Total
5231 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4104 | 1 Xen | 1 Xen | 2024-11-21 | 7.8 HIGH | N/A |
| Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI mask bits, which allows local x86 HVM guest users to cause a denial of service (unexpected interrupt and host crash) via unspecified vectors. | |||||
| CVE-2015-4103 | 1 Xen | 1 Xen | 2024-11-21 | 4.9 MEDIUM | N/A |
| Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handling confusion) via vectors related to qemu and accessing spanning multiple fields. | |||||
| CVE-2015-4082 | 1 Attic Project | 1 Attic | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file". | |||||
| CVE-2015-4045 | 1 Alienvault | 1 Open Source Security Information Management | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script. | |||||
| CVE-2015-4038 | 1 Wpmembership | 1 Wpmembership | 2024-11-21 | 6.5 MEDIUM | N/A |
| The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php. | |||||
| CVE-2015-4032 | 1 Visual Mining | 1 Netcharts Server | 2024-11-21 | 10.0 HIGH | N/A |
| projectContents.jsp in the Developer tools in Visual Mining NetCharts Server allows remote attackers to rename arbitrary files, and consequently execute them, via unspecified vectors. | |||||
| CVE-2015-4027 | 1 Acunetix | 1 Web Vulnerability Scanner | 2024-11-21 | 7.2 HIGH | N/A |
| The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a params JSON object to api/addScan. | |||||
| CVE-2015-3965 | 1 Pfizer | 2 Symbiq Infusion System, Symbiq Infusion System Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Hospira Symbiq Infusion System 3.13 and earlier allows remote authenticated users to trigger "unanticipated operations" by leveraging "elevated privileges" for an unspecified call to an incorrectly exposed function. | |||||
| CVE-2015-3879 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | N/A |
| Media Player Framework in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, aka internal bug 23223325. | |||||
| CVE-2015-3878 | 1 Google | 1 Android | 2024-11-21 | 4.3 MEDIUM | N/A |
| Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information via a crafted application that references a long application name, aka internal bug 23345192. | |||||
| CVE-2015-3865 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | N/A |
| The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463. | |||||
| CVE-2015-3858 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | N/A |
| The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a crafted application, aka internal bug 22314646. | |||||
| CVE-2015-3849 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | N/A |
| The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via an application that sends a crafted message to a service, aka internal bug 21585255. | |||||
| CVE-2015-3847 | 1 Google | 1 Android | 2024-11-21 | 6.4 MEDIUM | N/A |
| Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | |||||
| CVE-2015-3845 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | N/A |
| The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a different application's privileges via a crafted application, aka internal bug 17312693. | |||||
| CVE-2015-3844 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | N/A |
| The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of the Settings application, aka internal bug 21669445. | |||||
| CVE-2015-3843 | 1 Google | 1 Android | 2024-11-21 | 9.3 HIGH | N/A |
| The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171. | |||||
| CVE-2015-3801 | 1 Apple | 2 Iphone Os, Safari | 2024-11-21 | 5.0 MEDIUM | N/A |
| The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. | |||||
| CVE-2015-3793 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | N/A |
| CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||||
| CVE-2015-3772 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.2 HIGH | N/A |
| IOFireWireFamily in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3769 and CVE-2015-3771. | |||||