Weekly Vulnerabilities Reports > October 19 to 25, 2015
Overview
226 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 66 products from 21 vendors including Oracle, Apple, Redhat, Canonical, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Code", and "Resource Management Errors".
- 188 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 10 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 168 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 124 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 16 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
27 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-25 | CVE-2015-1001 | Ininet Solutions | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ininet Solutions Scada web Server Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request. | 10.0 |
2015-10-23 | CVE-2015-6988 | Apple | Multiple Security vulnerability in Apple Iphone OS and mac OS X The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not initialize an unspecified data structure, which allows remote attackers to execute arbitrary code via vectors involving an unknown network-connectivity requirement. | 10.0 |
2015-10-22 | CVE-2015-4915 | Oracle | Remote Security vulnerability in Oracle and SUN Systems Product Suite 3.0/3.1/3.2 Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Management. | 10.0 |
2015-10-21 | CVE-2015-4883 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860. | 10.0 |
2015-10-21 | CVE-2015-4881 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835. | 10.0 |
2015-10-21 | CVE-2015-4863 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2015-10-21 | CVE-2015-4860 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883. | 10.0 |
2015-10-21 | CVE-2015-4844 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | 10.0 |
2015-10-21 | CVE-2015-4843 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 10.0 |
2015-10-21 | CVE-2015-4839 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4798. | 10.0 |
2015-10-21 | CVE-2015-4835 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881. | 10.0 |
2015-10-21 | CVE-2015-4805 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization. | 10.0 |
2015-10-21 | CVE-2015-4798 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4839. | 10.0 |
2015-10-21 | CVE-2015-2608 | Oracle | Remote Security vulnerability in Multiple Oracle Communications Products Unspecified vulnerability in (1) the Oracle Communications Diameter Signaling Router (DSR) component in Oracle Communications Applications 4.1.6 and earlier, 5.1.0 and earlier, 6.0.2 and earlier, and 7.1.0 and earlier; (2) the Oracle Communications Performance Intelligence Center Software component in Oracle Communications Applications 9.0.3 and earlier and 10.1.5 and earlier; (3) the Oracle Communications Policy Management component in Oracle Communications Applications 9.9.0 and earlier, 10.5.0 and earlier, 11.5.0 and earlier, and 12.1.0 and earlier; and (4) the Oracle Communications Tekelec HLR Router component in Oracle Communications Applications 4.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to PMAC. | 10.0 |
2015-10-21 | CVE-2015-4716 | Owncloud Microsoft | Path Traversal vulnerability in multiple products Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors. | 10.0 |
2015-10-19 | CVE-2015-7861 | Accelerite | Permissions, Privileges, and Access Controls vulnerability in Accelerite Radia Client Automation Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending unspecified commands in an environment that lacks relationship-based firewalling. | 10.0 |
2015-10-19 | CVE-2015-7860 | Accelerite | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Accelerite Radia Client Automation Stack-based buffer overflow in the agent in Persistent Accelerite Radia Client Automation (formerly HP Client Automation), possibly before 9.1, allows remote attackers to execute arbitrary code by sending a large amount of data in an environment that lacks relationship-based firewalling. | 10.0 |
2015-10-23 | CVE-2015-6974 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 9.3 |
2015-10-23 | CVE-2015-6986 | Apple | Multiple Security vulnerability in Apple iOS APPLE-SA-2015-10-21-1 com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple iOS before 9.1 allows attackers to execute arbitrary code via a crafted app that leverages an unspecified "type confusion." <a href="http://cwe.mitre.org/data/definitions/843.html">CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')</a> | 9.3 |
2015-10-23 | CVE-2015-6979 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and Watchos GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 9.3 |
2015-10-22 | CVE-2015-4901 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | 9.3 |
2015-10-21 | CVE-2015-4821 | Oracle | Remote Security vulnerability in Oracle and SUN Systems Product Suite 3.0/3.1/3.2 Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web. | 9.3 |
2015-10-25 | CVE-2015-6335 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Firesight System Software 5.3.1.7/5.4.0.4/6.0.0 The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Linux commands as root via unspecified vectors, aka Bug ID CSCuw12839. | 9.0 |
2015-10-21 | CVE-2015-4796 | Oracle Microsoft | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4888. | 9.0 |
2015-10-21 | CVE-2015-4794 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 9.0 |
2015-10-21 | CVE-2015-7698 | Owncloud | OS Command Injection vulnerability in Owncloud and SMB icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) connect or (3) read function in Share.php. | 9.0 |
2015-10-21 | CVE-2015-4718 | Owncloud | OS Command Injection vulnerability in Owncloud The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file. | 9.0 |
23 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-23 | CVE-2015-6984 | Apple | Improper Access Control vulnerability in Apple mac OS X libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack. | 8.8 |
2015-10-23 | CVE-2015-6983 | Apple | Multiple Security vulnerability in Apple Iphone OS and mac OS X Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors. | 8.8 |
2015-10-21 | CVE-2015-4717 | Owncloud | Resource Management Errors vulnerability in Owncloud The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names. | 7.8 |
2015-10-19 | CVE-2015-7752 | Juniper | Resource Management Errors vulnerability in Juniper Junos The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X53 before 14.1X53-D25, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D20 allows remote attackers to cause a denial of service (CPU consumption) via unspecified SSH traffic. | 7.8 |
2015-10-19 | CVE-2015-7749 | Juniper | Improper Input Validation vulnerability in Juniper Junos The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS." | 7.8 |
2015-10-23 | CVE-2015-7016 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement restrictions and gain privileges via a crafted developer-signed app. | 7.6 |
2015-10-21 | CVE-2015-4868 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 7.6 |
2015-10-23 | CVE-2015-7007 | Apple | Unspecified vulnerability in Apple mac OS X Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors. | 7.5 |
2015-10-23 | CVE-2015-7035 | Apple | Code vulnerability in Apple mac OS X Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors. | 7.5 |
2015-10-23 | CVE-2015-7030 | Apple | Code vulnerability in Apple Xcode The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. | 7.5 |
2015-10-23 | CVE-2015-7017 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-6992. | 7.5 |
2015-10-23 | CVE-2015-6992 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6975 and CVE-2015-7017. | 7.5 |
2015-10-23 | CVE-2015-6975 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6992 and CVE-2015-7017. | 7.5 |
2015-10-21 | CVE-2015-4795 | Oracle | Remote Security vulnerability in Oracle Industry Applications 1.9.1.1.2 Unspecified vulnerability in the Oracle Utilities Work and Asset Management component in Oracle Industry Applications 1.9.1.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Add-On Applications. | 7.5 |
2015-10-21 | CVE-2015-7299 | Nintex | SQL Injection vulnerability in Nintex K2 Blackpearl, K2 for Sharepoint and K2 Smartforms SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter. | 7.5 |
2015-10-21 | CVE-2015-7876 | Drupal 7 Driver FOR SQL Server AND SQL Azure Project | SQL Injection vulnerability in Drupal 7 Driver FOR SQL Server and SQL Azure Project Drupal 7 Driver FOR SQL Server and SQL Azure The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to execute arbitrary SQL commands via vectors involving a module using the db_like function. | 7.5 |
2015-10-23 | CVE-2015-7021 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to gain privileges or cause a denial of service (kernel memory corruption) via unspecified vectors. | 7.2 |
2015-10-23 | CVE-2015-5945 | Apple | Improper Input Validation vulnerability in Apple mac OS X The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters. | 7.2 |
2015-10-23 | CVE-2015-5932 | Apple | Unspecified vulnerability in Apple mac OS X The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing. | 7.2 |
2015-10-21 | CVE-2015-4873 | Oracle | Local Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 Unspecified vulnerability in the Database Scheduler component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 7.2 |
2015-10-21 | CVE-2015-4819 | Oracle Redhat Mariadb Debian Fedoraproject Canonical | Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs. | 7.2 |
2015-10-23 | CVE-2015-6994 | Apple | Resource Management Errors vulnerability in Apple Iphone OS and mac OS X The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app. | 7.1 |
2015-10-23 | CVE-2015-7004 | Apple | Improper Input Validation vulnerability in Apple Iphone OS The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app. | 7.1 |
142 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-21 | CVE-2015-4810 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 6.9 |
2015-10-19 | CVE-2015-7751 | Juniper | Permissions, Privileges, and Access Controls vulnerability in Juniper Junos Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D105, 14.1X51 before 14.1X51-D70, 14.1X53 before 14.1X53-D25, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R1, 15.1 before 15.1F2 or 15.1R1, and 15.1X49 before 15.1X49-D10 does not require a password for the root user when pam.conf is "corrupted," which allows local users to gain root privileges by modifying the file. | 6.9 |
2015-10-23 | CVE-2015-7018 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7010. | 6.8 |
2015-10-23 | CVE-2015-7015 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app that sends a spoofed configd response to a client. | 6.8 |
2015-10-23 | CVE-2015-7014 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 6.8 |
2015-10-23 | CVE-2015-7013 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and mac OS X WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | 6.8 |
2015-10-23 | CVE-2015-7012 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 6.8 |
2015-10-23 | CVE-2015-7011 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Itunes and Safari WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | 6.8 |
2015-10-23 | CVE-2015-7010 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, and CVE-2015-7018. | 6.8 |
2015-10-23 | CVE-2015-7009 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7010, and CVE-2015-7018. | 6.8 |
2015-10-23 | CVE-2015-7008 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 6.8 |
2015-10-23 | CVE-2015-7006 | Apple | Path Traversal vulnerability in Apple Iphone OS, mac OS X and Watchos Directory traversal vulnerability in the BOM (aka Bill of Materials) component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code via a crafted CPIO archive. | 6.8 |
2015-10-23 | CVE-2015-7003 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize an unspecified data structure, which allows attackers to execute arbitrary code via a crafted app. | 6.8 |
2015-10-23 | CVE-2015-7002 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 6.8 |
2015-10-23 | CVE-2015-6996 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. | 6.8 |
2015-10-23 | CVE-2015-6995 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X The Disk Images component in Apple iOS before 9.1 and OS X before 10.11.1 misparses images, which allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app. | 6.8 |
2015-10-23 | CVE-2015-6993 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 6.8 |
2015-10-23 | CVE-2015-6991 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 6.8 |
2015-10-23 | CVE-2015-6990 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6978, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 6.8 |
2015-10-23 | CVE-2015-6989 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted package that is mishandled during dispatch calls. | 6.8 |
2015-10-23 | CVE-2015-6985 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web page. | 6.8 |
2015-10-23 | CVE-2015-6978 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6977, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 6.8 |
2015-10-23 | CVE-2015-6977 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6976, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 6.8 |
2015-10-23 | CVE-2015-6976 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-6977, CVE-2015-6978, CVE-2015-6990, CVE-2015-6991, CVE-2015-6993, CVE-2015-7008, CVE-2015-7009, CVE-2015-7010, and CVE-2015-7018. | 6.8 |
2015-10-23 | CVE-2015-5944 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | 6.8 |
2015-10-23 | CVE-2015-5942 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927. | 6.8 |
2015-10-23 | CVE-2015-5940 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 6.8 |
2015-10-23 | CVE-2015-5939 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5937. | 6.8 |
2015-10-23 | CVE-2015-5938 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image. | 6.8 |
2015-10-23 | CVE-2015-5937 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5939. | 6.8 |
2015-10-23 | CVE-2015-5936 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939. | 6.8 |
2015-10-23 | CVE-2015-5935 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939. | 6.8 |
2015-10-23 | CVE-2015-5934 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5933. | 6.8 |
2015-10-23 | CVE-2015-5933 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5934. | 6.8 |
2015-10-23 | CVE-2015-5931 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Itunes and Safari WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5. | 6.8 |
2015-10-23 | CVE-2015-5930 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 6.8 |
2015-10-23 | CVE-2015-5929 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 6.8 |
2015-10-23 | CVE-2015-5928 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Itunes and Safari WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5. | 6.8 |
2015-10-23 | CVE-2015-5927 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942. | 6.8 |
2015-10-23 | CVE-2015-5926 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925. | 6.8 |
2015-10-23 | CVE-2015-5925 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, mac OS X and Watchos The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926. | 6.8 |
2015-10-23 | CVE-2015-5924 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS and mac OS X The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 6.8 |
2015-10-23 | CVE-2015-7005 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | 6.8 |
2015-10-23 | CVE-2015-6982 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | 6.8 |
2015-10-23 | CVE-2015-6981 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS WebKit, as used in Apple iOS before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1. | 6.8 |
2015-10-21 | CVE-2015-4851 | Oracle | XML External Entity Injection vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input. | 6.8 |
2015-10-21 | CVE-2015-4849 | Oracle | XML External Entity Injection vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Punch-in. | 6.8 |
2015-10-21 | CVE-2015-4837 | Oracle | Local Security vulnerability in Oracle Solaris 11.2 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Security. | 6.6 |
2015-10-21 | CVE-2015-4900 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 6.5 |
2015-10-21 | CVE-2015-4888 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4796. | 6.5 |
2015-10-25 | CVE-2015-1002 | Ininet Solutions | Unspecified vulnerability in Ininet Solutions Scada web Server IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string. | 6.4 |
2015-10-21 | CVE-2015-4886 | Oracle | XML External Entity Injection vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Reports Security. | 6.4 |
2015-10-21 | CVE-2015-4827 | Oracle | Remote Security vulnerability in Oracle Retail Applications 3.0 Unspecified vulnerability in the Oracle Retail Open Commerce Platform component in Oracle Retail Applications 3.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Framework. | 6.4 |
2015-10-21 | CVE-2015-4806 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | 6.4 |
2015-10-21 | CVE-2015-4820 | Oracle | Local Security vulnerability in Oracle Solaris 11.2 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4907. | 6.2 |
2015-10-21 | CVE-2015-4817 | Oracle | Local Security vulnerability in Oracle Solaris 11.2 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver. | 6.2 |
2015-10-21 | CVE-2015-4887 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.2 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ePerformance. | 6.0 |
2015-10-23 | CVE-2015-7023 | Apple | Code vulnerability in Apple Iphone OS and mac OS X CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors. | 5.8 |
2015-10-21 | CVE-2015-4871 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | 5.8 |
2015-10-21 | CVE-2015-4859 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.4/12.1.0.5 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Agent Next Gen. | 5.8 |
2015-10-21 | CVE-2015-7823 | Kentico | Unspecified vulnerability in Kentico CMS 8.2 Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the link parameter. | 5.8 |
2015-10-23 | CVE-2015-7020 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7019. | 5.6 |
2015-10-23 | CVE-2015-7019 | Apple | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via unspecified vectors, a different vulnerability than CVE-2015-7020. | 5.6 |
2015-10-21 | CVE-2015-4857 | Oracle | Remote Security vulnerability in Oracle Database Server 12.1.0.1/12.1.0.2 Unspecified vulnerability in the RDBMS component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
2015-10-21 | CVE-2015-4850 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.2 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management. | 5.5 |
2015-10-21 | CVE-2015-4818 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Core Technology. | 5.5 |
2015-10-25 | CVE-2015-6484 | 3S Smart Software Solutions | NULL Pointer Dereference Remote Denial of Service vulnerability in CODESYS Gateway Server 3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request. | 5.0 |
2015-10-25 | CVE-2015-6341 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Wireless LAN Controller Software 7.4.140.0/8.0.120.0 The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecified vectors, aka Bug ID CSCuw10610. | 5.0 |
2015-10-25 | CVE-2015-1003 | Ininet Solutions | Path Traversal vulnerability in Ininet Solutions Scada web Server Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. | 5.0 |
2015-10-23 | CVE-2015-7031 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Server 5.0.14/5.0.2/5.0.3 The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. | 5.0 |
2015-10-23 | CVE-2015-6999 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate. | 5.0 |
2015-10-22 | CVE-2015-4916 | Oracle | Unspecified vulnerability in Oracle Javafx, JDK and JRE Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908. | 5.0 |
2015-10-22 | CVE-2015-4911 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4893. | 5.0 |
2015-10-22 | CVE-2015-4909 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.4.0/12.1.2.0.0/12.1.3.0.0 Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect integrity via vectors related to ADF Faces. | 5.0 |
2015-10-22 | CVE-2015-4908 | Oracle | Unspecified vulnerability in Oracle Javafx, JDK and JRE Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4916. | 5.0 |
2015-10-22 | CVE-2015-4906 | Oracle | Unspecified vulnerability in Oracle Javafx, JDK and JRE Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX, a different vulnerability than CVE-2015-4908 and CVE-2015-4916. | 5.0 |
2015-10-22 | CVE-2015-4903 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI. | 5.0 |
2015-10-21 | CVE-2015-4896 | Oracle Debian | Remote Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) enabled, allows remote attackers to affect availability via unknown vectors related to Core. | 5.0 |
2015-10-21 | CVE-2015-4893 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4803 and CVE-2015-4911. | 5.0 |
2015-10-21 | CVE-2015-4884 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Single Signon. | 5.0 |
2015-10-21 | CVE-2015-4882 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA. | 5.0 |
2015-10-21 | CVE-2015-4875 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.5/12.1.0.6 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect availability via unknown vectors related to Agent Next Gen. | 5.0 |
2015-10-21 | CVE-2015-4872 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. | 5.0 |
2015-10-21 | CVE-2015-4848 | Oracle | Remote Security vulnerability in Oracle Supply Chain Products Suite Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Integration with Peoplesoft. | 5.0 |
2015-10-21 | CVE-2015-4842 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP. | 5.0 |
2015-10-21 | CVE-2015-4840 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D. | 5.0 |
2015-10-21 | CVE-2015-4803 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911. | 5.0 |
2015-10-21 | CVE-2015-4734 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. | 5.0 |
2015-10-21 | CVE-2015-1829 | Oracle | Denial of Service vulnerability in IBM HTTP Server Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener. | 5.0 |
2015-10-21 | CVE-2015-7822 | Kentico | Cross-site Scripting vulnerability in Kentico CMS 8.2 Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.aspx or the (2) CMSBodyClass cookie variable to the default URI. | 5.0 |
2015-10-19 | CVE-2015-7863 | Accelerite | 7PK - Security Features vulnerability in Accelerite Radia Client Automation The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended Notify Security features, which might allow remote attackers to bypass intended access restrictions via unspecified vectors. | 5.0 |
2015-10-19 | CVE-2015-7862 | Accelerite | Permissions, Privileges, and Access Controls vulnerability in Accelerite Radia Client Automation Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote attackers to modify an account's role assignments via unspecified vectors. | 5.0 |
2015-10-19 | CVE-2015-7750 | Juniper | Improper Input Validation vulnerability in Juniper Screenos 6.3.0 The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows remote attackers to cause a denial of service via a crafted L2TP packet. | 5.0 |
2015-10-19 | CVE-2015-7748 | Juniper | Improper Input Validation vulnerability in Juniper Junos Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of service (MPC line card crash) via a crafted uBFD packet. | 5.0 |
2015-10-21 | CVE-2015-4894 | Oracle | Remote Security vulnerability in Oracle Database Mobile/Lite Server 10.3.0.3/11.3.0.2/12.1.0.0 Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server 10.3.0.3, 11.3.0.2, and 12.1.0.0 allows remote authenticated users to affect integrity and availability via unknown vectors. | 4.9 |
2015-10-21 | CVE-2015-4869 | Oracle | Local Security vulnerability in Oracle Solaris 10/11.2 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel. | 4.9 |
2015-10-21 | CVE-2015-4856 | Oracle | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.30, 4.1.38, 4.2.30, 4.3.26, and 5.0.0 allows local users to affect availability via unknown vectors related to Core. | 4.9 |
2015-10-21 | CVE-2015-4831 | Oracle | Local Security vulnerability in Oracle Solaris 11.2 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4822. | 4.9 |
2015-10-19 | CVE-2015-7833 | Novell Redhat | Code vulnerability in multiple products The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor. | 4.9 |
2015-10-19 | CVE-2015-7799 | Linux | Local Denial of Service vulnerability in Google Android 'PPP Character Device Driver' The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call. | 4.9 |
2015-10-19 | CVE-2015-6937 | Linux Canonical Debian | Null Pointer Deference Denial of Service vulnerability in Linux Kernel The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. | 4.9 |
2015-10-19 | CVE-2015-0275 | Linux Oracle | Code vulnerability in Linux Kernel The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. | 4.9 |
2015-10-22 | CVE-2015-4907 | Oracle | Local Security vulnerability in Oracle Solaris 11.2 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4820. | 4.6 |
2015-10-21 | CVE-2015-4891 | Oracle | Local Security vulnerability in Oracle Solaris 11.2 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to NSCD. | 4.6 |
2015-10-21 | CVE-2015-4879 | Oracle Debian Canonical Mariadb Redhat Fedoraproject | Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to DML. | 4.6 |
2015-10-19 | CVE-2015-5707 | Linux Canonical Debian Suse | Integer Overflow or Wraparound vulnerability in Linux Kernel Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request. | 4.6 |
2015-10-21 | CVE-2015-2642 | Oracle | Local Security vulnerability in Oracle Solaris 10/11.2 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. | 4.4 |
2015-10-23 | CVE-2015-5943 | Apple | 7PK - Security Features vulnerability in Apple mac OS X SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app. | 4.3 |
2015-10-23 | CVE-2015-7022 | Apple | Information Exposure vulnerability in Apple Iphone OS The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app. | 4.3 |
2015-10-23 | CVE-2015-6997 | Apple | 7PK - Security Features vulnerability in Apple Iphone OS and Watchos The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | 4.3 |
2015-10-22 | CVE-2015-4912 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.2/11.1.2.3 Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via vectors related to SSO Engine. | 4.3 |
2015-10-21 | CVE-2015-4899 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 3.0.1/3.1.2 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality via unknown vectors related to Security. | 4.3 |
2015-10-21 | CVE-2015-4880 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1 Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4867. | 4.3 |
2015-10-21 | CVE-2015-4867 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1 Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a different vulnerability than CVE-2015-4880. | 4.3 |
2015-10-21 | CVE-2015-4854 | Oracle | Cross-Site Scripting vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Single Signon. | 4.3 |
2015-10-21 | CVE-2015-4847 | Oracle | Remote Security vulnerability in Oracle Supply Chain Products Suite Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OCI. | 4.3 |
2015-10-21 | CVE-2015-4845 | Oracle | User Enumeration vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Java APIs - AOL/J. | 4.3 |
2015-10-21 | CVE-2015-4841 | Oracle | Remote Security vulnerability in Oracle Siebel CRM Ip2014/Ip2015 Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM IP2014 and IP2015 allows remote attackers to affect confidentiality via unknown vectors related to Services. | 4.3 |
2015-10-21 | CVE-2015-4832 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7/11.1.2.2/11.1.2.3 Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.2, and 11.1.2.3 allows remote attackers to affect integrity via vectors related to OIM Legacy UI. | 4.3 |
2015-10-21 | CVE-2015-4799 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.6.1/11.1.1.8.0/7.6.2 Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.1, and 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Security. | 4.3 |
2015-10-21 | CVE-2015-4793 | Oracle | Remote Security vulnerability in Oracle Communications Convergence Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy. | 4.3 |
2015-10-21 | CVE-2015-4874 | Oracle | Local Security vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.4/12.1.0.5 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next Gen. | 4.1 |
2015-10-22 | CVE-2015-4905 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. | 4.0 |
2015-10-22 | CVE-2015-4904 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. | 4.0 |
2015-10-21 | CVE-2015-4898 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via vectors related to Diagnostics and DMZ. | 4.0 |
2015-10-21 | CVE-2015-4876 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.53/8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors related to Pivot Grid. | 4.0 |
2015-10-21 | CVE-2015-4870 | Oracle Opensuse Mariadb Canonical Debian Redhat Fedoraproject | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. | 4.0 |
2015-10-21 | CVE-2015-4866 | Oracle Mariadb Canonical | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | 4.0 |
2015-10-21 | CVE-2015-4862 | Oracle Redhat | Remote Security vulnerability in Oracle Mysql Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. | 4.0 |
2015-10-21 | CVE-2015-4858 | Oracle Opensuse Mariadb Canonical Debian Redhat Fedoraproject | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2015-4913. | 4.0 |
2015-10-21 | CVE-2015-4838 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.4.0/12.1.2.0.0/12.1.3.0.0 Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote authenticated users to affect confidentiality via vectors related to ADF Faces. | 4.0 |
2015-10-21 | CVE-2015-4833 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. | 4.0 |
2015-10-21 | CVE-2015-4830 | Oracle Mariadb Canonical Debian Suse Redhat Opensuse Fedoraproject | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. | 4.0 |
2015-10-21 | CVE-2015-4828 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.2 Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via vectors related to FIN Resource Management (Security). | 4.0 |
2015-10-21 | CVE-2015-4826 | Oracle Opensuse Mariadb Canonical Debian Redhat Fedoraproject | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. | 4.0 |
2015-10-21 | CVE-2015-4816 | Oracle Mariadb Canonical Debian Redhat Fedoraproject | Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | 4.0 |
2015-10-21 | CVE-2015-4815 | Oracle Opensuse Mariadb Canonical Debian Redhat Fedoraproject | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. | 4.0 |
2015-10-21 | CVE-2015-4804 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.2 Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Management component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 4.0 |
2015-10-21 | CVE-2015-4800 | Redhat Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | 4.0 |
2015-10-21 | CVE-2015-4762 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 12.2.3/12.2.4 Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Online patching. | 4.0 |
2015-10-21 | CVE-2015-4730 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types. | 4.0 |
2015-10-21 | CVE-2015-5954 | Owncloud | Unspecified vulnerability in Owncloud The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder. | 4.0 |
34 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-10-21 | CVE-2015-4834 | Oracle | Local Security vulnerability in Oracle Solaris 11.2 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Zones. | 3.7 |
2015-10-21 | CVE-2015-4846 | Oracle | SQL Injection vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality and integrity via vectors related to SQL Extensions. | 3.6 |
2015-10-21 | CVE-2015-2633 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.0.1 and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Ops Center. | 3.6 |
2015-10-22 | CVE-2015-4917 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.4 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4892. | 3.5 |
2015-10-22 | CVE-2015-4914 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Listener. | 3.5 |
2015-10-22 | CVE-2015-4913 | Oracle Opensuse Redhat Canonical Debian Fedoraproject Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML, a different vulnerability than CVE-2015-4858. | 3.5 |
2015-10-21 | CVE-2015-4895 | Oracle Mariadb Fedoraproject Debian Canonical | Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | 3.5 |
2015-10-21 | CVE-2015-4892 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.4 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4917. | 3.5 |
2015-10-21 | CVE-2015-4890 | Redhat Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Replication. | 3.5 |
2015-10-21 | CVE-2015-4864 | Oracle Canonical Redhat Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Privileges. | 3.5 |
2015-10-21 | CVE-2015-4861 | Oracle Opensuse Redhat Mariadb Debian Canonical Fedoraproject | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | 3.5 |
2015-10-21 | CVE-2015-4825 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.2 Unspecified vulnerability in the PeopleSoft Enterprise FIN Expenses component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Expense Report General. | 3.5 |
2015-10-21 | CVE-2015-4807 | Oracle Opensuse Mariadb Fedoraproject | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache. | 3.5 |
2015-10-21 | CVE-2015-4797 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.3 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security. | 3.5 |
2015-10-21 | CVE-2015-4791 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges. | 3.5 |
2015-10-21 | CVE-2015-5953 | Owncloud | Cross-site Scripting vulnerability in Owncloud Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder. | 3.5 |
2015-10-21 | CVE-2015-4812 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.9 Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module. | 2.6 |
2015-10-25 | CVE-2015-1005 | Ininet Solutions | Information Exposure vulnerability in Ininet Solutions Scada web Server IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors. | 2.1 |
2015-10-23 | CVE-2015-6987 | Apple | Improper Input Validation vulnerability in Apple mac OS X The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder. | 2.1 |
2015-10-23 | CVE-2015-7000 | Apple | Information Exposure vulnerability in Apple Iphone OS Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phone or (2) Messages notification on the lock screen soon after a setting was disabled. | 2.1 |
2015-10-22 | CVE-2015-4910 | Oracle Redhat | Remote Security vulnerability in Oracle Mysql Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. | 2.1 |
2015-10-21 | CVE-2015-4865 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 12.1.3/12.2.3/12.2.4 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to Business Objects - BC4J. | 2.1 |
2015-10-21 | CVE-2015-4824 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.4 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 2.1 |
2015-10-21 | CVE-2015-4813 | Oracle Debian | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core. | 2.1 |
2015-10-21 | CVE-2015-4801 | Oracle | Local Security vulnerability in Oracle Solaris 11.2 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones. | 2.1 |
2015-10-19 | CVE-2015-6252 | Linux | Resource Management Errors vulnerability in Linux Kernel The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation. | 2.1 |
2015-10-21 | CVE-2015-4766 | Oracle | Local Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. | 1.9 |
2015-10-21 | CVE-2015-4792 | Opensuse Redhat Oracle Mariadb Debian Fedoraproject Canonical | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802. | 1.7 |
2015-10-21 | CVE-2015-4878 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4877. | 1.5 |
2015-10-21 | CVE-2015-4877 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4878. | 1.5 |
2015-10-21 | CVE-2015-4811 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDKutside In PDF Export SDK, a different vulnerability than CVE-2015-4809. | 1.5 |
2015-10-21 | CVE-2015-4809 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDK, a different vulnerability than CVE-2015-4811. | 1.5 |
2015-10-21 | CVE-2015-4823 | Oracle | Local Security vulnerability in Oracle Hyperion 11.1.2.3 Unspecified vulnerability in the Hyperion Installation Technology component in Oracle Hyperion 11.1.2.3 allows local users to affect confidentiality via unknown vectors related to Essbase Rapid Deploy. | 1.2 |
2015-10-21 | CVE-2015-4822 | Oracle | Local Security vulnerability in Oracle Solaris 11.2 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831. | 1.2 |