# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
33801 |
CVE-2015-7879 |
79 |
|
XSS |
2017-09-11 |
2017-09-19 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary web script or HTML via note text on the admin listing page. |
33802 |
CVE-2015-7878 |
79 |
|
XSS |
2017-11-06 |
2017-11-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via taxonomy vocabulary and term names. |
33803 |
CVE-2015-7875 |
264 |
|
|
2017-08-07 |
2017-09-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal does not verify the "edit" permission for the "content type" plugins that are used on Panels and similar systems to place content and functionality on a page. |
33804 |
CVE-2015-7873 |
254 |
|
|
2015-10-28 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. |
33805 |
CVE-2015-7872 |
20 |
|
DoS |
2015-11-16 |
2017-01-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. |
33806 |
CVE-2015-7869 |
189 |
|
DoS Overflow +Priv +Info |
2015-11-24 |
2016-08-25 |
6.6 |
None |
Local |
Medium |
Not required |
Complete |
Partial |
Complete |
Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors, which trigger uninitialized or out of bounds memory access. NOTE: this identifier has been SPLIT per ADT2 and ADT3 due to different vulnerability type and affected versions. See CVE-2015-8328 for the vulnerability in the NVAPI support layer in NVIDIA drivers for Windows. |
33807 |
CVE-2015-7863 |
254 |
|
Bypass |
2015-10-19 |
2016-12-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. |
33808 |
CVE-2015-7862 |
264 |
|
|
2015-10-19 |
2016-12-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via unspecified vectors. |
33809 |
CVE-2015-7859 |
200 |
|
+Info |
2015-10-29 |
2015-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. |
33810 |
CVE-2015-7855 |
20 |
|
DoS |
2017-08-07 |
2017-11-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value. |
33811 |
CVE-2015-7854 |
119 |
|
DoS Exec Code Overflow |
2017-08-07 |
2017-11-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Buffer overflow in the password management functionality in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted key file. |
33812 |
CVE-2015-7852 |
20 |
|
DoS |
2017-08-07 |
2018-05-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. |
33813 |
CVE-2015-7850 |
119 |
|
DoS Overflow |
2017-08-07 |
2017-11-09 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. |
33814 |
CVE-2015-7849 |
416 |
|
DoS Exec Code |
2017-08-07 |
2017-11-09 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to possibly execute arbitrary code or cause a denial of service (crash) via crafted packets. |
33815 |
CVE-2015-7848 |
190 |
|
Overflow |
2017-01-06 |
2017-11-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct message authentication code and a valid timestamp. When processed by the NTP daemon, it leads to an immediate crash. |
33816 |
CVE-2015-7847 |
20 |
|
DoS |
2017-04-02 |
2017-04-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack. |
33817 |
CVE-2015-7846 |
200 |
|
+Info |
2017-09-25 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. |
33818 |
CVE-2015-7845 |
20 |
|
DoS |
2015-11-19 |
2015-11-20 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cause a denial of service (CLI outage) via crafted SSH packets. |
33819 |
CVE-2015-7843 |
254 |
|
|
2017-10-02 |
2017-10-23 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
The management interface on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 does not limit the number of query attempts, which allows remote authenticated users to obtain credentials of higher-level users via a brute force attack. |
33820 |
CVE-2015-7842 |
275 |
|
|
2017-10-09 |
2017-11-05 |
5.5 |
None |
Remote |
Low |
Single system |
None |
Partial |
Partial |
Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V100R003C00SPC602, RH1288 V3 with software before V100R003C00SPC602, RH2288A V2 with software before V100R002C00SPC701, RH1288A V2 with software before V100R002C00SPC502, RH8100 V3 with software before V100R003C00SPC110, CH222 V3 with software before V100R001C00SPC161, CH220 V3 with software before V100R001C00SPC161, and CH121 V3 with software before V100R001C00SPC161 allow remote authenticated operators to change server information by leveraging failure to verify user permissions. |
33821 |
CVE-2015-7837 |
254 |
|
Bypass |
2017-09-19 |
2017-10-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. |
33822 |
CVE-2015-7836 |
200 |
|
+Info |
2015-10-28 |
2017-09-14 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain sensitive information by sniffing the network for VLAN data within the padding section of an Ethernet frame. |
33823 |
CVE-2015-7833 |
17 |
|
DoS |
2015-10-19 |
2017-09-12 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor. |
33824 |
CVE-2015-7830 |
20 |
|
DoS |
2015-11-14 |
2017-09-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause a denial of service (incorrect free and application crash) via a crafted packet that triggers interface-filter copying. |
33825 |
CVE-2015-7829 |
264 |
|
|
2015-10-14 |
2016-12-08 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows mishandle junctions in the Synchronizer directory, which allows attackers to delete arbitrary files via Adobe Collaboration Sync, a related issue to CVE-2015-2428. |
33826 |
CVE-2015-7827 |
200 |
|
+Info |
2016-05-13 |
2016-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. |
33827 |
CVE-2015-7824 |
200 |
|
+Info |
2017-04-10 |
2017-04-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites. |
33828 |
CVE-2015-7823 |
|
|
|
2015-10-21 |
2015-10-23 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter. |
33829 |
CVE-2015-7822 |
79 |
|
XSS |
2015-10-21 |
2015-10-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI. |
33830 |
CVE-2015-7819 |
255 |
|
+Info |
2015-11-11 |
2015-11-12 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a request on port 40999, as demonstrated by an improperly encrypted password. |
33831 |
CVE-2015-7814 |
119 |
|
DoS Overflow |
2015-10-30 |
2017-06-30 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vectors involving the destruction of a domain and using XENMEM_decrease_reservation to reduce the memory of the domain. |
33832 |
CVE-2015-7813 |
399 |
|
DoS |
2015-10-30 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) HYPERVISOR_physdev_op hypercalls, which are not properly handled in the do_physdev_op function in arch/arm/physdev.c, or (2) HYPERVISOR_hvm_op hypercalls, which are not properly handled in the do_hvm_op function in arch/arm/hvm.c. |
33833 |
CVE-2015-7812 |
254 |
|
DoS |
2015-11-17 |
2018-10-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multicall interface. |
33834 |
CVE-2015-7809 |
264 |
|
Exec Code |
2015-11-06 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The displayBlock function Template.php in Sensio Labs Twig before 1.20.0, when Sandbox mode is enabled, allows remote attackers to execute arbitrary code via the _self variable in a template. |
33835 |
CVE-2015-7804 |
189 |
|
DoS |
2015-12-11 |
2016-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer dereference and application crash) by including the / filename in a .zip PHAR archive. |
33836 |
CVE-2015-7803 |
|
|
DoS |
2015-12-11 |
2016-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a .phar file with a crafted TAR archive entry in which the Link indicator references a file that does not exist. |
33837 |
CVE-2015-7802 |
119 |
|
DoS Overflow |
2016-04-20 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file. |
33838 |
CVE-2015-7799 |
|
|
DoS |
2015-10-19 |
2017-03-23 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. |
33839 |
CVE-2015-7798 |
79 |
|
XSS |
2016-02-16 |
2016-02-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7797, CVE-2016-1149, and CVE-2016-1150. |
33840 |
CVE-2015-7797 |
79 |
|
XSS |
2016-02-16 |
2016-02-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7796, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. |
33841 |
CVE-2015-7796 |
79 |
|
XSS |
2016-02-16 |
2016-02-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7795, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. |
33842 |
CVE-2015-7795 |
79 |
|
XSS |
2016-02-16 |
2016-02-22 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-7796, CVE-2015-7797, CVE-2015-7798, CVE-2016-1149, and CVE-2016-1150. |
33843 |
CVE-2015-7794 |
20 |
|
DoS |
2015-12-30 |
2015-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries. |
33844 |
CVE-2015-7793 |
17 |
|
|
2015-12-30 |
2015-12-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors. |
33845 |
CVE-2015-7791 |
89 |
|
Exec Code Sql |
2015-12-29 |
2017-07-17 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[column] or (2) switch parameter. |
33846 |
CVE-2015-7790 |
79 |
|
XSS |
2015-12-30 |
2015-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
33847 |
CVE-2015-7789 |
20 |
|
DoS |
2015-12-30 |
2015-12-30 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors. |
33848 |
CVE-2015-7788 |
264 |
|
Exec Code |
2015-12-30 |
2015-12-30 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. |
33849 |
CVE-2015-7787 |
200 |
|
+Info |
2015-12-30 |
2015-12-30 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors. |
33850 |
CVE-2015-7786 |
79 |
|
XSS |
2015-12-29 |
2015-12-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |