Total
2803 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2015-9245 | 1 Progress | 1 Openedge | 2024-08-06 | N/A |
Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | ||||
CVE-2015-9291 | 1 Cpanel | 1 Cpanel | 2024-08-06 | N/A |
cPanel before 11.52.0.13 does not prevent arbitrary file-read operations via get_information_for_applications (CPANEL-1221). | ||||
CVE-2015-9021 | 1 Google | 1 Android | 2024-08-06 | N/A |
In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled. | ||||
CVE-2015-9024 | 1 Google | 1 Android | 2024-08-06 | N/A |
In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications. | ||||
CVE-2015-9029 | 1 Google | 1 Android | 2024-08-06 | N/A |
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory. | ||||
CVE-2015-9006 | 1 Google | 1 Android | 2024-08-06 | N/A |
In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist. | ||||
CVE-2015-8987 | 1 Mcafee | 1 Agent | 2024-08-06 | N/A |
Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possibly rogue, ePO server via McAfee Agent migration to another ePO server. | ||||
CVE-2015-8966 | 1 Linux | 1 Linux Kernel | 2024-08-06 | N/A |
arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system call. | ||||
CVE-2015-8973 | 1 Mybb | 2 Merge System, Mybb | 2024-08-06 | N/A |
xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to the forum password. | ||||
CVE-2015-8838 | 1 Php | 1 Php | 2024-08-06 | N/A |
ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 uses a client SSL option to mean that SSL is optional, which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152. | ||||
CVE-2015-8801 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-06 | N/A |
Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations before the SEP device manager recognizes a new USB device. | ||||
CVE-2015-8845 | 4 Linux, Novell, Redhat and 1 more | 10 Linux Kernel, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server and 7 more | 2024-08-06 | N/A |
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim call, which allows local users to cause a denial of service (TM Bad Thing exception and panic) via a crafted application. | ||||
CVE-2015-8832 | 1 Dotclear | 1 Dotclear | 2024-08-06 | N/A |
Multiple incomplete blacklist vulnerabilities in inc/core/class.dc.core.php in Dotclear before 2.8.2 allow remote authenticated users with "manage their own media items" and "manage their own entries and comments" permissions to execute arbitrary PHP code by uploading a file with a (1) .pht, (2) .phps, or (3) .phtml extension. | ||||
CVE-2015-8680 | 1 Huawei | 4 Mate S, Mate S Firmware, P8 and 1 more | 2024-08-06 | N/A |
The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the graphics permission, aka an "interface access control vulnerability," a different vulnerability than CVE-2015-8307. | ||||
CVE-2015-8681 | 1 Huawei | 4 Mate S, Mate S Firmware, P8 and 1 more | 2024-08-06 | N/A |
The ovisp driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230, and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application with the camera permission, aka an "interface access control vulnerability." | ||||
CVE-2015-8697 | 1 Stalin Project | 1 Stalin | 2024-08-06 | N/A |
stalin 0.11-5 allows local users to write to arbitrary files. | ||||
CVE-2015-8679 | 1 Huawei | 4 Mate S, Mate S Firmware, P8 and 1 more | 2024-08-06 | N/A |
The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL10 before GRA-UL10C00B230 and Mate S smartphones with software CRR-TL00 before CRR-TL00C01B160SP01, CRR-UL00 before CRR-UL00C00B160, and CRR-CL00 before CRR-CL00C92B161 allow attackers to cause a denial of service (system crash) via a crafted application, which triggers an invalid memory access. | ||||
CVE-2015-8627 | 1 Mediawiki | 1 Mediawiki | 2024-08-06 | N/A |
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed. | ||||
CVE-2015-8550 | 2 Novell, Xen | 2 Suse Linux Enterprise Real Time Extension, Xen | 2024-08-06 | N/A |
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. | ||||
CVE-2015-8523 | 1 Ibm | 1 Tivoli Storage Manager Fastback | 2024-08-06 | N/A |
The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. |