CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2015-6252 399 DoS 2015-10-19 2017-11-04
2.1
None Local Low Not required None None Partial
The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.
302 CVE-2015-6059 200 +Info 2015-10-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."
303 CVE-2015-6058 79 XSS Bypass 2015-10-14 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass."
304 CVE-2015-6057 200 +Info 2015-10-14 2018-10-12
5.0
None Remote Low Not required Partial None None
Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability."
305 CVE-2015-6056 119 DoS Exec Code Overflow Mem. Corr. 2015-10-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The (1) JScript and (2) VBScript engines in Microsoft Internet Explorer 9 through 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
306 CVE-2015-6055 119 DoS Exec Code Overflow Mem. Corr. 2015-10-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Filter arguments, aka "Scripting Engine Memory Corruption Vulnerability."
307 CVE-2015-6053 200 +Info 2015-10-14 2018-10-12
5.0
None Remote Low Not required Partial None None
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via crafted parameters in an ArrayBuffer.slice call, aka "Internet Explorer Information Disclosure Vulnerability."
308 CVE-2015-6052 200 Bypass +Info 2015-10-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."
309 CVE-2015-6051 264 +Priv 2015-10-14 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability."
310 CVE-2015-6050 119 DoS Exec Code Overflow Mem. Corr. 2015-10-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
311 CVE-2015-6049 119 DoS Exec Code Overflow Mem. Corr. 2015-10-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6048.
312 CVE-2015-6048 119 DoS Exec Code Overflow Mem. Corr. 2015-10-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6049.
313 CVE-2015-6047 264 +Priv Bypass 2015-10-14 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
The broker EditWith feature in Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the AppContainer protection mechanism and gain privileges via a DelegateExecute launch of an arbitrary application, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability."
314 CVE-2015-6046 200 +Info 2015-10-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
315 CVE-2015-6044 264 +Priv 2015-10-14 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer 8 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability."
316 CVE-2015-6042 DoS Exec Code Mem. Corr. 2015-10-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the CWindow object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
317 CVE-2015-6039 79 XSS Bypass 2015-10-14 2018-10-12
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security Feature Bypass Vulnerability."
318 CVE-2015-6037 79 XSS 2015-10-14 2018-10-12
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in Microsoft Excel Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, Excel Web App 2010 SP2, Office Web Apps Server 2013 SP1, and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, aka "Microsoft Office Web Apps XSS Spoofing Vulnerability."
319 CVE-2015-6034 264 +Priv 2015-10-28 2015-10-29
6.9
None Local Medium Not required Complete Complete Complete
EPSON Network Utility 4.10 uses weak permissions (Everyone: Full Control) for eEBSVC.exe, which allows local users to gain privileges via a Trojan horse file.
320 CVE-2015-6033 310 Bypass 2015-10-31 2015-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital signatures of software updates, which allows man-in-the-middle attackers to bypass intended access restrictions via a modified update.
321 CVE-2015-6032 255 2015-10-31 2015-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic keys, which allows remote attackers to create digital signatures for code by leveraging knowledge of a key from a different installation.
322 CVE-2015-6006 119 DoS Exec Code Overflow 2015-10-29 2015-10-30
7.5
None Remote Low Not required Partial Partial Partial
The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation and heap-based buffer overflow) via a crafted packet on port 8190.
323 CVE-2015-6003 22 Dir. Trav. 2015-10-16 2016-12-08
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.
324 CVE-2015-5955 522 +Info 2015-10-29 2021-09-10
5.0
None Remote Low Not required Partial None None
ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by reading authentication headers.
325 CVE-2015-5954 Bypass 2015-10-21 2015-10-22
4.0
None Remote Low ??? Partial None None
The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users to bypass intended access restrictions and gain access to users files via a sharing link to a file with a deleted parent folder.
326 CVE-2015-5953 79 XSS 2015-10-21 2017-11-04
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the activity application in ownCloud Server before 7.0.5 and 8.0.x before 8.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a " (double quote) character in a filename in a shared folder.
327 CVE-2015-5945 264 +Priv 2015-10-23 2015-10-27
7.2
None Local Low Not required Complete Complete Complete
The Sandbox subsystem in Apple OS X before 10.11.1 allows local users to gain privileges via vectors involving NVRAM parameters.
328 CVE-2015-5944 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2015-10-27
6.8
None Remote Medium Not required Partial Partial Partial
CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file.
329 CVE-2015-5943 254 Bypass 2015-10-23 2015-10-27
4.3
None Remote Medium Not required None Partial None
SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app.
330 CVE-2015-5942 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5927.
331 CVE-2015-5940 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
The Accelerate Framework component in Apple iOS before 9.1 and OS X before 10.11.1, when multi-threading is enabled, omits certain validation and locking steps, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
332 CVE-2015-5939 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5937.
333 CVE-2015-5938 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2015-10-27
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image.
334 CVE-2015-5937 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5936, and CVE-2015-5939.
335 CVE-2015-5936 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5935, CVE-2015-5937, and CVE-2015-5939.
336 CVE-2015-5935 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted metadata in an image, a different vulnerability than CVE-2015-5936, CVE-2015-5937, and CVE-2015-5939.
337 CVE-2015-5934 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2015-10-27
6.8
None Remote Medium Not required Partial Partial Partial
Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5933.
338 CVE-2015-5933 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2015-10-27
6.8
None Remote Medium Not required Partial Partial Partial
Audio in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, a different vulnerability than CVE-2015-5934.
339 CVE-2015-5932 +Priv 2015-10-23 2015-10-26
7.2
None Local Low Not required Complete Complete Complete
The kernel in Apple OS X before 10.11.1 allows local users to gain privileges by leveraging an unspecified "type confusion" during Mach task processing.
340 CVE-2015-5931 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-3 and APPLE-SA-2015-10-21-5.
341 CVE-2015-5930 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
342 CVE-2015-5929 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
343 CVE-2015-5928 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-10-21-1, APPLE-SA-2015-10-21-3, and APPLE-SA-2015-10-21-5.
344 CVE-2015-5927 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerability than CVE-2015-5942.
345 CVE-2015-5926 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5925.
346 CVE-2015-5925 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
The CoreGraphics component in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2015-5926.
347 CVE-2015-5924 119 DoS Exec Code Overflow Mem. Corr. 2015-10-23 2016-12-24
6.8
None Remote Medium Not required Partial Partial Partial
The OpenGL implementation in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
348 CVE-2015-5923 200 +Info 2015-10-09 2016-12-08
2.1
None Local Low Not required Partial None None
Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors.
349 CVE-2015-5922 2015-10-09 2019-04-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors.
350 CVE-2015-5919 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-08
7.2
None Local Low Not required Complete Complete Complete
GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5918.
Total number of vulnerabilities : 726   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.