CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2015-4819 2015-10-21 2019-12-27
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client programs.
552 CVE-2015-4818 2015-10-21 2016-12-24
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Core Technology.
553 CVE-2015-4817 2015-10-21 2016-12-24
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver.
554 CVE-2015-4816 2015-10-21 2019-12-27
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB.
555 CVE-2015-4815 2015-10-21 2019-12-27
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL.
556 CVE-2015-4813 2015-10-21 2019-02-11
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users to affect availability via unknown vectors related to Core.
557 CVE-2015-4812 2015-10-21 2016-12-24
2.6
None Remote High Not required Partial None None
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module.
558 CVE-2015-4811 2015-10-21 2016-12-07
1.5
None Local Medium ??? None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDKutside In PDF Export SDK, a different vulnerability than CVE-2015-4809.
559 CVE-2015-4810 2015-10-21 2020-09-08
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
560 CVE-2015-4809 2015-10-21 2016-12-07
1.5
None Local Medium ??? None None Partial
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In PDF Export SDK, a different vulnerability than CVE-2015-4811.
561 CVE-2015-4807 2015-10-21 2019-02-11
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.
562 CVE-2015-4806 2015-10-21 2020-09-08
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.
563 CVE-2015-4805 2015-10-21 2020-09-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
564 CVE-2015-4804 2015-10-21 2016-12-24
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Management component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.
565 CVE-2015-4803 2015-10-21 2020-09-08
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2015-4893 and CVE-2015-4911.
566 CVE-2015-4802 2015-10-21 2019-12-27
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4792.
567 CVE-2015-4801 2015-10-21 2016-12-24
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones.
568 CVE-2015-4800 2015-10-21 2016-12-24
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.
569 CVE-2015-4799 2015-10-21 2016-12-07
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.1, and 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Security.
570 CVE-2015-4798 2015-10-21 2016-12-24
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4839.
571 CVE-2015-4797 2015-10-21 2016-12-24
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security.
572 CVE-2015-4796 2015-10-21 2016-12-24
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4888.
573 CVE-2015-4795 2015-10-21 2016-12-24
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the Oracle Utilities Work and Asset Management component in Oracle Industry Applications 1.9.1.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Add-On Applications.
574 CVE-2015-4794 2015-10-21 2016-12-24
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
575 CVE-2015-4793 2015-10-21 2016-12-24
4.3
None Remote Medium Not required Partial None None
Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors related to Mail Proxy.
576 CVE-2015-4792 2015-10-21 2019-12-27
1.7
None Remote High ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.
577 CVE-2015-4791 2015-10-21 2016-12-24
3.5
None Remote Medium ??? None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Privileges.
578 CVE-2015-4766 2015-10-21 2016-12-24
1.9
None Local Medium Not required None None Partial
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall.
579 CVE-2015-4762 2015-10-21 2016-12-24
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Online patching.
580 CVE-2015-4734 2015-10-21 2020-09-08
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS.
581 CVE-2015-4730 2015-10-21 2016-12-24
4.0
None Remote Low ??? None None Partial
Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types.
582 CVE-2015-4718 78 Exec Code 2015-10-21 2015-10-22
9.0
None Remote Low ??? Complete Complete Complete
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.
583 CVE-2015-4717 399 DoS 2015-10-21 2015-10-22
7.8
None Remote Low Not required None None Complete
The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names.
584 CVE-2015-4716 22 Exec Code Dir. Trav. 2015-10-21 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.
585 CVE-2015-4625 189 Overflow +Priv 2015-10-26 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers the issuance of a duplicate cookie value.
586 CVE-2015-4548 264 2015-10-12 2021-08-06
7.2
None Local Low Not required Complete Complete Complete
EMC RSA Web Threat Detection before 5.1 SP1 allows local users to obtain root privileges by leveraging access to a service account and writing commands to a service configuration file.
587 CVE-2015-4547 200 +Info 2015-10-12 2021-08-06
4.0
None Remote Low ??? Partial None None
EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file.
588 CVE-2015-4546 22 Dir. Trav. 2015-10-02 2016-12-08
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote attackers to read arbitrary files via a crafted KCSOSC_ERROR_PAGE parameter.
589 CVE-2015-4456 Bypass +Info 2015-10-26 2016-12-24
2.6
None Remote High Not required Partial None None
ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate distrust decision and obtain sensitive information by leveraging a self-signed certificate and a connection to a server using its own self-signed certificate.
590 CVE-2015-4325 264 +Priv 2015-10-12 2017-01-04
6.9
None Local Medium Not required Complete Complete Complete
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272.
591 CVE-2015-4265 399 DoS 2015-10-12 2016-12-08
4.9
None Local Low Not required None None Complete
Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241.
592 CVE-2015-3996 254 2015-10-27 2015-10-28
4.3
None Remote Medium Not required None Partial None
The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a server hostname against the domain name in the subject's Common Name (CN) of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
593 CVE-2015-3973 254 2015-10-28 2015-10-28
5.0
None Remote Low Not required Partial None None
Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token values.
594 CVE-2015-3972 254 2015-10-28 2015-10-28
10.0
None Remote Low Not required Complete Complete Complete
The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices supports only short PIN values for authentication, which makes it easier for remote attackers to obtain access via a brute-force attack.
595 CVE-2015-3971 284 Exec Code 2015-10-28 2015-10-28
7.5
None Remote Low Not required Partial Partial Partial
The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a session on TCP port 1239.
596 CVE-2015-3970 79 XSS 2015-10-28 2015-10-28
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
597 CVE-2015-3969 200 +Info 2015-10-28 2015-10-28
5.0
None Remote Low Not required Partial None None
Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235.
598 CVE-2015-3968 255 2015-10-28 2015-10-28
7.5
None Remote Low Not required Partial Partial Partial
The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21.
599 CVE-2015-3967 352 CSRF 2015-10-28 2015-10-28
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users.
600 CVE-2015-3938 399 DoS 2015-10-06 2015-10-06
7.8
None Remote Low Not required None None Complete
The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter.
Total number of vulnerabilities : 726   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.