CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-7445 399 DoS Exec Code 2015-10-16 2015-10-16
7.8
None Remote Low Not required None None Complete
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
2 CVE-2014-6449 399 DoS 2015-10-16 2016-12-08
5.0
None Remote Low Not required None None Partial
Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R7, 14.1 before 14.1R5, and 14.2 before 14.2R1 do not properly handle TCP packet reassembly, which allows remote attackers to cause a denial of service (buffer consumption) via a crafted sequence of packets "destined to the device."
3 CVE-2014-6450 119 DoS Overflow 2015-10-16 2016-12-08
7.8
None Remote Low Not required None None Complete
Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48 before 12.3X48-D10, 12.3X50 before 12.3X50-D42, 13.1 before 13.1R4-S3, 13.1X49 before 13.1X49-D42, 13.1X50 before 13.1X50-D30, 13.2 before 13.2R6, 13.2X51 before 13.2X51-D26, 13.2X52 before 13.2X52-D15, 13.3 before 13.3R3-S3, 14.1 before 14.1R3, 14.2 before 14.2R1, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10, when configured for IPv6, allow remote attackers to cause a denial of service (mbuf chain corruption and kernel panic) via crafted IPv6 packets.
4 CVE-2014-6451 DoS 2015-10-16 2016-12-08
7.8
None Remote Low Not required None None Complete
J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors.
5 CVE-2014-7915 189 Overflow 2015-10-01 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
6 CVE-2014-7916 189 Overflow 2015-10-01 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.
7 CVE-2014-7917 189 Overflow 2015-10-01 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.
8 CVE-2014-8242 310 2015-10-26 2020-05-19
5.8
None Remote Medium Not required None Partial Partial
librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack.
9 CVE-2014-8912 284 +Info 2015-10-28 2016-12-24
5.0
None Remote Low Not required Partial None None
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by configuration information.
10 CVE-2014-8916 79 XSS 2015-10-03 2015-10-05
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-0144.
11 CVE-2014-9750 20 DoS +Info 2015-10-06 2020-06-18
5.8
None Remote Medium Not required Partial None Partial
ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey Authentication is enabled, allows remote attackers to obtain sensitive information from process memory or cause a denial of service (daemon crash) via a packet containing an extension field with an invalid value for the length of its value field.
12 CVE-2014-9751 20 2015-10-06 2021-09-08
6.8
None Remote Medium Not required Partial Partial Partial
The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before 4.2.8p1 on Linux and OS X does not properly determine whether a source IP address is an IPv6 loopback address, which makes it easier for remote attackers to spoof restricted packets, and read or write to the runtime state, by leveraging the ability to reach the ntpd machine's network interface with a packet from the ::1 address.
13 CVE-2015-0141 284 2015-10-03 2015-10-05
4.0
None Remote Low ??? None Partial None
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request.
14 CVE-2015-0142 264 DoS 2015-10-03 2015-10-05
4.0
None Remote Low ??? None None Partial
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function.
15 CVE-2015-0143 200 +Info 2015-10-03 2015-10-05
4.0
None Remote Low ??? Partial None None
IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages.
16 CVE-2015-0144 79 XSS 2015-10-03 2015-10-05
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8916.
17 CVE-2015-0145 352 XSS CSRF 2015-10-03 2015-10-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences.
18 CVE-2015-0195 79 XSS 2015-10-03 2015-10-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in IBM Content Template Catalog 4.x before 4.1.4 for WebSphere Portal 8.0.x and 4.x before 4.3.1 for WebSphere Portal 8.5.x allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
19 CVE-2015-0275 17 DoS 2015-10-19 2019-12-27
4.9
None Local Low Not required None None Complete
The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request.
20 CVE-2015-0987 200 +Info 2015-10-06 2015-10-07
5.0
None Remote Low Not required Partial None None
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive information by sniffing the network during a PLC unlock request.
21 CVE-2015-0988 200 +Info 2015-10-06 2015-10-06
2.1
None Local Low Not required Partial None None
Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file.
22 CVE-2015-1001 119 Exec Code Overflow 2015-10-25 2015-10-27
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request.
23 CVE-2015-1002 2015-10-25 2015-10-27
6.4
None Remote Low Not required None Partial Partial
IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string.
24 CVE-2015-1003 22 Dir. Trav. 2015-10-25 2015-10-27
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname.
25 CVE-2015-1005 200 +Info 2015-10-25 2015-10-27
2.1
None Local Low Not required Partial None None
IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vectors.
26 CVE-2015-1015 200 +Info 2015-10-06 2015-10-06
2.1
None Local Low Not required Partial None None
Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it easier for local users to obtain sensitive information by reading a file.
27 CVE-2015-1047 20 DoS 2015-10-12 2018-08-12
5.0
None Remote Low Not required None None Partial
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.
28 CVE-2015-1303 20 Bypass 2015-10-12 2016-12-24
7.5
None Remote Low Not required Partial Partial Partial
bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.
29 CVE-2015-1304 284 Bypass 2015-10-12 2016-12-24
7.5
None Remote Low Not required Partial Partial Partial
object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.
30 CVE-2015-1335 59 2015-10-01 2019-05-31
7.2
None Local Low Not required Complete Complete Complete
lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source.
31 CVE-2015-1337 20 2015-10-09 2015-10-09
6.8
None Remote Medium Not required Partial Partial Partial
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.
32 CVE-2015-1338 59 DoS +Priv 2015-10-01 2015-10-02
7.2
None Local Low Not required Complete Complete Complete
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
33 CVE-2015-1528 189 DoS Overflow Mem. Corr. 2015-10-01 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before 5.1.1 LMY48M allows attackers to obtain a different application's privileges or cause a denial of service (Binder heap memory corruption) via a crafted application, aka internal bug 19334482.
34 CVE-2015-1536 189 DoS Overflow +Info 2015-10-01 2015-10-01
8.5
None Remote Low Not required Partial None Complete
Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or obtain sensitive system_server memory-content information via a crafted application that leverages improper unmarshalling of bitmaps, aka internal bug 19666945.
35 CVE-2015-1538 189 Exec Code Overflow 2015-10-01 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496.
36 CVE-2015-1539 189 Exec Code 2015-10-01 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493.
37 CVE-2015-1541 284 Bypass 2015-10-01 2015-10-01
4.3
None Remote Medium Not required Partial None None
The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745.
38 CVE-2015-1806 264 Exec Code +Priv 2015-10-16 2016-06-15
6.5
None Remote Low ??? Partial Partial Partial
The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors.
39 CVE-2015-1807 22 Dir. Trav. 2015-10-16 2016-06-15
3.5
None Remote Medium ??? Partial None None
Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts.
40 CVE-2015-1808 20 DoS 2015-10-16 2016-06-15
3.5
None Remote Medium ??? None None Partial
Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of service (improper plug-in and tool installation) via crafted update center data.
41 CVE-2015-1810 264 +Priv 2015-10-16 2016-06-15
4.6
None Remote High ??? Partial Partial Partial
The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restrict access to reserved names when using the "Jenkins' own user database" setting, which allows remote attackers to gain privileges by creating a reserved name.
42 CVE-2015-1812 79 XSS 2015-10-16 2016-06-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813.
43 CVE-2015-1813 79 XSS 2015-10-16 2016-06-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1812.
44 CVE-2015-1814 264 +Priv 2015-10-16 2016-06-15
7.5
None Remote Low Not required Partial Partial Partial
The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to gain privileges via a "forced API token change" involving anonymous users.
45 CVE-2015-1829 2015-10-21 2016-11-30
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener.
46 CVE-2015-1888 79 XSS 2015-10-03 2015-10-05
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2.0.3 before 2.0.3-ICN-FP003, as used in Content Manager, FileNet Content Manager, Content Foundation, Content Manager OnDemand, and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
47 CVE-2015-1933 200 +Info 2015-10-04 2015-10-05
2.1
None Local Low Not required Partial None None
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not have an off autocomplete attribute for the password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.
48 CVE-2015-1934 310 2015-10-04 2015-10-05
5.0
None Remote Low Not required Partial None None
IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products do not properly encrypt passwords, which makes it easier for context-dependent attackers to determine cleartext passwords by leveraging access to a password file.
49 CVE-2015-1969 79 XSS 2015-10-04 2016-12-07
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.1.1 before IF21, and TCR 3.1.x as used in Cognos Business Intelligence before 10.2 IF0015 and other products, allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
50 CVE-2015-1983 79 XSS 2015-10-04 2015-10-05
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
Total number of vulnerabilities : 726   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.