| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-8600 |
264 |
|
+Priv Bypass +Info |
2015-12-17 |
2018-12-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The SysAdminWebTool servlets in SAP Mobile Platform allow remote attackers to bypass authentication and obtain sensitive information, gain privileges, or have unspecified other impact via unknown vectors, aka SAP Security Note 2227855. |
|
2 |
CVE-2015-8543 |
|
|
DoS +Priv |
2015-12-28 |
2018-01-05 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application. |
|
3 |
CVE-2015-8368 |
254 |
|
+Priv |
2015-12-17 |
2015-12-18 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua. |
|
4 |
CVE-2015-8328 |
119 |
|
DoS Overflow +Priv +Info |
2015-11-24 |
2019-02-14 |
6.6 |
None |
Local |
Medium |
Not required |
Complete |
Partial |
Complete |
|
Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-7869 per ADT2 and ADT3 due to different vulnerability types and affected versions. |
|
5 |
CVE-2015-8222 |
264 |
|
+Priv |
2015-11-17 |
2015-11-18 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via unspecified vectors. |
|
6 |
CVE-2015-8113 |
|
|
+Priv |
2015-11-12 |
2015-11-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in the client in Symantec Endpoint Protection (SEP) 12.1 before 12.1-RU6-MP3 allows local users to gain privileges via a Trojan horse DLL in a client install package. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1492. |
|
7 |
CVE-2015-8090 |
200 |
|
+Priv +Info |
2015-11-18 |
2015-11-19 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows remote authenticated users to gain privileges, and consequently obtain sensitive information, via an HTTP request. |
|
8 |
CVE-2015-7985 |
276 |
|
+Priv |
2015-11-24 |
2022-02-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. |
|
9 |
CVE-2015-7917 |
|
|
+Priv |
2015-12-23 |
2016-11-28 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. |
|
10 |
CVE-2015-7897 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-11-16 |
2015-11-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file. |
|
11 |
CVE-2015-7869 |
189 |
|
DoS Overflow +Priv +Info |
2015-11-24 |
2019-02-13 |
6.6 |
None |
Local |
Medium |
Not required |
Complete |
Partial |
Complete |
|
Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before 340.96, R352 before 352.63, and R358 before 358.16 on Linux allow local users to obtain sensitive information, cause a denial of service (crash), or possibly gain privileges via unknown vectors, which trigger uninitialized or out of bounds memory access. NOTE: this identifier has been SPLIT per ADT2 and ADT3 due to different vulnerability type and affected versions. See CVE-2015-8328 for the vulnerability in the NVAPI support layer in NVIDIA drivers for Windows. |
|
12 |
CVE-2015-7866 |
|
|
+Priv |
2015-11-24 |
2019-02-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to gain privileges via a Trojan horse application, as demonstrated by C:\Program.exe. |
|
13 |
CVE-2015-7865 |
284 |
|
+Priv |
2015-11-24 |
2019-02-13 |
7.7 |
None |
Local Network |
Low |
??? |
Complete |
Complete |
Complete |
|
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784. |
|
14 |
CVE-2015-7835 |
264 |
|
+Priv |
2015-10-30 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x does not properly validate level 2 page table entries, which allows local PV guest administrators to gain privileges via a crafted superpage mapping. |
|
15 |
CVE-2015-7751 |
264 |
|
+Priv |
2015-10-19 |
2015-10-20 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is "corrupted," which allows local users to gain root privileges by modifying the file. |
|
16 |
CVE-2015-7717 |
264 |
|
+Priv |
2015-10-06 |
2015-10-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596. |
|
17 |
CVE-2015-7613 |
362 |
|
+Priv |
2015-10-19 |
2016-12-08 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. |
|
18 |
CVE-2015-7600 |
264 |
|
+Priv |
2015-10-06 |
2017-01-05 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for vpnclient.ini, which allows local users to gain privileges by entering an arbitrary program name in the Command field of the ApplicationLauncher section. |
|
19 |
CVE-2015-7394 |
264 |
|
DoS Exec Code +Priv |
2015-11-06 |
2019-06-06 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway, WebAccelerator, and WOM 11.1.0 through 11.3.0, BIG-IP GTM 11.1.0 through 11.6.0, BIG-IP PSM 11.1.0 through 11.4.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, BIG-IQ ADC 4.5.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to cause a denial of service or gain privileges by leveraging permission to upload and execute code. |
|
20 |
CVE-2015-7312 |
362 |
|
DoS +Priv |
2015-11-16 |
2020-08-07 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-after-free and BUG) or possibly gain privileges via a (1) madvise or (2) msync system call, related to mm/madvise.c and mm/msync.c. |
|
21 |
CVE-2015-7223 |
264 |
|
+Priv XSS +Info |
2015-12-16 |
2018-10-30 |
4.0 |
None |
Remote |
High |
Not required |
Partial |
Partial |
None |
|
The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted web site. |
|
22 |
CVE-2015-7110 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-12-11 |
2017-09-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image. |
|
23 |
CVE-2015-7108 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-12-11 |
2017-09-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. |
|
24 |
CVE-2015-7106 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-12-11 |
2017-09-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. |
|
25 |
CVE-2015-7084 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-12-11 |
2019-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7083. |
|
26 |
CVE-2015-7083 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-12-11 |
2019-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-7084. |
|
27 |
CVE-2015-7078 |
|
|
+Priv |
2015-12-11 |
2017-09-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects. |
|
28 |
CVE-2015-7077 |
119 |
|
DoS Overflow +Priv |
2015-12-11 |
2017-09-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors. |
|
29 |
CVE-2015-7076 |
|
|
DoS +Priv |
2015-12-11 |
2017-09-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. |
|
30 |
CVE-2015-7063 |
264 |
|
+Priv |
2015-12-11 |
2017-09-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname. |
|
31 |
CVE-2015-7057 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-12-11 |
2016-12-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. |
|
32 |
CVE-2015-7052 |
264 |
|
+Priv |
2015-12-11 |
2017-09-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors. |
|
33 |
CVE-2015-7049 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-12-11 |
2016-12-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. |
|
34 |
CVE-2015-7047 |
20 |
|
+Priv |
2015-12-11 |
2019-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed. |
|
35 |
CVE-2015-7021 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-10-23 |
2015-10-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors. |
|
36 |
CVE-2015-7016 |
264 |
|
+Priv Bypass |
2015-10-23 |
2015-10-27 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app. |
|
37 |
CVE-2015-6923 |
|
|
+Priv |
2015-09-21 |
2018-10-09 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call. |
|
38 |
CVE-2015-6850 |
264 |
|
+Priv |
2015-12-28 |
2016-12-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. |
|
39 |
CVE-2015-6630 |
200 |
|
+Priv +Info |
2015-12-08 |
2019-02-12 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797. |
|
40 |
CVE-2015-6625 |
200 |
|
+Priv +Info |
2015-12-08 |
2015-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
System Server in Android 6.0 before 2015-12-01 allows attackers to obtain sensitive information and consequently gain privileges via a crafted application, aka internal bug 23936840. |
|
41 |
CVE-2015-6623 |
264 |
|
+Priv |
2015-12-08 |
2015-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24872703. |
|
42 |
CVE-2015-6621 |
264 |
|
+Priv |
2015-12-08 |
2015-12-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438. |
|
43 |
CVE-2015-6620 |
264 |
|
+Priv |
2015-12-08 |
2019-02-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bugs 24123723 and 24445127. |
|
44 |
CVE-2015-6619 |
264 |
|
+Priv |
2015-12-08 |
2019-02-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, aka internal bug 23520714. |
|
45 |
CVE-2015-6614 |
264 |
|
DoS +Priv Bypass |
2015-11-03 |
2016-12-07 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial of service (call-reception outage or mute manipulation), via a crafted application, aka internal bug 21900139. |
|
46 |
CVE-2015-6613 |
77 |
|
+Priv |
2015-11-03 |
2019-02-12 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736. |
|
47 |
CVE-2015-6612 |
264 |
|
+Priv |
2015-11-03 |
2019-02-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges via a crafted application, aka internal bug 23540426. |
|
48 |
CVE-2015-6610 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-11-03 |
2019-02-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
libstagefright in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka internal bug 23707088. |
|
49 |
CVE-2015-6607 |
264 |
|
+Priv |
2015-10-06 |
2017-03-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. |
|
50 |
CVE-2015-6606 |
264 |
|
+Priv |
2015-10-06 |
2015-10-07 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22301786. |
