| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
43851 |
CVE-2015-5988 |
255 |
|
|
2015-12-31 |
2015-12-31 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. |
|
43852 |
CVE-2015-5987 |
|
|
|
2015-12-31 |
2015-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. |
|
43853 |
CVE-2015-5986 |
20 |
|
DoS |
2015-09-04 |
2016-12-30 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted DNS response. |
|
43854 |
CVE-2015-5970 |
94 |
|
|
2016-02-18 |
2016-03-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malformed query involving a system entity reference. |
|
43855 |
CVE-2015-5968 |
79 |
|
XSS |
2016-03-18 |
2016-03-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot Patch 4 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. |
|
43856 |
CVE-2015-5965 |
20 |
|
|
2015-08-11 |
2016-12-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field. |
|
43857 |
CVE-2015-5964 |
399 |
|
DoS |
2015-08-24 |
2016-12-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors. |
|
43858 |
CVE-2015-5963 |
399 |
|
DoS |
2015-08-24 |
2017-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. |
|
43859 |
CVE-2015-5962 |
189 |
|
DoS Mem. Corr. |
2015-08-07 |
2015-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management implementation in the graphics layer in Mozilla Firefox OS before 2.2 might allow attackers to cause a denial of service (memory corruption) via a negative value of a size parameter. |
|
43860 |
CVE-2015-5959 |
200 |
|
+Info |
2017-09-06 |
2017-09-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log. |
|
43861 |
CVE-2015-5958 |
78 |
|
Exec Code |
2017-08-31 |
2017-09-06 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
phpFileManager 0.9.8 allows remote attackers to execute arbitrary commands via a crafted URL. |
|
43862 |
CVE-2015-5957 |
119 |
|
Overflow |
2015-09-28 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name. |
|
43863 |
CVE-2015-5955 |
200 |
|
+Info |
2015-10-29 |
2015-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers. |
|
43864 |
CVE-2015-5954 |
|
|
Bypass |
2015-10-21 |
2015-10-22 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder. |
|
43865 |
CVE-2015-5950 |
119 |
|
Overflow +Priv |
2015-09-29 |
2016-12-07 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on Windows; R304 before 304.128, R340 before 340.93, and R352 before 352.41 on Linux; and R352 before 352.46 on GRID vGPU and vSGA allows local users to write to an arbitrary kernel memory location and consequently gain privileges via a crafted ioctl call. |
|
43866 |
CVE-2015-5949 |
119 |
|
DoS Exec Code Overflow |
2015-08-25 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers. |
|
43867 |
CVE-2015-5948 |
362 |
|
Exec Code |
2017-09-06 |
2017-09-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947. |
|
43868 |
CVE-2015-5947 |
362 |
|
Exec Code |
2017-09-06 |
2017-09-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. |
|
43869 |
CVE-2015-5946 |
184 |
|
Exec Code |
2017-08-07 |
2017-08-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. |
|
43870 |
CVE-2015-5945 |
20 |
|
+Priv |
2015-10-23 |
2015-10-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters. |
|
43871 |
CVE-2015-5944 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2015-10-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. |
|
43872 |
CVE-2015-5943 |
254 |
|
Bypass |
2015-10-23 |
2015-10-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app. |
|
43873 |
CVE-2015-5942 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927. |
|
43874 |
CVE-2015-5940 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. |
|
43875 |
CVE-2015-5939 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5937. |
|
43876 |
CVE-2015-5938 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2015-10-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image. |
|
43877 |
CVE-2015-5937 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5939. |
|
43878 |
CVE-2015-5936 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939. |
|
43879 |
CVE-2015-5935 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939. |
|
43880 |
CVE-2015-5934 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2015-10-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5933. |
|
43881 |
CVE-2015-5933 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2015-10-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5934. |
|
43882 |
CVE-2015-5932 |
|
|
+Priv |
2015-10-23 |
2015-10-26 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing. |
|
43883 |
CVE-2015-5931 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. |
|
43884 |
CVE-2015-5930 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. |
|
43885 |
CVE-2015-5929 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. |
|
43886 |
CVE-2015-5928 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. |
|
43887 |
CVE-2015-5927 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942. |
|
43888 |
CVE-2015-5926 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925. |
|
43889 |
CVE-2015-5925 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926. |
|
43890 |
CVE-2015-5924 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-23 |
2016-12-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. |
|
43891 |
CVE-2015-5922 |
|
|
|
2015-10-09 |
2019-04-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. |
|
43892 |
CVE-2015-5921 |
200 |
|
+Info |
2015-09-18 |
2016-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
WebKit in Apple iOS before 9 mishandles "Content-Disposition: attachment" HTTP headers, which might allow man-in-the-middle attackers to obtain sensitive information via unspecified vectors. |
|
43893 |
CVE-2015-5920 |
|
|
|
2015-09-18 |
2016-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors. |
|
43894 |
CVE-2015-5919 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-10-09 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5918. |
|
43895 |
CVE-2015-5918 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-10-09 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5919. |
|
43896 |
CVE-2015-5917 |
119 |
|
DoS Overflow |
2015-10-09 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring. |
|
43897 |
CVE-2015-5916 |
200 |
|
+Info |
2015-09-18 |
2016-12-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature. |
|
43898 |
CVE-2015-5915 |
17 |
|
|
2015-10-09 |
2016-12-07 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. |
|
43899 |
CVE-2015-5914 |
17 |
|
|
2015-10-09 |
2016-12-07 |
4.7 |
None |
Local |
Medium |
Not required |
None |
Complete |
None |
|
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. |
|
43900 |
CVE-2015-5913 |
284 |
|
|
2015-10-09 |
2016-12-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. |
