The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2015-5587 | Stack-based buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors. | High | Sep 22, 2015 |
| CVE-2015-5588 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-6677. | High | Sep 22, 2015 |
| CVE-2015-5895 | Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. | High | Sep 22, 2015 |
| CVE-2015-5898 | CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | Low | Sep 22, 2015 |
| CVE-2015-5909 | IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunistic circumstances by leveraging incorrect notification delivery. | Medium | Sep 22, 2015 |
| CVE-2015-5910 | IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server traffic is encrypted, which allows remote attackers to obtain sensitive information by sniffing the network. | Low | Sep 22, 2015 |
| CVE-2015-5911 | Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document. | High | Sep 22, 2015 |
| CVE-2015-5920 | The Software Update component in Apple iTunes before 12.3 does not properly handle redirection, which allows man-in-the-middle attackers to discover encrypted SMB credentials via unspecified vectors.<a href=http://cwe.mitre.org/data/definitions/601.html>CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a> | Medium | Sep 22, 2015 |
| CVE-2015-6676 | Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6678. | High | Sep 22, 2015 |
| CVE-2015-6677 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5582, and CVE-2015-5588. | High | Sep 22, 2015 |
| CVE-2015-6678 | Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-6676. | High | Sep 22, 2015 |
| CVE-2015-6679 | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors. | Medium | Sep 22, 2015 |
| CVE-2015-6682 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5581, and CVE-2015-5584.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | High | Sep 22, 2015 |
| CVE-2015-6938 | Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. NOTE: this was originally reported as a cross-site request forgery (CSRF) vulnerability, but this may be inaccurate. | Medium | Sep 22, 2015 |
| CVE-2015-7237 | Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | Medium | Sep 22, 2015 |
| CVE-2015-7238 | The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information by reading the files. | Low | Sep 22, 2015 |
| CVE-2015-7303 | Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | High | Sep 22, 2015 |
| CVE-2015-7304 | Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data. | Low | Sep 22, 2015 |
| CVE-2015-7305 | The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a debug context. | Medium | Sep 22, 2015 |
| CVE-2015-7306 | The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the access administration pages permission. | Medium | Sep 22, 2015 |
| CVE-2015-7307 | Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration page. | Medium | Sep 22, 2015 |
| CVE-2014-8611 | The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted application. | Medium | Sep 21, 2015 |
| CVE-2015-1319 | The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proximate attackers to mount removable media while the screen is locked as demonstrated by inserting a USB thumb drive. | Low | Sep 21, 2015 |
| CVE-2015-2915 | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote attackers to obtain web-management access by leveraging the ability to authenticate from the intranet. | High | Sep 21, 2015 |
| CVE-2015-2916 | Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers to hijack the authentication of arbitrary users. | Medium | Sep 21, 2015 |
| CVE-2015-2917 | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M unintentionally omit the X-Frame-Options HTTP header, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site that contains a (1) FRAME, (2) IFRAME, or (3) OBJECT element. | Medium | Sep 21, 2015 |
| CVE-2015-3801 | The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vectors. | Medium | Sep 21, 2015 |
| CVE-2015-4040 | Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors. | Medium | Sep 21, 2015 |
| CVE-2015-4304 | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended access restrictions, and create administrative accounts or read data from arbitrary tenant domains, via a crafted URL, aka Bug IDs CSCus62671 and CSCus62652. | High | Sep 21, 2015 |
| CVE-2015-4305 | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP communities for arbitrary tenant domains, via a crafted URL, aka Bug ID CSCus62656. | Medium | Sep 21, 2015 |
| CVE-2015-4306 | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of arbitrary tenant domains, by discovering a session identifier and constructing a crafted URL, aka Bug IDs CSCus88343 and CSCus88334. | High | Sep 21, 2015 |
| CVE-2015-4307 | The web framework in Cisco Prime Collaboration Provisioning before 11.0 allows remote authenticated users to bypass intended access restrictions and create administrative accounts via a crafted URL, aka Bug ID CSCut64111. | High | Sep 21, 2015 |
| CVE-2015-5538 | Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow remote attackers to gain privileges via unknown vectors, related to the (1) Command Line Interface (CLI) and the (2) Web User Interface (UI). | High | Sep 21, 2015 |
| CVE-2015-5690 | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary commands by leveraging a redirect. | High | Sep 21, 2015 |
| CVE-2015-5691 | Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php. | Medium | Sep 21, 2015 |
| CVE-2015-5692 | admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading a file with a safe extension and content type, and then leveraging an improper Sudo configuration to make this a setuid-root file. | High | Sep 21, 2015 |
| CVE-2015-5693 | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to traffic capture. | High | Sep 21, 2015 |
| CVE-2015-5991 | Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to hijack the authentication of administrators for requests that perform setup operations, as demonstrated by modifying network settings. | Medium | Sep 21, 2015 |
| CVE-2015-5992 | Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter. | Medium | Sep 21, 2015 |
| CVE-2015-5993 | Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to cause a denial of service (device outage) via a long ipaddr parameter. | High | Sep 21, 2015 |
| CVE-2015-6294 | Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow remote attackers to cause a denial of service (functionality loss) via crafted Cisco Discovery Protocol (CDP) packets, aka Bug ID CSCuu25770. | Medium | Sep 21, 2015 |
| CVE-2015-6295 | Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic forwarding via a Layer 2 packet with a reserved VLAN number, aka Bug ID CSCuw13560. | Medium | Sep 21, 2015 |
| CVE-2015-6296 | Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has a default account, which allows local users to obtain root access by leveraging knowledge of the credentials, aka Bug ID CSCuw21825. | High | Sep 21, 2015 |
| CVE-2015-6297 | The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. | Medium | Sep 21, 2015 |
| CVE-2015-6300 | Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, aka Bug ID CSCuw24694. | Medium | Sep 21, 2015 |
| CVE-2015-6301 | The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171. | Medium | Sep 21, 2015 |
| CVE-2015-6547 | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified vectors. | High | Sep 21, 2015 |
| CVE-2015-6548 | Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | Medium | Sep 21, 2015 |
| CVE-2015-6672 | Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Sep 21, 2015 |
| CVE-2015-7227 | The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal does not properly check permissions to edit Fieldable Panels Panes entities, which allows remote authenticated users to edit panes by leveraging permissions to edit panels. | Low | Sep 21, 2015 |
