The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2015-8110 | Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) Click here to learn more or (2) View privacy policy within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a local privilege escalation vulnerability. | HIGH | Apr 24, 2017 | n/a |
| CVE-2015-8109 | Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a temporary administrator account vulnerability. | MEDIUM | Apr 24, 2017 | n/a |
| CVE-2015-8107 | Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. | Medium | Apr 19, 2017 | n/a |
| CVE-2015-8094 | Open redirect vulnerability in Cloudera HUE before 3.10.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the next parameter. | MEDIUM | May 22, 2018 | n/a |
| CVE-2015-8089 | The GPU driver in Huawei P7 phones with software P7-L00 before P7-L00C17B851, P7-L05 before P7-L05C00B851, and P7-L09 before P7-L09C92B851 allows local users to read or write to arbitrary kernel memory locations and consequently cause a denial of service (system crash) or gain privileges via a crafted application. | MEDIUM | May 23, 2017 | n/a |
| CVE-2015-8086 | Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 makes it easier for remote authenticated administrators to obtain encryption keys and ciphertext passwords via vectors related to key storage. | Medium | Oct 4, 2016 | n/a |
| CVE-2015-8085 | Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S5300 routers with software before V200R007C00; and S5700 routers with software before V200R007C00SPC500 make it easier for remote authenticated administrators to obtain and decrypt passwords by leveraging selection of a reversible encryption algorithm. | Medium | Oct 4, 2016 | n/a |
| CVE-2015-8079 | qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db. | MEDIUM | Sep 7, 2017 | n/a |
| CVE-2015-8034 | The state.sls function in Salt before 2015.8.3 uses weak permissions on the cache data, which allows local users to obtain sensitive information by reading the file. | Low | Feb 7, 2017 | n/a |
| CVE-2015-8033 | In Textpattern 4.5.7, the password-reset feature does not securely tether a hash to a user account. | MEDIUM | Aug 14, 2020 | n/a |
| CVE-2015-8032 | In Textpattern 4.5.7, an unprivileged author can change an article\'s markup setting. | MEDIUM | Aug 14, 2020 | n/a |
| CVE-2015-8026 | Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitrary code via a crafted filesystem. | MEDIUM | Mar 27, 2017 | n/a |
| CVE-2015-8020 | Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default privileged account which under certain conditions can be used for unauthorized information disclosure. | Medium | Jan 12, 2017 | n/a |
| CVE-2015-8013 | s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of passphrase for crafted PGP keys which allows remote attackers to bypass authentication if message decryption is used as an authentication mechanism via a crafted symmetrically encrypted PGP message. | MEDIUM | Jul 25, 2017 | n/a |
| CVE-2015-8012 | lldpd before 0.8.0 allows remote attackers to cause a denial of service (assertion failure and daemon crash) via a malformed packet. | MEDIUM | Jan 31, 2020 | n/a |
| CVE-2015-8011 | Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via vectors involving large management addresses and TLV boundaries. | MEDIUM | Jan 31, 2020 | n/a |
| CVE-2015-8010 | Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi. | MEDIUM | Mar 27, 2017 | n/a |
| CVE-2015-8009 | The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the authorization signature, which allows remote registered Consumers to use another Consumer's credentials by leveraging knowledge of the credentials. | MEDIUM | Jul 25, 2017 | n/a |
| CVE-2015-8008 | The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API request with an existing token. | -- | Dec 29, 2017 | n/a |
| CVE-2015-7980 | Cross-site scripting (XSS) vulnerability in the Compass Rose module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to embedding a JavaScript library from an external source that was not reliable. | MEDIUM | Oct 2, 2017 | n/a |
| CVE-2015-7979 | It was found that when NTP is configured in broadcast mode, an off-path attacker could broadcast packets with bad authentication (wrong key, mismatched key, incorrect MAC, etc) to all clients. The clients, upon receiving the malformed packets, would break the association with the broadcast server. This could cause the time on affected clients to become out of sync over a longer period of time. | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7978 | A stack-based buffer overflow was found in the way ntpd processed \'ntpdc reslist\' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash the ntpd process. | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7977 | A NULL pointer dereference flaw was found in the way ntpd processed \'ntpdc reslist\' commands that queried restriction lists with a large amount of entries. A remote attacker could use this flaw to crash the ntpd process. | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7976 | The ntpq saveconfig command does not do adequate filtering of special characters from the supplied filename. Note: the ability to use the saveconfig command is controlled by the \'restrict nomodify\' directive, and the recommended default configuration is to disable this capability. If the ability to execute a \'saveconfig\' is required, it can easily (and should) be limited and restricted to a known small number of IP addresses. | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7975 | It was found that ntpq did not implement a proper lenght check when calling nextvar(), which executes a memcpy(), on the name buffer. | LOW | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7974 | NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via an arbitrary trusted key, aka a skeleton key. | LOW | Jan 26, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7973 | It was found that when NTP is configured in broadcast mode, a man-in-the-middle attacker or a malicious client could replay packets received from the broadcast server to all (other) clients. This could cause the time on affected clients to become out of sync over a longer period of time. | MEDIUM | Jan 27, 2016 | ntp-1.2.0.2 (VxWorks 7) |
| CVE-2015-7968 | nwbc_ext2int in SAP NetWeaver Application Server before Security Note 2183189 allows XXE attacks for local file inclusion via the sap/bc/ui2/nwbc/nwbc_ext2int/ URI. | MEDIUM | Mar 10, 2020 | n/a |
| CVE-2015-7967 | SafeNet Authentication Service for Citrix Web Interface Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | MEDIUM | Mar 2, 2018 | n/a |
| CVE-2015-7966 | SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7965. | MEDIUM | Mar 2, 2018 | n/a |
| CVE-2015-7965 | SafeNet Authentication Service Windows Logon Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module, a different vulnerability than CVE-2015-7966. | MEDIUM | Mar 2, 2018 | n/a |
| CVE-2015-7964 | SafeNet Authentication Service for NPS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | MEDIUM | Mar 2, 2018 | n/a |
| CVE-2015-7963 | SafeNet Authentication Service for AD FS Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | MEDIUM | Mar 2, 2018 | n/a |
| CVE-2015-7962 | SafeNet Authentication Service for Outlook Web App Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | MEDIUM | Mar 2, 2018 | n/a |
| CVE-2015-7961 | SafeNet Authentication Service Remote Web Workplace Agent uses a weak ACL for unspecified installation directories and executable modules, which allows local users to gain privileges by modifying an executable module. | MEDIUM | Mar 2, 2018 | n/a |
| CVE-2015-7946 | Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency dialer. Fixed in 8.11+16.04.20160111.1-0ubuntu1 and 8.11+15.04.20160122-0ubuntu1. | LOW | May 8, 2020 | n/a |
| CVE-2015-7945 | The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results. | MEDIUM | Aug 18, 2017 | n/a |
| CVE-2015-7944 | The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation. | MEDIUM | Aug 18, 2017 | n/a |
| CVE-2015-7943 | Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.41, the jQuery Update module 7.x-2.x before 7.x-2.7 for Drupal, and the LABjs module 7.x-1.x before 7.x-1.8 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3233. | MEDIUM | Oct 19, 2017 | n/a |
| CVE-2015-7898 | Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | LOW | Jun 27, 2017 | n/a |
| CVE-2015-7896 | LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. | MEDIUM | Aug 24, 2017 | n/a |
| CVE-2015-7895 | Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | LOW | Jun 27, 2017 | n/a |
| CVE-2015-7894 | The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG. | MEDIUM | Aug 9, 2017 | n/a |
| CVE-2015-7893 | SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. | Medium | Apr 17, 2017 | n/a |
| CVE-2015-7892 | Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call. | MEDIUM | Dec 10, 2019 | n/a |
| CVE-2015-7891 | Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. | Medium | Aug 4, 2017 | n/a |
| CVE-2015-7890 | Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter. | MEDIUM | Feb 12, 2020 | n/a |
| CVE-2015-7889 | The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. | -- | Dec 27, 2017 | n/a |
| CVE-2015-7888 | Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. | HIGH | Jun 7, 2017 | n/a |
| CVE-2015-7887 | NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. | MEDIUM | Aug 7, 2017 | n/a |
