CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-7444 200 +Info 2015-09-01 2015-09-02
5.0
None Remote Low Not required Partial None None
The Special:Contributions page in MediaWiki before 1.22.0 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
2 CVE-2014-7216 119 DoS Exec Code Overflow 2015-09-11 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) shortcut or (2) title keys in an emoticons.xml file.
3 CVE-2014-7915 189 Overflow 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
4 CVE-2014-7916 189 Overflow 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.
5 CVE-2014-7917 189 Overflow 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.
6 CVE-2014-8611 119 DoS Exec Code Overflow 2015-09-18 2016-04-06
6.9
None Local Medium Not required Complete Complete Complete
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application.
7 CVE-2014-8778 94 Exec Code Bypass 2015-09-16 2018-10-09
9.0
None Remote Low Single system Complete Complete Complete
Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.Permissions.PermissionState.Unrestricted or (2) System.Security.Permissions.SecurityPermissionFlag.AllFlags permission.
8 CVE-2014-9202 119 Exec Code Overflow 2015-09-27 2015-09-29
6.9
None Local Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in an unspecified DLL file in Advantech WebAccess before 8.0_20150816 allow remote attackers to execute arbitrary code via a crafted file that triggers long string arguments to functions.
9 CVE-2014-9208 119 Exec Code Overflow 2015-09-11 2017-09-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.
10 CVE-2014-9227 +Priv 2015-09-20 2017-09-22
4.4
None Local Medium Not required Partial Partial Partial
Multiple untrusted search path vulnerabilities in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow local users to gain privileges via a Trojan horse DLL in an unspecified directory.
11 CVE-2014-9228 399 DoS 2015-09-20 2017-09-22
4.9
None Local Low Not required None None Complete
sysplant.sys in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allows local users to cause a denial of service (blocked system shutdown) by triggering an unspecified deadlock condition.
12 CVE-2014-9229 89 Exec Code Sql 2015-09-20 2017-09-22
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in interface PHP scripts in the Manager component in Symantec Endpoint Protection (SEP) before 12.1.6 allow remote authenticated users to execute arbitrary SQL commands by leveraging the Limited Administrator role.
13 CVE-2014-9605 287 Sql Bypass 2015-09-04 2015-09-04
9.4
None Remote Low Not required Complete None Complete
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate.
14 CVE-2014-9745 399 DoS 2015-09-14 2018-10-30
5.0
None Remote Low Not required None None Partial
The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (infinite loop) via a "broken number-with-base" in a Postscript stream, as demonstrated by 8#garbage.
15 CVE-2015-0299 79 XSS 2015-09-29 2015-09-30
4.0
None Remote Low Single system None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
16 CVE-2015-0852 189 DoS Mem. Corr. 2015-09-29 2019-01-16
5.0
None Remote Low Not required None None Partial
Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.
17 CVE-2015-1173 284 +Priv 2015-09-16 2015-09-17
7.5
None Remote Low Not required Partial Partial Partial
Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges via crafted "received parameters."
18 CVE-2015-1291 264 DoS Bypass 2015-09-03 2016-12-21
6.4
None Remote Low Not required Partial None Partial
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web site with crafted JavaScript code and IFRAME elements.
19 CVE-2015-1292 264 Bypass 2015-09-03 2016-12-21
5.0
None Remote Low Not required Partial None None
The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.
20 CVE-2015-1293 264 Bypass 2015-09-03 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
21 CVE-2015-1294 DoS 2015-09-03 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an infinite result during an inversion calculation.
22 CVE-2015-1295 DoS 2015-09-03 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities.
23 CVE-2015-1296 254 2015-09-03 2016-12-21
5.0
None Remote Low Not required None Partial None
The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier for remote attackers to spoof the SSL lock icon by placing one of these characters at the end of a URL, as demonstrated by the omnibox in localizations for right-to-left languages.
24 CVE-2015-1297 254 Bypass 2015-09-03 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.
25 CVE-2015-1298 254 2015-09-03 2016-12-21
4.3
None Remote Medium Not required None Partial None
The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_api.cc in Google Chrome before 45.0.2454.85 does not ensure that the setUninstallURL preference corresponds to the URL of a web site, which allows user-assisted remote attackers to trigger access to an arbitrary URL via a crafted extension that is uninstalled.
26 CVE-2015-1299 DoS 2015-09-03 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging erroneous timer firing, related to ThreadTimers.cpp and Timer.cpp.
27 CVE-2015-1300 254 +Info 2015-09-03 2016-12-21
5.0
None Remote Low Not required Partial None None
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call.
28 CVE-2015-1301 DoS 2015-09-03 2016-12-21
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
29 CVE-2015-1319 20 2015-09-17 2015-09-21
2.1
None Local Low Not required None Partial None
The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive.
30 CVE-2015-1516 79 XSS 2015-09-03 2015-09-04
3.5
None Remote Medium Single system None Partial None
Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
31 CVE-2015-1528 189 DoS Overflow Mem. Corr. 2015-09-30 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482.
32 CVE-2015-1536 189 DoS Overflow +Info 2015-09-30 2015-10-01
8.5
None Remote Low Not required Partial None Complete
Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages improper unmarshalling of bitmaps, aka internal bug 19666945.
33 CVE-2015-1538 189 Exec Code Overflow 2015-09-30 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.
34 CVE-2015-1539 189 Exec Code 2015-09-30 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493.
35 CVE-2015-1541 284 Bypass 2015-09-30 2015-10-01
4.3
None Remote Medium Not required Partial None None
The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.
36 CVE-2015-1781 119 DoS Exec Code Overflow 2015-09-28 2016-12-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.
37 CVE-2015-1841 17 Bypass 2015-09-08 2015-09-09
3.7
None Local High Not required Partial Partial Partial
The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to bypass the timeout function by selecting a VM in the VM grid view.
38 CVE-2015-1943 399 DoS 2015-09-14 2016-12-21
7.8
None Remote Low Not required None None Complete
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
39 CVE-2015-2013 399 DoS 2015-09-13 2016-12-21
5.0
None Remote Low Not required None None Partial
IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call.
40 CVE-2015-2136 200 Bypass +Info 2015-09-16 2015-09-17
4.0
None Remote Low Single system Partial None None
HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors.
41 CVE-2015-2483 200 +Info 2015-09-08 2018-10-12
5.0
None Remote Low Not required Partial None None
Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Information Disclosure Vulnerability."
42 CVE-2015-2484 264 2015-09-08 2018-10-12
6.4
None Remote Low Not required None Partial Partial
Microsoft Internet Explorer 10 and 11 uses an incorrect flag during certain filesystem accesses, which allows remote attackers to delete arbitrary files via unspecified vectors, aka "Tampering Vulnerability."
43 CVE-2015-2485 119 DoS Exec Code Overflow Mem. Corr. 2015-09-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2491 and CVE-2015-2541.
44 CVE-2015-2486 119 DoS Exec Code Overflow Mem. Corr. 2015-09-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
45 CVE-2015-2487 119 DoS Exec Code Overflow Mem. Corr. 2015-09-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
46 CVE-2015-2489 264 +Priv 2015-09-08 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Elevation of Privilege Vulnerability."
47 CVE-2015-2490 119 DoS Exec Code Overflow Mem. Corr. 2015-09-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
48 CVE-2015-2491 119 DoS Exec Code Overflow Mem. Corr. 2015-09-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2485 and CVE-2015-2541.
49 CVE-2015-2492 119 DoS Exec Code Overflow Mem. Corr. 2015-09-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
50 CVE-2015-2493 119 DoS Exec Code Overflow Mem. Corr. 2015-09-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The (1) VBScript and (2) JScript engines in Microsoft Internet Explorer 8 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
Total number of vulnerabilities : 525   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.