia...
S
CVE-2015-7650 Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC ...
CVE-2015-7651 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on W...
S
CVE-2015-7652 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on W...
E S
CVE-2015-7653 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on W...
S
CVE-2015-7654 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on W...
S
CVE-2015-7655 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on W...
S
CVE-2015-7656 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on W...
S
CVE-2015-7657 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on W...
S
CVE-2015-7658 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on W...
S
CVE-2015-7659 Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2....
S
CVE-2015-7660 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on W...
S
CVE-2015-7661 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on W...
S
CVE-2015-7662 Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2....
S
CVE-2015-7663 Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on W...
S
CVE-2015-7665 Tails before 1.7 includes the wget program but does not prevent automatic fallback from passive FTP ...
CVE-2015-7666 Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_delet...
CVE-2015-7667 Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php a...
CVE-2015-7668 Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin befo...
CVE-2015-7669 Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapI...
CVE-2015-7670 Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin be...
CVE-2015-7672 Cross-site scripting (XSS) vulnerability in Centreon 2.6.1 (fixed in Centreon 18.10.0 and Centreon w...
E
CVE-2015-7673 io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remo...
S
CVE-2015-7674 Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1...
S
CVE-2015-7675 The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 al...
E
CVE-2015-7676 Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view o...
E
CVE-2015-7677 The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages dependin...
CVE-2015-7678 Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and e...
CVE-2015-7679 Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attack...
E
CVE-2015-7680 Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts dependi...
E
CVE-2015-7681 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2015-7682 Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin b...
E
CVE-2015-7683 Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allo...
E S
CVE-2015-7684 Unrestricted file upload in GLPI before 0.85.3 allows remote authenticated users to execute arbitrar...
CVE-2015-7685 GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging pe...
CVE-2015-7686 Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for...
CVE-2015-7687 Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of ...
E
CVE-2015-7691 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote ...
CVE-2015-7692 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote ...
CVE-2015-7695 The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which a...
CVE-2015-7696 Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read...
CVE-2015-7697 Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bz...
CVE-2015-7698 icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via...
CVE-2015-7699 The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 a...
CVE-2015-7700 Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows att...
CVE-2015-7701 Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.7...
CVE-2015-7702 The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote ...
CVE-2015-7703 The "pidfile" or "driftfile" directives in NTP ntpd 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77, w...
CVE-2015-7704 The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to cause a...
CVE-2015-7705 The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers ...
CVE-2015-7706 Multiple cross-site scripting (XSS) vulnerabilities in Secure Data Space SDS-API before 3.5.7 allow ...
E
CVE-2015-7707 Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via t...
E
CVE-2015-7708 Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier allows remote attackers to in...
E
CVE-2015-7709 The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows r...
E
CVE-2015-7711 Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor 2.2 and earlier allows remote at...
E
CVE-2015-7712 Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and...
E
CVE-2015-7713 OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly ...
CVE-2015-7714 Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joom...
E
CVE-2015-7715 Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5...
E
CVE-2015-7716 libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code ...
CVE-2015-7717 mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain pr...
CVE-2015-7718 mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a...
CVE-2015-7723 AMD fglrx-driver before 15.7 allows local users to gain privileges via a symlink attack....
E
CVE-2015-7724 AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This...
E
CVE-2015-7725 Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.09...
CVE-2015-7726 Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in ...
CVE-2015-7727 Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73...
CVE-2015-7728 Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in ...
CVE-2015-7729 Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition...
CVE-2015-7730 SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 ...
CVE-2015-7731 SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive ...
CVE-2015-7732 The Avira Mobile Security app before 1.5.11 for iOS sends sensitive login information in cleartext....
CVE-2015-7740 Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211...
CVE-2015-7743 XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote aut...
E
CVE-2015-7744 wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese R...
E
CVE-2015-7746 NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authenti...
S
CVE-2015-7747 Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) ...
S
CVE-2015-7748 Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before ...
CVE-2015-7749 The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote atta...
CVE-2015-7750 The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with Sc...
CVE-2015-7751 Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 be...
CVE-2015-7752 The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12...
CVE-2015-7754 Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to...
CVE-2015-7755 Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6....
E
CVE-2015-7756 The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r1...
CVE-2015-7757 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7758 Gummi 0.6.5 allows local users to write to arbitrary files via a symlink attack on a temporary dot f...
CVE-2015-7759 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM 12.0.0 before HF1, when the TCP ...
CVE-2015-7760 libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network...
CVE-2015-7761 Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers...
CVE-2015-7762 rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of...
CVE-2015-7763 rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not prop...
CVE-2015-7764 Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting AES in CBC mode....
CVE-2015-7765 ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for t...
E
CVE-2015-7766 PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administra...
E
CVE-2015-7767 Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code ...
E
CVE-2015-7768 Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code ...
E
CVE-2015-7769 baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via ...
S
CVE-2015-7770 Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to...
CVE-2015-7771 Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework b...
CVE-2015-7772 Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework b...
CVE-2015-7773 Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2...
S
CVE-2015-7774 PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to...
S
CVE-2015-7775 Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to...
S
CVE-2015-7776 Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which mak...
S
CVE-2015-7777 Cross-site scripting (XSS) vulnerability in index.php in JosephErnest Void before 2015-10-02 allows ...
S
CVE-2015-7778 Gurunavi App for iOS before 6.0.0 does not verify SSL certificates which could allow remote attacker...
CVE-2015-7779 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7780 Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0....
CVE-2015-7781 ManageEngine Firewall Analyzer before 8.0 does not restrict access permissions....
CVE-2015-7782 Cross-site scripting (XSS) vulnerability in Let's PHP! Frame high-speed chat before 2015-09-22 allow...
CVE-2015-7783 Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before 4.10 allows remote attackers to...
S
CVE-2015-7784 SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) Bb...
CVE-2015-7785 GANMA! App for iOS does not verify SSL certificates....
CVE-2015-7786 Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26...
CVE-2015-7787 ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WP...
CVE-2015-7788 ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitra...
CVE-2015-7789 ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial ...
CVE-2015-7790 Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0....
CVE-2015-7791 Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for Wo...
CVE-2015-7792 Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecifie...
CVE-2015-7793 Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger o...
CVE-2015-7794 Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a den...
CVE-2015-7795 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attacke...
CVE-2015-7796 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attacke...
CVE-2015-7797 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attacke...
CVE-2015-7798 Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attacke...
CVE-2015-7799 The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure ...
E
CVE-2015-7800 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2015-7801 Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers to execute arbitrary code via ...
E
CVE-2015-7802 gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of ...
CVE-2015-7803 The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 all...
CVE-2015-7804 Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x...
CVE-2015-7805 Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact v...
E
CVE-2015-7806 Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manage...
E
CVE-2015-7808 The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote att...
E
CVE-2015-7809 The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabl...
CVE-2015-7810 libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files...
E
CVE-2015-7812 The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows lo...
S
CVE-2015-7813 Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unim...
CVE-2015-7814 Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allow...
CVE-2015-7815 Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows re...
E
CVE-2015-7816 The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows re...
E
CVE-2015-7817 Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC)...
CVE-2015-7818 The administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 an...
CVE-2015-7819 The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center...
CVE-2015-7820 Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC)...
CVE-2015-7822 Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inj...
E
CVE-2015-7823 Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows rem...
E
CVE-2015-7824 botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via ...
CVE-2015-7825 botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause ...
CVE-2015-7826 botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allo...
CVE-2015-7827 Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct millio...
CVE-2015-7828 SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attacker...
CVE-2015-7829 Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC ...
S
CVE-2015-7830 The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x...
CVE-2015-7831 In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is use...
CVE-2015-7833 The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in ...
E
CVE-2015-7834 Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before ...
CVE-2015-7835 The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level...
CVE-2015-7836 Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffi...
CVE-2015-7837 The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when bo...
CVE-2015-7838 ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and...
CVE-2015-7839 SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on mana...
CVE-2015-7840 The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 all...
CVE-2015-7841 The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100...
CVE-2015-7842 Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with s...
CVE-2015-7843 The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003...
CVE-2015-7844 Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a ...
CVE-2015-7845 The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U198...
CVE-2015-7846 Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R00...
CVE-2015-7847 Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200...
CVE-2015-7848 An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation wh...
E
CVE-2015-7849 Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows rem...
S
CVE-2015-7850 ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause...
S
CVE-2015-7851 Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before...
E
CVE-2015-7852 ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial ...
S
CVE-2015-7853 The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 al...
S
CVE-2015-7854 Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x befo...
S
CVE-2015-7855 The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote...
E S
CVE-2015-7856 OpenNMS has a default password of rtc for the rtc account, which makes it easier for remote attacker...
E
CVE-2015-7857 SQL injection vulnerability in the getListQuery function in administrator/components/com_contenthist...
E
CVE-2015-7858 SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary...
E
CVE-2015-7859 The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which all...
CVE-2015-7860 Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly ...
CVE-2015-7861 Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, ...
CVE-2015-7862 Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before...
CVE-2015-7863 The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Autom...
CVE-2015-7865 nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before ...
E M
CVE-2015-7866 Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the C...
CVE-2015-7869 Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before ...
CVE-2015-7871 Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attack...
CVE-2015-7872 The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local...
CVE-2015-7873 The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows...
S
CVE-2015-7874 Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers t...
E
CVE-2015-7875 ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permi...
CVE-2015-7876 The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7...
S
CVE-2015-7877 Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal al...
S
CVE-2015-7878 Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x...
CVE-2015-7879 Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allo...
S
CVE-2015-7880 The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain s...
M
CVE-2015-7881 The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certai...
S
CVE-2015-7882 Authentication bypass when using LDAP authentication in MongoDB Enterprise Server
E
CVE-2015-7884 The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through ...
CVE-2015-7885 The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 d...
CVE-2015-7886 NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers t...
S
CVE-2015-7887 NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups....
S
CVE-2015-7888 Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VV...
CVE-2015-7889 The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR use...
E
CVE-2015-7890 Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver,...
E
CVE-2015-7891 Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Sa...
E
CVE-2015-7892 Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver f...
E
CVE-2015-7893 SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to exe...
E
CVE-2015-7894 The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G...
E
CVE-2015-7895 Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process cr...
E
CVE-2015-7896 LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a deni...
E
CVE-2015-7897 The media scanning functionality in the face recognition library in android.media.process in Samsung...
E
CVE-2015-7898 Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process cr...
E
CVE-2015-7899 The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows rem...
CVE-2015-7900 Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers ...
S
CVE-2015-7901 Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authentic...
E S
CVE-2015-7902 Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error...
S
CVE-2015-7903 SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 bui...
S
CVE-2015-7904 Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x befor...
S
CVE-2015-7905 Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via ...
S
CVE-2015-7906 LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a...
CVE-2015-7907 Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 a...
CVE-2015-7908 Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote...
CVE-2015-7909 Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion...
CVE-2015-7910 Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthori...
CVE-2015-7911 Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD...
S
CVE-2015-7912 The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate be...
S
CVE-2015-7913 ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local...
S
CVE-2015-7914 Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by ...
CVE-2015-7915 Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote att...
CVE-2015-7916 Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows r...
CVE-2015-7917 Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows ...
CVE-2015-7918 Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric Pro...
CVE-2015-7919 SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently ca...
CVE-2015-7920 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in...
R
CVE-2015-7921 The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS befo...
CVE-2015-7922 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in...
R
CVE-2015-7923 Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations,...
CVE-2015-7924 eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in re...
CVE-2015-7925 Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows ...
CVE-2015-7926 eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, w...
CVE-2015-7927 Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote ...
CVE-2015-7928 eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password fi...
CVE-2015-7929 eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote...
CVE-2015-7930 Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote a...
CVE-2015-7931 The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the sta...
CVE-2015-7932 Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive info...
CVE-2015-7934 The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to di...
CVE-2015-7935 Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified...
CVE-2015-7936 Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remot...
CVE-2015-7937 Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx ...
CVE-2015-7938 Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authenti...
CVE-2015-7939 Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to...
CVE-2015-7940 The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, ...
CVE-2015-7941 libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers...
CVE-2015-7942 The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary ...
E
CVE-2015-7943 Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update modul...
CVE-2015-7944 The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8...
E S
CVE-2015-7945 The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8...
E S
CVE-2015-7946 MTP service exposed during emergency dialer
CVE-2015-7947 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7948 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7949 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7950 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7951 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7952 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7953 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7954 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7955 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2015-7956 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual...
R
CVE-2015-7957 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual...
R
CVE-2015-7958 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual...
R
CVE-2015-7959 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual...
R
CVE-2015-7960 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual...
R
CVE-2015-7961 SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installati...
S
CVE-2015-7962 SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installatio...
S
CVE-2015-7963 SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation director...
S
CVE-2015-7964 SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directorie...
S
CVE-2015-7965 SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation dire...
S
CVE-2015-7966 SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation dire...
S
CVE-2015-7967 SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified instal...
S
CVE-2015-7968 nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for...
E
CVE-2015-7969 Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with cert...
CVE-2015-7970 The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not ...
CVE-2015-7971 Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pm...
CVE-2015-7972 The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function i...
CVE-2015-7973 NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-mid...
CVE-2015-7974 NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys whe...
E
CVE-2015-7975 The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 does not properly validate the le...
CVE-2015-7976 The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does...
CVE-2015-7977 ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of serv...
CVE-2015-7978 NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (s...
CVE-2015-7979 NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (cli...
CVE-2015-7980 Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupa...
S
CVE-2015-7981 The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and...
E S
CVE-2015-7984 Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware be...
E
CVE-2015-7985 Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which a...
CVE-2015-7986 The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote attackers to execute arbitrary ...
E
CVE-2015-7987 Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write t...
CVE-2015-7988 The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to e...
CVE-2015-7989 Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows rem...
S
CVE-2015-7990 Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 all...
CVE-2015-7991 The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers t...
CVE-2015-7992 SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of ...
CVE-2015-7993 The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_R...
CVE-2015-7994 The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute...
CVE-2015-7995 The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is...
E
CVE-2015-7996 The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before...
S
CVE-2015-7997 Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application...
S
CVE-2015-7998 The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gatewa...
S
CVE-2015-7999 Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Cente...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.