CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 8 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6151 CVE-2015-3863 189 Exec Code Overflow 2015-09-30 2015-10-01
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the Blob class in keystore/keystore.cpp in Keystore in Android before 5.1.1 LMY48M allow attackers to execute arbitrary code and read arbitrary Keystore keys via an application that uses a crafted blob in an insert operation, aka internal bug 22802399.
6152 CVE-2015-3858 264 Bypass 2015-09-30 2015-10-01
9.3
None Remote Medium Not required Complete Complete Complete
The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a crafted application, aka internal bug 22314646.
6153 CVE-2015-3849 264 Exec Code 2015-09-30 2015-10-01
9.3
None Remote Medium Not required Complete Complete Complete
The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via an application that sends a crafted message to a service, aka internal bug 21585255.
6154 CVE-2015-3843 264 2015-09-30 2015-10-01
9.3
None Remote Medium Not required Complete Complete Complete
The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171.
6155 CVE-2015-3842 119 Exec Code Overflow 2015-09-30 2015-10-01
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in libeffects in the Audio Policy Service in mediaserver in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application, aka internal bug 21953516.
6156 CVE-2015-3837 20 Exec Code 2015-09-30 2015-10-01
9.3
None Remote Medium Not required Complete Complete Complete
The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603.
6157 CVE-2015-3836 189 DoS Exec Code Overflow 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860.
6158 CVE-2015-3835 119 Exec Code Overflow 2015-09-30 2015-10-01
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the OMXNodeInstance::emptyBuffer function in omx/OMXNodeInstance.cpp in libstagefright in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 20634516.
6159 CVE-2015-3834 189 Exec Code Overflow 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption, leading to a heap-based buffer overflow, aka internal bug 20222489.
6160 CVE-2015-3832 119 Exec Code Overflow 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538.
6161 CVE-2015-3831 119 Exec Code Overflow 2015-09-30 2015-10-01
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the readAt function in BpMediaHTTPConnection in media/libmedia/IMediaHTTPConnection.cpp in the mediaserver service in Android before 5.1.1 LMY48I allows attackers to execute arbitrary code via a crafted application, aka internal bug 19400722.
6162 CVE-2015-3829 189 DoS Exec Code Overflow Mem. Corr. 2015-09-30 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261.
6163 CVE-2015-3828 119 DoS Exec Code Overflow Mem. Corr. 2015-09-30 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826.
6164 CVE-2015-3827 119 DoS Exec Code Overflow Mem. Corr. 2015-09-30 2017-09-20
9.3
None Remote Medium Not required Complete Complete Complete
The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not validate the relationship between chunk sizes and skip sizes, which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted MPEG-4 covr atoms, aka internal bug 20923261.
6165 CVE-2015-3824 119 DoS Exec Code Overflow Mem. Corr. 2015-09-30 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261.
6166 CVE-2015-3823 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999.
6167 CVE-2015-3799 255 2015-08-16 2017-09-20
9.3
None Remote Medium Not required Complete Complete Complete
The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers to change arbitrary user passwords via a crafted app.
6168 CVE-2015-3795 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app that sends a malformed XPC message.
6169 CVE-2015-3776 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption and application crash) via a malformed plist.
6170 CVE-2015-3770 119 DoS Exec Code Overflow Mem. Corr. 2015-08-16 2017-09-20
9.3
None Remote Medium Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-5783.
6171 CVE-2015-3768 189 Exec Code Overflow 2015-08-16 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted app that makes unspecified IOKit API calls.
6172 CVE-2015-3712 119 DoS Exec Code Overflow 2015-07-02 2017-09-21
9.3
Admin Remote Medium Not required Complete Complete Complete
The NVIDIA graphics driver in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (out-of-bounds write) via a crafted app.
6173 CVE-2015-3708 2015-07-02 2017-09-21
8.8
None Remote Medium Not required None Complete Complete
kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a crafted app that conducts a symlink attack.
6174 CVE-2015-3707 DoS Exec Code 2015-07-02 2017-09-21
9.3
Admin Remote Medium Not required Complete Complete Complete
The FireWire driver in IOFireWireFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app.
6175 CVE-2015-3706 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3705.
6176 CVE-2015-3705 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3706.
6177 CVE-2015-3704 264 Exec Code 2015-07-02 2017-09-21
9.3
Admin Remote Medium Not required Complete Complete Complete
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
6178 CVE-2015-3693 254 DoS +Priv Mem. Corr. 2015-07-02 2016-12-05
9.3
None Remote Medium Not required Complete Complete Complete
Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not properly set refresh rates for DDR3 RAM, which might make it easier for remote attackers to conduct row-hammer attacks, and consequently gain privileges or cause a denial of service (memory corruption), by triggering certain patterns of access to memory locations.
6179 CVE-2015-3691 284 Exec Code 2015-07-02 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
The Monitor Control Command Set kernel extension in the Display Drivers subsystem in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages control of a function pointer.
6180 CVE-2015-3683 119 DoS Exec Code Overflow Mem. Corr. 2015-07-02 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
The Bluetooth HCI interface implementation in Apple OS X before 10.10.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
6181 CVE-2015-3654 284 +Priv 2017-08-29 2017-09-06
9.0
None Remote Low Single system Complete Complete Complete
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-4649.
6182 CVE-2015-3653 284 DoS +Priv 2017-08-29 2017-09-05
9.0
None Remote Low Single system Complete Complete Complete
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequently cause a denial of service or gain privileges by leveraging incorrect permission checking.
6183 CVE-2015-3628 264 +Priv 2015-12-07 2019-06-06
9.0
None Remote Low Single system Complete Complete Complete
The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM 11.3.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP AAM 11.4.0 before 11.5.3 HF2 and 11.6.0 before 11.6.0 HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.3.0, BIG-IP GTM 11.3.0 before 11.6.0 HF6, BIG-IP PSM 11.3.0 through 11.4.1, Enterprise Manager 3.1.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote authenticated users with the "Resource Administrator" role to gain privileges via an iCall (1) script or (2) handler in a SOAP request to iControl/iControlPortal.cgi.
6184 CVE-2015-3621 20 +Priv 2015-07-16 2015-07-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in SAP Enterprise Central Component (ECC) allows local users to gain privileges via a Trojan horse program.
6185 CVE-2015-3459 264 2015-04-29 2017-01-03
10.0
None Remote Low Not required Complete Complete Complete
The communication module on the Hospira LifeCare PCA Infusion System before 7.0 does not require authentication for root TELNET sessions, which allows remote attackers to modify the pump configuration via unspecified commands.
6186 CVE-2015-3446 94 Exec Code 2015-05-01 2016-12-05
9.3
None Remote Medium Not required Complete Complete Complete
The Framework Daemon in AlienVault Unified Security Management before 4.15 allows remote attackers to execute arbitrary Python code via a crafted plugin configuration file (.cfg).
6187 CVE-2015-3441 77 Exec Code 2017-01-05 2017-01-17
9.0
None Remote Low Single system Complete Complete Complete
The Parental Control panel in Genexis devices with DRGOS before 1.14.1 allows remote authenticated users to execute arbitrary CLI commands via the (1) start_hour, (2) start_minute, (3) end_hour, (4) end_minute, or (5) hostname parameter.
6188 CVE-2015-3435 264 Exec Code 2015-05-01 2016-12-05
10.0
None Remote Low Not required Complete Complete Complete
Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.
6189 CVE-2015-3431 78 Exec Code 2017-09-19 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities."
6190 CVE-2015-3408 77 Exec Code 2015-05-19 2017-11-03
10.0
None Remote Low Not required Complete Complete Complete
Module::Signature before 0.74 allows remote attackers to execute arbitrary shell commands via a crafted SIGNATURE file which is not properly handled when generating checksums from a signed manifest.
6191 CVE-2015-3331 119 DoS Exec Code Overflow 2015-05-27 2018-01-04
9.3
None Remote Medium Not required Complete Complete Complete
The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.
6192 CVE-2015-3306 284 2015-05-18 2017-01-02
10.0
None Remote Low Not required Complete Complete Complete
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
6193 CVE-2015-3292 17 Exec Code 2015-05-31 2016-12-02
10.0
None Remote Low Not required Complete Complete Complete
The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 and 3.x before 3.0P1 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors.
6194 CVE-2015-3188 264 Exec Code 2017-01-13 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote attackers to execute arbitrary code via unspecified vectors.
6195 CVE-2015-3144 119 DoS Overflow 2015-04-24 2018-10-16
9.0
None Remote Low Single system Complete Complete Complete
The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80."
6196 CVE-2015-3137 Exec Code 2015-07-09 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117.
6197 CVE-2015-3136 Exec Code 2015-07-09 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3118, CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117.
6198 CVE-2015-3135 119 Exec Code Overflow 2015-07-09 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-4432 and CVE-2015-5118.
6199 CVE-2015-3134 119 DoS Exec Code Overflow Mem. Corr. 2015-07-09 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3133, and CVE-2015-4431.
6200 CVE-2015-3133 119 DoS Exec Code Overflow Mem. Corr. 2015-07-09 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3117, CVE-2015-3123, CVE-2015-3130, CVE-2015-3134, and CVE-2015-4431.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.