| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
51 |
CVE-2015-6269 |
399 |
|
DoS |
2015-08-31 |
2017-09-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted (1) IPv4 or (2) IPv6 packet, aka Bug ID CSCsw69990. |
|
52 |
CVE-2015-6268 |
399 |
|
DoS |
2015-08-29 |
2017-09-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted IPv4 UDP packet, aka Bug ID CSCsw95482. |
|
53 |
CVE-2015-6267 |
399 |
|
DoS |
2015-08-29 |
2017-09-20 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted L2TP packet, aka Bug IDs CSCsw95722 and CSCsw95496. |
|
54 |
CVE-2015-6266 |
287 |
|
+Info |
2015-08-28 |
2017-09-20 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from customized documents via a direct request, aka Bug ID CSCuo78045. |
|
55 |
CVE-2015-6265 |
264 |
|
Bypass |
2015-08-27 |
2017-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command with a crafted file as this command's input, aka Bug ID CSCur23662. |
|
56 |
CVE-2015-6262 |
352 |
|
CSRF |
2015-08-25 |
2019-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 and CSCum49059. |
|
57 |
CVE-2015-6261 |
200 |
|
Bypass +Info |
2015-08-26 |
2017-01-04 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile and Remote Access (MRA) role and establishing a TFTP session, aka Bug ID CSCuv78531. |
|
58 |
CVE-2015-6258 |
20 |
|
|
2015-08-22 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted IPv6 packets, aka Bug ID CSCuv40033. |
|
59 |
CVE-2015-6256 |
20 |
|
DoS |
2015-08-22 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv62820. |
|
60 |
CVE-2015-6255 |
79 |
|
XSS |
2015-08-19 |
2017-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug ID CSCuo89051. |
|
61 |
CVE-2015-6254 |
17 |
|
|
2015-08-17 |
2015-08-19 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in PicketLink before 2.7.0 does not ensure that the Destination attribute in a Response element in a SAML assertion matches the location from which the message was received, which allows remote attackers to have unspecified impact via unknown vectors. NOTE: this identifier was SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability types. |
|
62 |
CVE-2015-6251 |
|
|
DoS |
2015-08-24 |
2016-12-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. |
|
63 |
CVE-2015-6249 |
20 |
|
DoS |
2015-08-24 |
2016-12-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. |
|
64 |
CVE-2015-6248 |
20 |
|
DoS |
2015-08-24 |
2019-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. |
|
65 |
CVE-2015-6247 |
20 |
|
DoS |
2015-08-24 |
2016-12-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. |
|
66 |
CVE-2015-6246 |
20 |
|
DoS |
2015-08-24 |
2019-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. |
|
67 |
CVE-2015-6245 |
20 |
|
DoS |
2015-08-24 |
2019-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. |
|
68 |
CVE-2015-6244 |
20 |
|
DoS |
2015-08-24 |
2019-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. |
|
69 |
CVE-2015-6243 |
20 |
|
DoS |
2015-08-24 |
2019-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. |
|
70 |
CVE-2015-6242 |
20 |
|
DoS |
2015-08-24 |
2016-12-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. |
|
71 |
CVE-2015-6241 |
20 |
|
DoS |
2015-08-24 |
2016-12-24 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. |
|
72 |
CVE-2015-5965 |
20 |
|
|
2015-08-11 |
2016-12-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field. |
|
73 |
CVE-2015-5964 |
399 |
|
DoS |
2015-08-24 |
2016-12-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors. |
|
74 |
CVE-2015-5963 |
399 |
|
DoS |
2015-08-24 |
2017-10-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record. |
|
75 |
CVE-2015-5962 |
189 |
|
DoS Mem. Corr. |
2015-08-08 |
2015-08-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management implementation in the graphics layer in Mozilla Firefox OS before 2.2 might allow attackers to cause a denial of service (memory corruption) via a negative value of a size parameter. |
|
76 |
CVE-2015-5961 |
264 |
|
Bypass |
2015-08-08 |
2015-08-21 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to bypass intended access restrictions by spoofing that server. |
|
77 |
CVE-2015-5960 |
284 |
|
Bypass |
2015-08-08 |
2015-08-21 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation. |
|
78 |
CVE-2015-5949 |
119 |
|
DoS Exec Code Overflow |
2015-08-25 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointers. |
|
79 |
CVE-2015-5786 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-25 |
2016-12-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5785. |
|
80 |
CVE-2015-5785 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-25 |
2016-12-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-5786. |
|
81 |
CVE-2015-5784 |
264 |
|
Exec Code |
2015-08-17 |
2017-09-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app. |
|
82 |
CVE-2015-5783 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-17 |
2017-09-21 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
IOGraphics in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted app, a different vulnerability than CVE-2015-3770. |
|
83 |
CVE-2015-5782 |
200 |
|
+Info |
2015-08-17 |
2016-12-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image. |
|
84 |
CVE-2015-5781 |
200 |
|
+Info |
2015-08-17 |
2016-12-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image. |
|
85 |
CVE-2015-5779 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-17 |
2017-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability than CVE-2015-3765, CVE-2015-3779, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751, and CVE-2015-5753. |
|
86 |
CVE-2015-5778 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-17 |
2016-12-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5777. |
|
87 |
CVE-2015-5777 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-17 |
2016-12-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerability than CVE-2015-5778. |
|
88 |
CVE-2015-5776 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-17 |
2016-12-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of an AF_INET6 socket. |
|
89 |
CVE-2015-5775 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-17 |
2016-12-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-3804 and CVE-2015-5756. |
|
90 |
CVE-2015-5774 |
119 |
|
Overflow +Priv |
2015-08-17 |
2016-12-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X before 10.10.5 allows local users to gain privileges via unspecified vectors. |
|
91 |
CVE-2015-5773 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-17 |
2016-12-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document. |
|
92 |
CVE-2015-5772 |
119 |
|
Exec Code Overflow |
2015-08-17 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file. |
|
93 |
CVE-2015-5771 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-17 |
2017-09-21 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime file. |
|
94 |
CVE-2015-5770 |
264 |
|
|
2015-08-17 |
2016-12-24 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterprise app. |
|
95 |
CVE-2015-5769 |
|
|
DoS |
2015-08-17 |
2016-12-24 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video. |
|
96 |
CVE-2015-5768 |
200 |
|
+Info |
2015-08-17 |
2017-09-21 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. |
|
97 |
CVE-2015-5766 |
22 |
|
Dir. Trav. |
2015-08-17 |
2016-12-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. |
|
98 |
CVE-2015-5763 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-08-17 |
2017-09-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
ntfs in Apple OS X before 10.10.5 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. |
|
99 |
CVE-2015-5761 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-08-17 |
2016-12-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font file, a different vulnerability than CVE-2015-5755. |
|
100 |
CVE-2015-5759 |
254 |
|
|
2015-08-17 |
2016-12-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. |
