| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
101 |
CVE-2015-3105 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-06-10 |
2016-12-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
|
102 |
CVE-2015-3104 |
189 |
|
Exec Code Overflow |
2015-06-10 |
2016-12-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. |
|
103 |
CVE-2015-3103 |
|
|
Exec Code |
2015-06-10 |
2016-12-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3106 and CVE-2015-3107. |
|
104 |
CVE-2015-3100 |
119 |
|
Exec Code Overflow |
2015-06-10 |
2016-12-31 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. |
|
105 |
CVE-2015-3096 |
352 |
|
Bypass |
2015-06-10 |
2016-12-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow remote attackers to bypass a CVE-2014-5333 protection mechanism via unspecified vectors. |
|
106 |
CVE-2015-3000 |
399 |
|
DoS |
2015-06-08 |
2018-10-09 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
SysAid Help Desk before 15.2 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested entity references in an XML document to (1) /agententry, (2) /rdsmonitoringresponse, or (3) /androidactions, aka an XML Entity Expansion (XEE) attack. |
|
107 |
CVE-2015-2999 |
89 |
|
Exec Code Sql |
2015-06-08 |
2018-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /genericreport, customSQL parameter in a (2) TopAdministratorsByAverageTimer report or an (3) ActiveRequests report to /genericreport, (4) dir parameter to HelpDesk.jsp, or (5) grantSQL parameter to RFCGantt.jsp. |
|
108 |
CVE-2015-2996 |
22 |
|
DoS Dir. Trav. |
2015-06-08 |
2018-10-09 |
8.5 |
None |
Remote |
Low |
Not required |
Partial |
None |
Complete |
|
Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2) cause a denial of service (CPU and memory consumption) via a .. (dot dot) in the fileName parameter to calculateRdsFileChecksum. |
|
109 |
CVE-2015-2995 |
22 |
|
Dir. Trav. |
2015-06-08 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not properly check file extensions, which allows remote attackers to upload and execute arbitrary files via a NULL byte after the extension, as demonstrated by a .war%00 file. |
|
110 |
CVE-2015-2994 |
|
|
Exec Code |
2015-06-08 |
2018-10-09 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then accessing it via a direct request to the file in icons/user_photo/. |
|
111 |
CVE-2015-2993 |
264 |
|
|
2015-06-08 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount or (2) write to arbitrary files via the fileName parameter to /userentry. |
|
112 |
CVE-2015-2966 |
22 |
|
Dir. Trav. |
2015-06-30 |
2015-07-01 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the Droidware UK Explorer+ File Manager application before 2.3.3 for Android allows remote attackers to write to arbitrary files via unspecified vectors. |
|
113 |
CVE-2015-2962 |
20 |
|
Exec Code |
2015-06-13 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via unspecified vectors. |
|
114 |
CVE-2015-2961 |
352 |
|
CSRF |
2015-06-09 |
2016-12-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to hijack the authentication of administrators. |
|
115 |
CVE-2015-2959 |
284 |
|
+Info |
2015-06-09 |
2016-12-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by leveraging the guest role. |
|
116 |
CVE-2015-2958 |
264 |
|
Bypass |
2015-06-13 |
2016-12-03 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2953. |
|
117 |
CVE-2015-2956 |
89 |
|
Exec Code Sql |
2015-06-13 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
|
118 |
CVE-2015-2955 |
78 |
|
Exec Code |
2015-06-13 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. |
|
119 |
CVE-2015-2954 |
352 |
|
CSRF |
2015-06-13 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users. |
|
120 |
CVE-2015-2952 |
284 |
|
Bypass |
2015-06-13 |
2016-12-03 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958. |
|
121 |
CVE-2015-2950 |
22 |
|
Dir. Trav. |
2015-06-05 |
2016-12-03 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. |
|
122 |
CVE-2015-2861 |
352 |
|
CSRF |
2015-06-18 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel before 0.9.8-14 allows remote attackers to hijack the authentication of arbitrary users. |
|
123 |
CVE-2015-2860 |
22 |
|
Dir. Trav. |
2015-06-23 |
2016-12-03 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in Avigilon Control Center (ACC) 4 before 4.12.0.54 and 5 before 5.4.2.22 allows remote attackers to read arbitrary files via a crafted help/ URL. |
|
124 |
CVE-2015-2805 |
352 |
|
CSRF |
2015-06-16 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in sec/content/sec_asa_users_local_db_add.html in the management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, 6855, 6900, 10K, and 6860 with firmware 6.4.5.R02, 6.4.6.R01, 6.6.4.R01, 6.6.5.R02, 7.3.2.R01, 7.3.3.R01, 7.3.4.R01, and 8.1.1.R01 allows remote attackers to hijack the authentication of administrators for requests that create users via a crafted request. |
|
125 |
CVE-2015-2803 |
89 |
|
Exec Code Sql |
2015-06-17 |
2018-10-09 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter. |
|
126 |
CVE-2015-2797 |
119 |
|
Exec Code Overflow |
2015-06-19 |
2016-12-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login. |
|
127 |
CVE-2015-2360 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2015-06-10 |
2019-05-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." |
|
128 |
CVE-2015-2341 |
20 |
|
DoS |
2015-06-13 |
2016-12-31 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, and VMware Fusion 6.x before 6.0.6 and 7.x before 7.0.1 allow attackers to cause a denial of service against a 32-bit guest OS or 64-bit host OS via a crafted RPC command. |
|
129 |
CVE-2015-2340 |
399 |
|
DoS |
2015-06-13 |
2016-12-31 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors. |
|
130 |
CVE-2015-2339 |
399 |
|
DoS |
2015-06-13 |
2016-12-31 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2338. |
|
131 |
CVE-2015-2338 |
399 |
|
DoS |
2015-06-13 |
2016-12-31 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode before 5.4.2 on Windows does not properly allocate memory, which allows guest OS users to cause a host OS denial of service via unspecified vectors, a different vulnerability than CVE-2015-2339. |
|
132 |
CVE-2015-2308 |
94 |
|
Exec Code |
2015-06-24 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP code via a language="php" attribute of a SCRIPT element. |
|
133 |
CVE-2015-2282 |
119 |
|
DoS Exec Code Overflow |
2015-06-02 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver RFC SDK, GUI, RFC SDK, SAPCAR archive tool, and other products allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, aka SAP Security Note 2124806, 2121661, 2127995, and 2125316. |
|
134 |
CVE-2015-2268 |
399 |
|
DoS |
2015-06-01 |
2020-12-01 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. |
|
135 |
CVE-2015-2124 |
|
|
+Priv Bypass |
2015-06-05 |
2016-12-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to bypass intended access restrictions and gain privileges via unknown vectors. |
|
136 |
CVE-2015-1986 |
77 |
|
Exec Code |
2015-06-30 |
2016-12-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938. |
|
137 |
CVE-2015-1974 |
264 |
|
Bypass |
2015-06-28 |
2016-12-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors. |
|
138 |
CVE-2015-1965 |
119 |
|
DoS Overflow |
2015-06-30 |
2016-12-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, and CVE-2015-1964. |
|
139 |
CVE-2015-1964 |
119 |
|
DoS Overflow |
2015-06-30 |
2016-12-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, and CVE-2015-1965. |
|
140 |
CVE-2015-1963 |
119 |
|
DoS Overflow |
2015-06-30 |
2016-12-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1964, and CVE-2015-1965. |
|
141 |
CVE-2015-1962 |
119 |
|
DoS Overflow |
2015-06-30 |
2016-12-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. |
|
142 |
CVE-2015-1954 |
119 |
|
DoS Overflow |
2015-06-30 |
2016-12-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1953, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. |
|
143 |
CVE-2015-1953 |
119 |
|
DoS Overflow |
2015-06-30 |
2016-12-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1948, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. |
|
144 |
CVE-2015-1949 |
77 |
|
Exec Code |
2015-06-30 |
2016-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors. |
|
145 |
CVE-2015-1948 |
119 |
|
DoS Overflow |
2015-06-30 |
2016-12-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1930, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. |
|
146 |
CVE-2015-1945 |
|
|
+Priv |
2015-06-02 |
2016-11-30 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors. |
|
147 |
CVE-2015-1942 |
20 |
|
|
2015-06-30 |
2016-12-28 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to write to arbitrary files, and subsequently execute these files, via a crafted TCP packet to an unspecified port. |
|
148 |
CVE-2015-1941 |
200 |
|
+Info |
2015-06-30 |
2016-12-28 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read arbitrary files via a crafted TCP packet to an unspecified port. |
|
149 |
CVE-2015-1938 |
77 |
|
Exec Code |
2015-06-30 |
2016-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1986. |
|
150 |
CVE-2015-1930 |
119 |
|
DoS Overflow |
2015-06-30 |
2016-12-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965. |
