| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
42551 |
CVE-2015-7970 |
399 |
|
DoS |
2015-10-30 |
2017-06-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU consumption and possibly reboot) via crafted memory contents that triggers a "time-consuming linear scan," related to Populate-on-Demand. |
|
42552 |
CVE-2015-7969 |
399 |
|
DoS |
2015-10-30 |
2018-10-30 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" of domains with the vcpu pointer array allocated using the (1) XEN_DOMCTL_max_vcpus hypercall or the xenoprofile state vcpu pointer array allocated using the (2) XENOPROF_get_buffer or (3) XENOPROF_set_passive hypercall. |
|
42553 |
CVE-2015-7967 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
|
42554 |
CVE-2015-7966 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965. |
|
42555 |
CVE-2015-7965 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966. |
|
42556 |
CVE-2015-7964 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
|
42557 |
CVE-2015-7963 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
|
42558 |
CVE-2015-7962 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
|
42559 |
CVE-2015-7961 |
264 |
|
+Priv |
2018-03-02 |
2018-03-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. |
|
42560 |
CVE-2015-7945 |
200 |
|
+Info |
2017-08-18 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results. |
|
42561 |
CVE-2015-7944 |
399 |
|
DoS |
2017-08-18 |
2017-11-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation. |
|
42562 |
CVE-2015-7943 |
601 |
|
|
2017-10-18 |
2017-11-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233. |
|
42563 |
CVE-2015-7942 |
119 |
|
DoS Overflow |
2015-11-18 |
2017-09-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted XML data, a different vulnerability than CVE-2015-7941. |
|
42564 |
CVE-2015-7941 |
119 |
|
DoS Overflow |
2015-11-18 |
2017-09-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1) xmlParseEntityDecl or (2) xmlParseConditionalSections function in parser.c, as demonstrated by non-terminated entities. |
|
42565 |
CVE-2015-7940 |
310 |
|
|
2015-11-09 |
2019-01-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack." |
|
42566 |
CVE-2015-7939 |
119 |
|
Exec Code Overflow |
2016-01-08 |
2016-01-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename. |
|
42567 |
CVE-2015-7938 |
287 |
|
Bypass |
2016-01-08 |
2016-01-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. |
|
42568 |
CVE-2015-7937 |
119 |
|
Exec Code Overflow |
2015-12-21 |
2016-11-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Basic Authentication data. |
|
42569 |
CVE-2015-7936 |
352 |
|
CSRF |
2015-12-22 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password. |
|
42570 |
CVE-2015-7935 |
200 |
|
+Info |
2015-12-22 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Motorola Solutions MOSCAD IP Gateway allows remote attackers to read arbitrary files via unspecified vectors. |
|
42571 |
CVE-2015-7934 |
200 |
|
+Info |
2015-12-23 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. |
|
42572 |
CVE-2015-7932 |
200 |
|
+Info |
2015-12-23 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network. |
|
42573 |
CVE-2015-7931 |
20 |
|
+Info |
2015-12-23 |
2016-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information by reading cleartext packet data, related to the lack of SSL support. |
|
42574 |
CVE-2015-7930 |
|
|
|
2015-12-23 |
2016-11-28 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors. |
|
42575 |
CVE-2015-7929 |
200 |
|
+Info |
2015-12-23 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. |
|
42576 |
CVE-2015-7928 |
200 |
|
+Info |
2015-12-23 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. |
|
42577 |
CVE-2015-7927 |
79 |
|
XSS |
2015-12-23 |
2016-12-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
42578 |
CVE-2015-7926 |
200 |
|
+Info |
2015-12-23 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL. |
|
42579 |
CVE-2015-7925 |
352 |
|
CSRF |
2015-12-23 |
2016-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot. |
|
42580 |
CVE-2015-7924 |
|
|
|
2015-12-23 |
2016-12-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. |
|
42581 |
CVE-2015-7923 |
310 |
|
|
2016-01-30 |
2016-03-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key. |
|
42582 |
CVE-2015-7921 |
255 |
|
Bypass |
2016-04-06 |
2016-04-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of these credentials. |
|
42583 |
CVE-2015-7919 |
264 |
|
DoS |
2015-12-21 |
2015-12-21 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. |
|
42584 |
CVE-2015-7918 |
119 |
|
Exec Code Overflow |
2015-12-15 |
2015-12-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedName, (3) DefinedNameLocal, (4) ODBCPrepareEx, (5) ObjCreatePolygon, (6) SetTabbedTextEx, or (7) SetValidationRule method, a different vulnerability than CVE-2015-8561. |
|
42585 |
CVE-2015-7917 |
|
|
+Priv |
2015-12-22 |
2016-11-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
42586 |
CVE-2015-7915 |
255 |
|
+Info |
2016-02-06 |
2016-12-02 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. |
|
42587 |
CVE-2015-7914 |
287 |
|
Bypass |
2016-02-06 |
2016-12-02 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password. |
|
42588 |
CVE-2015-7913 |
|
|
Exec Code |
2015-11-21 |
2015-11-23 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows local users to execute arbitrary Java code with SYSTEM privileges by using the Apache Axis AdminService deployment method to publish a class. |
|
42589 |
CVE-2015-7912 |
|
|
Exec Code |
2015-11-21 |
2015-11-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Ice Faces servlet in ag_server_service.exe in the AggreGate Server Service in Tibbo AggreGate before 5.30.06 allows remote attackers to upload and execute arbitrary Java code via a crafted XML document. |
|
42590 |
CVE-2015-7911 |
255 |
|
|
2015-12-22 |
2015-12-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.24.41 have hardcoded credentials, which allows remote attackers to obtain administrative access via an FTP session. |
|
42591 |
CVE-2015-7910 |
284 |
|
Bypass |
2015-11-19 |
2015-11-19 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this header and processing the response body. |
|
42592 |
CVE-2015-7909 |
119 |
|
DoS Overflow |
2016-01-22 |
2016-02-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000. |
|
42593 |
CVE-2015-7908 |
200 |
|
+Info |
2015-12-21 |
2015-12-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network. |
|
42594 |
CVE-2015-7907 |
22 |
|
Dir. Trav. Bypass |
2015-12-21 |
2015-12-22 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and write to a configuration file or trigger a calibration or test, via unspecified vectors. |
|
42595 |
CVE-2015-7906 |
255 |
|
|
2015-12-21 |
2015-12-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors. |
|
42596 |
CVE-2015-7905 |
94 |
|
Exec Code |
2015-11-12 |
2017-01-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. |
|
42597 |
CVE-2015-7904 |
|
|
Exec Code |
2015-10-28 |
2015-10-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors involving an upload of an image file. |
|
42598 |
CVE-2015-7903 |
89 |
|
Exec Code Sql |
2015-10-28 |
2015-10-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. |
|
42599 |
CVE-2015-7902 |
200 |
|
+Info |
2015-10-28 |
2015-10-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests. |
|
42600 |
CVE-2015-7901 |
78 |
|
Exec Code |
2015-10-28 |
2017-09-15 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. |
