| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
33751 |
CVE-2015-7969 |
399 |
|
DoS |
2015-10-30 |
2018-10-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall. |
|
33752 |
CVE-2015-7967 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
|
33753 |
CVE-2015-7966 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965. |
|
33754 |
CVE-2015-7965 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966. |
|
33755 |
CVE-2015-7964 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
|
33756 |
CVE-2015-7963 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
|
33757 |
CVE-2015-7962 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
|
33758 |
CVE-2015-7961 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
|
33759 |
CVE-2015-7945 |
200 |
|
+Info |
2017-08-18 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results. |
|
33760 |
CVE-2015-7944 |
399 |
|
DoS |
2017-08-18 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation. |
|
33761 |
CVE-2015-7943 |
601 |
|
|
2017-10-18 |
2017-11-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233. |
|
33762 |
CVE-2015-7942 |
119 |
|
DoS Overflow |
2015-11-18 |
2017-09-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. |
|
33763 |
CVE-2015-7941 |
119 |
|
DoS Overflow |
2015-11-18 |
2017-09-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. |
|
33764 |
CVE-2015-7940 |
310 |
|
|
2015-11-09 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." |
|
33765 |
CVE-2015-7936 |
352 |
|
CSRF |
2015-12-22 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password. |
|
33766 |
CVE-2015-7935 |
200 |
|
+Info |
2015-12-22 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors. |
|
33767 |
CVE-2015-7934 |
200 |
|
+Info |
2015-12-23 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. |
|
33768 |
CVE-2015-7932 |
200 |
|
+Info |
2015-12-23 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network. |
|
33769 |
CVE-2015-7931 |
20 |
|
+Info |
2015-12-23 |
2016-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. |
|
33770 |
CVE-2015-7929 |
200 |
|
+Info |
2015-12-23 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. |
|
33771 |
CVE-2015-7928 |
200 |
|
+Info |
2015-12-23 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. |
|
33772 |
CVE-2015-7927 |
79 |
|
XSS |
2015-12-23 |
2016-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
33773 |
CVE-2015-7926 |
200 |
|
+Info |
2015-12-23 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL. |
|
33774 |
CVE-2015-7925 |
352 |
|
CSRF |
2015-12-23 |
2016-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot. |
|
33775 |
CVE-2015-7921 |
255 |
|
Bypass |
2016-04-06 |
2016-04-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. |
|
33776 |
CVE-2015-7919 |
264 |
|
DoS |
2015-12-21 |
2015-12-21 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. |
|
33777 |
CVE-2015-7918 |
119 |
|
Exec Code Overflow |
2015-12-15 |
2015-12-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. |
|
33778 |
CVE-2015-7917 |
|
|
+Priv |
2015-12-22 |
2016-11-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
33779 |
CVE-2015-7916 |
79 |
|
XSS |
2016-02-06 |
2016-12-02 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. |
|
33780 |
CVE-2015-7907 |
22 |
|
Dir. Trav. Bypass |
2015-12-21 |
2015-12-22 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. |
|
33781 |
CVE-2015-7904 |
|
|
Exec Code |
2015-10-28 |
2015-10-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file. |
|
33782 |
CVE-2015-7903 |
89 |
|
Exec Code Sql |
2015-10-28 |
2015-10-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
|
33783 |
CVE-2015-7902 |
200 |
|
+Info |
2015-10-28 |
2015-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests. |
|
33784 |
CVE-2015-7901 |
78 |
|
Exec Code |
2015-10-28 |
2017-09-15 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. |
|
33785 |
CVE-2015-7900 |
200 |
|
+Info |
2015-10-28 |
2015-10-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page. |
|
33786 |
CVE-2015-7899 |
284 |
|
+Info |
2015-10-29 |
2015-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. |
|
33787 |
CVE-2015-7898 |
284 |
|
DoS |
2017-06-27 |
2017-07-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). |
|
33788 |
CVE-2015-7896 |
119 |
|
DoS Overflow Mem. Corr. |
2017-08-24 |
2017-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. |
|
33789 |
CVE-2015-7895 |
284 |
|
DoS |
2017-06-27 |
2017-07-03 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). |
|
33790 |
CVE-2015-7894 |
119 |
|
DoS Exec Code Overflow |
2017-08-09 |
2017-08-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG. |
|
33791 |
CVE-2015-7893 |
20 |
|
|
2017-04-11 |
2017-04-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. |
|
33792 |
CVE-2015-7891 |
362 |
|
|
2017-08-02 |
2017-08-04 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. |
|
33793 |
CVE-2015-7889 |
275 |
|
+Info |
2017-12-27 |
2018-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. |
|
33794 |
CVE-2015-7887 |
284 |
|
|
2017-08-07 |
2017-08-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. |
|
33795 |
CVE-2015-7886 |
200 |
|
+Info |
2016-01-18 |
2017-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors. |
|
33796 |
CVE-2015-7885 |
200 |
|
+Info |
2015-12-28 |
2016-12-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. |
|
33797 |
CVE-2015-7884 |
200 |
|
+Info |
2015-12-28 |
2016-12-07 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory via a crafted application. |
|
33798 |
CVE-2015-7882 |
287 |
|
|
2019-07-19 |
2019-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Improper handling of LDAP authentication in MongoDB Server versions 3.0.0 to 3.0.6 allows an unauthenticated client to gain unauthorized access. |
|
33799 |
CVE-2015-7881 |
284 |
|
Bypass |
2015-10-26 |
2015-10-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment. |
|
33800 |
CVE-2015-7880 |
200 |
|
+Info |
2017-09-13 |
2017-09-26 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and knowledge of usernames. |
