# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
42151 |
CVE-2015-8596 |
119 |
|
Overflow |
2017-08-18 |
2017-08-24 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. |
42152 |
CVE-2015-8595 |
119 |
|
Overflow |
2017-08-18 |
2017-08-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. |
42153 |
CVE-2015-8594 |
119 |
|
Overflow |
2017-08-18 |
2018-04-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. |
42154 |
CVE-2015-8593 |
119 |
|
Overflow |
2017-08-18 |
2018-04-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. |
42155 |
CVE-2015-8592 |
476 |
|
Mem. Corr. |
2017-08-18 |
2017-08-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. |
42156 |
CVE-2015-8581 |
20 |
|
Exec Code |
2015-12-16 |
2015-12-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The EjbObjectInputStream class in Apache TomEE allows remote attackers to execute arbitrary commands via a serialized Java stream. |
42157 |
CVE-2015-8580 |
|
|
Exec Code |
2015-12-16 |
2016-11-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary code via a crafted PDF document. |
42158 |
CVE-2015-8579 |
264 |
|
Bypass |
2015-12-16 |
2016-11-28 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. |
42159 |
CVE-2015-8578 |
264 |
|
Bypass |
2015-12-16 |
2016-11-28 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR protection mechanisms via unspecified vectors. |
42160 |
CVE-2015-8572 |
119 |
|
Exec Code Overflow |
2015-12-15 |
2015-12-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lines in a PCX file, or (4) DataSubBlock or (5) GlobalColorTable in a GIF file. |
42161 |
CVE-2015-8571 |
189 |
|
Exec Code Overflow |
2015-12-15 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. |
42162 |
CVE-2015-8570 |
264 |
|
|
2015-12-15 |
2016-11-28 |
7.4 |
None |
Local Network |
Medium |
Single system |
Complete |
Complete |
Complete |
The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request. |
42163 |
CVE-2015-8568 |
119 |
|
DoS Overflow |
2017-04-11 |
2017-11-03 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxnet3 device repeatedly. |
42164 |
CVE-2015-8567 |
399 |
|
DoS |
2017-04-13 |
2018-10-30 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). |
42165 |
CVE-2015-8566 |
|
|
Exec Code |
2015-12-16 |
2015-12-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The Session package 1.x before 1.3.1 for Joomla! Framework allows remote attackers to execute arbitrary code via unspecified session values. |
42166 |
CVE-2015-8565 |
22 |
|
Dir. Trav. |
2015-12-16 |
2015-12-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via unknown vectors. |
42167 |
CVE-2015-8564 |
22 |
|
Dir. Trav. |
2015-12-16 |
2015-12-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows remote attackers to have unspecified impact via directory traversal sequences in the XML install file in an extension package archive. |
42168 |
CVE-2015-8563 |
352 |
|
CSRF |
2015-12-16 |
2015-12-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. |
42169 |
CVE-2015-8562 |
20 |
|
Exec Code |
2015-12-16 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the HTTP User-Agent header, as exploited in the wild in December 2015. |
42170 |
CVE-2015-8561 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-15 |
2015-12-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted integer value to the (1) AttachToSS, (2) CopyAll, (3) CopyRange, (4) CopyRangeEx, or (5) SwapTable method, a different vulnerability than CVE-2015-7918. |
42171 |
CVE-2015-8560 |
|
|
Exec Code |
2016-04-14 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a ; (semicolon) character in a print job, a different vulnerability than CVE-2015-8327. |
42172 |
CVE-2015-8559 |
200 |
|
+Info |
2017-09-21 |
2017-10-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
The knife bootstrap command in chef leaks the validator.pem private RSA key to /var/log/messages. |
42173 |
CVE-2015-8558 |
20 |
|
DoS |
2016-05-23 |
2017-11-03 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer descriptor (iTD) list. |
42174 |
CVE-2015-8557 |
78 |
|
Exec Code |
2016-01-08 |
2017-06-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. |
42175 |
CVE-2015-8556 |
362 |
|
|
2017-03-24 |
2017-03-27 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. |
42176 |
CVE-2015-8555 |
200 |
|
+Info |
2016-04-13 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains to obtain sensitive information from other domains via unspecified vectors. |
42177 |
CVE-2015-8554 |
119 |
|
Overflow +Priv |
2016-04-14 |
2017-06-30 |
6.6 |
None |
Local |
Medium |
Single system |
Complete |
Complete |
Complete |
Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a system with access to a passed-through MSI-X capable physical PCI device and MSI-X table entries, related to a "write path." |
42178 |
CVE-2015-8551 |
|
|
DoS |
2016-04-13 |
2017-11-03 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a crafted sequence of XEN_PCI_OP_* operations, aka "Linux pciback missing sanity checks." |
42179 |
CVE-2015-8550 |
284 |
|
DoS +Priv |
2016-04-14 |
2017-11-03 |
5.7 |
None |
Local |
Low |
Single system |
Partial |
Partial |
Complete |
Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability. |
42180 |
CVE-2015-8548 |
|
|
DoS |
2015-12-14 |
2016-12-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknown vectors, a different issue than CVE-2015-8478. |
42181 |
CVE-2015-8547 |
17 |
|
DoS |
2016-01-08 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The CoreUserInputHandler::doMode function in core/coreuserinputhandler.cpp in Quassel 0.10.0 allows remote attackers to cause a denial of service (application crash) via the "/op *" command in a query. |
42182 |
CVE-2015-8544 |
200 |
|
+Info |
2017-02-07 |
2017-11-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. |
42183 |
CVE-2015-8543 |
|
|
DoS +Priv |
2015-12-28 |
2018-01-04 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. |
42184 |
CVE-2015-8542 |
320 |
|
|
2016-12-15 |
2018-10-19 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The "getprivkeybyid" API call is used to download a PGP Private Key for a specific user after providing authentication credentials. Clients provide the "id" and "cid" parameter to specify the current user by its user- and context-ID. The "auth" parameter contains a hashed password string which gets created by the client by asking the user to enter his or her OX Guard password. This parameter is used as single point of authentication when accessing PGP Private Keys. In case a user has set the same password as another user, it is possible to download another user's PGP Private Key by iterating the "id" and "cid" parameters. This kind of attack would also be able by brute-forcing login credentials, but since the "id" and "cid" parameters are sequential they are much easier to predict than a user's login name. At the same time, there are some obvious insecure standard passwords that are widely used. A attacker could send the hashed representation of typically weak passwords and randomly fetch Private Key of matching accounts. The attack can be executed by both internal users and "guests" which use the external mail reader. |
42185 |
CVE-2015-8540 |
189 |
|
|
2016-04-14 |
2017-11-03 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26 allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image, which triggers an out-of-bounds read. |
42186 |
CVE-2015-8539 |
264 |
|
DoS +Priv |
2016-02-07 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c. |
42187 |
CVE-2015-8538 |
20 |
|
DoS |
2017-06-07 |
2017-06-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). |
42188 |
CVE-2015-8537 |
200 |
|
+Info |
2016-04-12 |
2016-04-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. |
42189 |
CVE-2015-8531 |
79 |
|
XSS |
2016-02-14 |
2016-02-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in IBM Security Access Manager for Web 8.0 before 8.0.1.3 IF4 and 9.0 before 9.0.0.1 IF1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
42190 |
CVE-2015-8530 |
119 |
|
Exec Code Overflow |
2016-05-14 |
2016-11-30 |
6.0 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
Partial |
Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before 23.0.0.3-IF0001, and 24 before 24.0.0.0-IF0003 allows remote authenticated users to execute arbitrary code via a long argument. |
42191 |
CVE-2015-8524 |
79 |
|
XSS |
2016-02-29 |
2016-12-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
42192 |
CVE-2015-8523 |
284 |
|
DoS |
2016-04-05 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. |
42193 |
CVE-2015-8522 |
119 |
|
Exec Code Overflow |
2016-04-05 |
2016-11-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8521. |
42194 |
CVE-2015-8521 |
119 |
|
Exec Code Overflow |
2016-04-05 |
2016-11-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8520, and CVE-2015-8522. |
42195 |
CVE-2015-8520 |
119 |
|
Exec Code Overflow |
2016-04-05 |
2016-11-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8519, CVE-2015-8521, and CVE-2015-8522. |
42196 |
CVE-2015-8519 |
119 |
|
Exec Code Overflow |
2016-04-05 |
2016-11-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability than CVE-2015-8520, CVE-2015-8521, and CVE-2015-8522. |
42197 |
CVE-2015-8511 |
362 |
|
Bypass |
2016-01-08 |
2016-01-14 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. |
42198 |
CVE-2015-8510 |
79 |
|
XSS |
2016-01-08 |
2016-01-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the internationalization feature in the default homescreen app in Mozilla Firefox OS before 2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted web site that is mishandled during "Add to home screen" bookmarking. |
42199 |
CVE-2015-8509 |
200 |
|
+Info |
2016-01-03 |
2016-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2 does not properly construct CSV files, which allows remote attackers to obtain sensitive information by leveraging a web browser that interprets CSV data as JavaScript code. |
42200 |
CVE-2015-8507 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-12-08 |
2015-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8506. |