Total
347432 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7892 | 1 Samsung | 1 M2m1shot Driver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call. | |||||
| CVE-2015-7890 | 1 Samsung | 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter. | |||||
| CVE-2015-7882 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. | |||||
| CVE-2015-7874 | 1 Portapps | 1 Kitty Portable | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname. | |||||
| CVE-2015-7851 | 1 Ntp | 1 Ntp | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. | |||||
| CVE-2015-7831 | 1 Cloudera | 1 Cdh | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Cloudera Hue, there is privilege escalation by a read-only user when CDH 5.x brefore 5.4.9 is used. | |||||
| CVE-2015-7810 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-11-21 | 3.3 LOW | 4.7 MEDIUM |
| libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files | |||||
| CVE-2015-7731 | 1 Sap | 1 Mobile Platform | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830. | |||||
| CVE-2015-7610 | 2 Synacor, Zimbra | 2 Zimbra Collaboration Suite, Zimbra Collaboration Suite | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in the login form in Zimbra Collaboration Suite (aka ZCS) before 8.6.0 Patch 10, 8.7.x before 8.7.11 Patch 2, and 8.8.x before 8.8.8 Patch 1 allows remote attackers to hijack the authentication of unspecified victims by leveraging failure to use a CSRF token. | |||||
| CVE-2015-7609 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Synacor Zimbra Mail Client 8.6 before 8.6.0 Patch 5 has XSS via the error/warning dialog and email body content in Zimbra. | |||||
| CVE-2015-7598 | 1 Gemalto | 1 Safenet Authentication Service Tokenvalidator Proxy Agent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2015-7597 | 1 Gemalto | 1 Safenet Authentication Service Iis Agent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service IIS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2015-7596 | 1 Gemalto | 1 Safenet Authentication Service End User Software Tools For Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| SafeNet Authentication Service End User Software Tools for Windows uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | |||||
| CVE-2015-7567 | 1 Yeager | 1 Yeager Cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter. | |||||
| CVE-2015-7559 | 2 Apache, Redhat | 3 Activemq, Jboss A-mq, Jboss Fuse | 2024-11-21 | 4.0 MEDIUM | 2.7 LOW |
| It was found that the Apache ActiveMQ client before 5.14.5 exposed a remote shutdown command in the ActiveMQConnection class. An attacker logged into a compromised broker could use this flaw to achieve denial of service on a connected client. | |||||
| CVE-2015-7556 | 1 Delegate | 1 Delegate | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| DeleGate 9.9.13 allows local users to gain privileges as demonstrated by the dgcpnod setuid program. | |||||
| CVE-2015-7542 | 3 Aquamaniac, Debian, Opensuse | 3 Gwenhywfar, Debian Linux, Leap | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates. | |||||
| CVE-2015-7508 | 1 Netsurf-browser | 1 Libnsbmp | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file. | |||||
| CVE-2015-7507 | 1 Netsurf-browser | 1 Libnsbmp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function. | |||||
| CVE-2015-7506 | 1 Netsurf-browser | 1 Libnsgif | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF file. | |||||