CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2015

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2015-5918 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-08
7.2
None Local Low Not required Complete Complete Complete
GasGauge in Apple watchOS before 2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5919.
352 CVE-2015-5917 119 DoS Overflow 2015-10-09 2016-12-08
5.0
None Remote Low Not required None None Partial
The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the {..,..,..}/* substring.
353 CVE-2015-5915 17 2015-10-09 2016-12-08
5.0
None Remote Low Not required None Partial None
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
354 CVE-2015-5914 17 2015-10-09 2016-12-08
4.7
None Local Medium Not required None Complete None
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498.
355 CVE-2015-5913 284 2015-10-09 2016-12-08
6.8
None Remote Medium Not required Partial Partial Partial
Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request.
356 CVE-2015-5902 DoS 2015-10-09 2016-12-08
4.9
None Local Low Not required None None Complete
The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors.
357 CVE-2015-5901 200 +Info 2015-10-09 2016-12-08
2.1
None Local Low Not required Partial None None
The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive.
358 CVE-2015-5900 254 DoS 2015-10-09 2016-12-08
7.1
None Remote Medium Not required None None Complete
The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address.
359 CVE-2015-5897 264 +Priv 2015-10-09 2016-12-08
4.6
None Local Low Not required Partial Partial Partial
The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework.
360 CVE-2015-5894 17 2015-10-09 2016-12-08
4.3
None Remote Medium Not required None Partial None
The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate.
361 CVE-2015-5893 200 +Info 2015-10-09 2016-12-08
2.1
None Local Low Not required Partial None None
SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
362 CVE-2015-5891 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-08
7.2
None Local Low Not required Complete Complete Complete
The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
363 CVE-2015-5890 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-08
7.2
None Local Low Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873.
364 CVE-2015-5889 264 2015-10-09 2016-12-24
7.2
None Local Low Not required Complete Complete Complete
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
365 CVE-2015-5888 264 2015-10-09 2016-12-08
7.2
None Local Low Not required Complete Complete Complete
The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file.
366 CVE-2015-5887 17 2015-10-09 2016-12-08
10.0
None Remote Low Not required Complete Complete Complete
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
367 CVE-2015-5884 200 +Info 2015-10-09 2016-12-08
3.3
None Local Network Low Not required Partial None None
The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment.
368 CVE-2015-5883 20 2015-10-09 2016-12-08
5.0
None Remote Low Not required None Partial None
The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence.
369 CVE-2015-5878 200 +Info 2015-10-09 2016-12-09
2.1
None Local Low Not required Partial None None
Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors.
370 CVE-2015-5877 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5830.
371 CVE-2015-5875 79 XSS 2015-10-09 2016-12-09
2.1
None Local Low Not required None Partial None
Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text.
372 CVE-2015-5873 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5890.
373 CVE-2015-5872 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5873, and CVE-2015-5890.
374 CVE-2015-5871 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5872, CVE-2015-5873, and CVE-2015-5890.
375 CVE-2015-5870 200 +Info 2015-10-09 2016-12-09
2.1
None Local Low Not required Partial None None
The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors.
376 CVE-2015-5866 119 DoS Exec Code Overflow Mem. Corr. 2015-10-09 2016-12-09
9.3
None Remote Medium Not required Complete Complete Complete
IOHIDFamily in Apple OS X before 10.11 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
377 CVE-2015-5865 200 +Info 2015-10-09 2016-12-09
4.3
None Remote Medium Not required Partial None None
IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app.
378 CVE-2015-5864 200 +Info 2015-10-09 2016-12-09
2.1
None Local Low Not required Partial None None
IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors.
379 CVE-2015-5854 200 +Info 2015-10-09 2016-12-09
2.1
None Local Low Not required Partial None None
The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors.
380 CVE-2015-5853 200 +Info 2015-10-09 2016-12-09
3.3
None Local Network Low Not required Partial None None
AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers to obtain eSCL packet payload data via unspecified vectors.
381 CVE-2015-5849 264 Bypass 2015-10-09 2016-12-09
6.8
None Remote Medium Not required Partial Partial Partial
The filtering implementation in AppleEvents in Apple OS X before 10.11 mishandles attempts to send events to a different user, which allows attackers to bypass intended access restrictions by leveraging a screen-sharing connection.
382 CVE-2015-5836 200 +Info 2015-10-09 2016-12-09
4.3
None Remote Medium Not required Partial None None
Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app.
383 CVE-2015-5833 254 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
The Login Window component in Apple OS X before 10.11 does not ensure that the screen is locked at the intended time, which allows physically proximate attackers to obtain access by visiting an unattended workstation.
384 CVE-2015-5830 119 DoS Overflow +Priv Mem. Corr. 2015-10-09 2016-12-09
7.2
None Local Low Not required Complete Complete Complete
The Intel Graphics Driver component in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5877.
385 CVE-2015-5828 20 Bypass 2015-10-09 2018-10-30
4.3
None Remote Medium Not required None Partial None
The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass intended request restrictions via a crafted web site.
386 CVE-2015-5780 20 2015-10-09 2016-12-09
10.0
None Remote Low Not required Complete Complete Complete
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.
387 CVE-2015-5742 200 +Info 2015-10-16 2018-10-09
2.1
None Local Low Not required Partial None None
VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive information by reading the files.
388 CVE-2015-5713 200 +Info 2015-10-28 2016-12-07
5.0
None Remote Low Not required Partial None None
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote attackers to obtain sensitive log information by visiting an unspecified URL.
389 CVE-2015-5712 200 +Info 2015-10-28 2016-12-07
4.0
None Remote Low ??? Partial None None
Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform before 7.0.2 for AWS Marketplace allow remote authenticated users to obtain sensitive system information by visiting an unspecified URL.
390 CVE-2015-5707 190 DoS Overflow 2015-10-19 2020-06-02
4.6
None Local Low Not required Partial Partial Partial
Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.
391 CVE-2015-5687 94 Exec Code 2015-10-05 2015-10-06
7.5
None Remote Low Not required Partial Partial Partial
system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie.
392 CVE-2015-5671 264 Bypass 2015-10-29 2015-10-30
5.0
None Remote Low Not required Partial None None
Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors.
393 CVE-2015-5670 79 XSS 2015-10-29 2015-10-30
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
394 CVE-2015-5669 Exec Code 2015-10-29 2015-10-30
6.5
None Remote Low ??? Partial Partial Partial
Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors.
395 CVE-2015-5668 89 Exec Code Sql 2015-10-29 2015-10-30
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
396 CVE-2015-5667 79 XSS 2015-10-31 2016-12-07
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a crafted comment.
397 CVE-2015-5665 352 CSRF 2015-10-27 2015-10-28
5.1
None Remote High Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts, related to the doValidToken function.
398 CVE-2015-5662 22 Dir. Trav. 2015-10-18 2016-12-08
6.4
None Remote Low Not required None Partial Partial
Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive.
399 CVE-2015-5661 200 +Info 2015-10-18 2015-10-20
4.3
None Remote Medium Not required Partial None None
The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mishandles implicit intents, which allows attackers to obtain sensitive information via a crafted application.
400 CVE-2015-5660 352 Exec Code CSRF 2015-10-16 2015-10-16
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.
Total number of vulnerabilities : 726   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.