CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2015-4525 Exec Code 2015-07-04 2015-07-04
0.0
None ??? ??? ??? ??? ??? ???
The log-gather implementation in the web administration interface in EMC Isilon OneFS 6.5.x.x through 7.1.1.x before 7.1.1.5 and 7.2.0.x before 7.2.0.2 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
2 CVE-2015-4524 Exec Code 2015-07-04 2015-07-04
0.0
None ??? ??? ??? ??? ??? ???
Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18, 7.1 before P15, and 7.2 before P01; Documentum Digital Assets Manager 6.5SP6 before P25; Documentum Web Publishers 6.5 SP7 before P25; and Documentum Task Space 6.7SP1 before P31 and 6.7SP2 before P23 allows remote authenticated users to execute arbitrary code by uploading a file to the backend Content Server.
3 CVE-2015-4453 Bypass +Info 2015-07-04 2015-07-04
0.0
None ??? ??? ??? ??? ??? ???
The web interface in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch 2 allows remote attackers to bypass authentication and obtain sensitive information via unspecified vectors.
4 CVE-2015-4239 DoS 2015-07-03 2015-07-03
0.0
None ??? ??? ??? ??? ??? ???
Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and 100.13(0.21) allows remote attackers to cause a denial of service (device reload) by sending crafted OSPFv2 packets on the local network, aka Bug ID CSCus84220.
5 CVE-2015-4237 Exec Code 2015-07-03 2015-07-03
0.0
None ??? ??? ??? ??? ??? ???
The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.
6 CVE-2015-4234 2015-07-03 2015-07-03
0.0
None ??? ??? ??? ??? ??? ???
Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS configuration, which allows local users to obtain root access via unspecified input to the Python interpreter, aka Bug IDs CSCun02887, CSCur00115, and CSCur00127.
7 CVE-2015-4232 Exec Code 2015-07-03 2015-07-03
0.0
None ??? ??? ??? ??? ??? ???
Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856.
8 CVE-2015-4231 Bypass 2015-07-03 2015-07-03
0.0
None ??? ??? ??? ??? ??? ???
The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices allows local users to bypass intended access restrictions and delete an arbitrary VDC's files by leveraging administrative privileges in one VDC, aka Bug ID CSCur08416.
9 CVE-2015-4196 2015-07-04 2015-07-04
0.0
None ??? ??? ??? ??? ??? ???
Platform Software before 4.4.5 in Cisco Unified Communications Domain Manager (CDM) 8.x has a hardcoded password for a privileged account, which allows remote attackers to obtain root access by leveraging knowledge of this password and entering it in an SSH session, aka Bug ID CSCuq45546.
10 CVE-2015-4129 Exec Code Sql 2015-07-05 2015-07-05
0.0
None ??? ??? ??? ??? ??? ???
SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie.
11 CVE-2015-3728 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID within an 802.11 network's coverage area.
12 CVE-2015-3727 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which allows remote attackers to access an arbitrary web site's database via a crafted web site.
13 CVE-2015-3726 Exec Code 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card.
14 CVE-2015-3725 DoS 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted universal provisioning profile app.
15 CVE-2015-3724 DoS Exec Code Mem. Corr. 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3723.
16 CVE-2015-3723 DoS Exec Code Mem. Corr. 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulnerability than CVE-2015-3724.
17 CVE-2015-3722 DoS 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal provisioning profile app.
18 CVE-2015-3721 +Info 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app.
19 CVE-2015-3720 +Info 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app.
20 CVE-2015-3719 DoS Exec Code Mem. Corr. 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3694.
21 CVE-2015-3718 Exec Code 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a "type confusion" issue.
22 CVE-2015-3717 DoS Exec Code Overflow 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.
23 CVE-2015-3716 Exec Code 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library.
24 CVE-2015-3715 Bypass 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrictions via a crafted library.
25 CVE-2015-3714 Bypass 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Apple OS X before 10.10.4 does not properly consider custom resource rules during app signature verification, which allows attackers to bypass intended launch restrictions via a modified app.
26 CVE-2015-3713 DoS Exec Code Mem. Corr. 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file.
27 CVE-2015-3712 DoS Exec Code 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app.
28 CVE-2015-3711 +Info 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
29 CVE-2015-3710 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message.
30 CVE-2015-3709 Bypass 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation.
31 CVE-2015-3708 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a crafted app that conducts a symlink attack.
32 CVE-2015-3707 DoS Exec Code 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
The FireWire driver in IOFireWireFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
33 CVE-2015-3706 DoS Exec Code Mem. Corr. 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3705.
34 CVE-2015-3705 DoS Exec Code Mem. Corr. 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3706.
35 CVE-2015-3704 Exec Code 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
36 CVE-2015-3703 DoS Exec Code Mem. Corr. 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image.
37 CVE-2015-3702 Overflow +Priv 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3701.
38 CVE-2015-3701 Overflow +Priv 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, and CVE-2015-3702.
39 CVE-2015-3700 Overflow +Priv 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3701, and CVE-2015-3702.
40 CVE-2015-3699 Overflow +Priv 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
41 CVE-2015-3698 Overflow +Priv 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3697, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
42 CVE-2015-3697 Overflow +Priv 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3696, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
43 CVE-2015-3696 Overflow +Priv 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3695, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
44 CVE-2015-3695 Overflow +Priv 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Buffer overflow in the Intel Graphics Driver in Apple OS X before 10.10.4 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-3696, CVE-2015-3697, CVE-2015-3698, CVE-2015-3699, CVE-2015-3700, CVE-2015-3701, and CVE-2015-3702.
45 CVE-2015-3694 DoS Exec Code Mem. Corr. 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-3719.
46 CVE-2015-3693 DoS +Priv Mem. Corr. 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
47 CVE-2015-3692 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI flash attacks by leveraging root privileges.
48 CVE-2015-3691 Exec Code 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer.
49 CVE-2015-3690 +Info 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app.
50 CVE-2015-3689 DoS Exec Code Mem. Corr. 2015-07-02 2015-07-02
0.0
None ??? ??? ??? ??? ??? ???
CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulnerability than CVE-2015-3685, CVE-2015-3686, CVE-2015-3687, and CVE-2015-3688.
Total number of vulnerabilities : 155   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.