| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1451 |
CVE-2015-8275 |
284 |
|
|
2017-04-10 |
2017-04-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow attackers to write to arbitrary files via crafted EDOC files. |
|
1452 |
CVE-2015-8272 |
476 |
|
DoS |
2017-04-13 |
2017-11-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash). |
|
1453 |
CVE-2015-8271 |
123 |
|
Exec Code |
2017-04-13 |
2017-11-04 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code. |
|
1454 |
CVE-2015-8270 |
476 |
|
DoS |
2017-04-13 |
2017-11-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash). |
|
1455 |
CVE-2015-8258 |
74 |
|
|
2017-04-10 |
2017-04-13 |
7.8 |
None |
Remote |
Low |
Not required |
None |
Complete |
None |
|
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability." |
|
1456 |
CVE-2015-8256 |
79 |
|
XSS |
2017-04-17 |
2017-04-25 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras. |
|
1457 |
CVE-2015-8255 |
352 |
|
CSRF |
2017-04-10 |
2017-04-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. |
|
1458 |
CVE-2015-8223 |
275 |
|
DoS |
2017-04-13 |
2017-04-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) by leveraging camera permissions and via crafted input to the camera driver. |
|
1459 |
CVE-2015-8110 |
264 |
|
+Priv |
2017-04-24 |
2017-04-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within the Tvsukernel.exe GUI application in the context of a temporary administrator account, aka a "local privilege escalation vulnerability." |
|
1460 |
CVE-2015-8109 |
255 |
|
+Priv |
2017-04-24 |
2017-04-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowledge of the time that this account was created, aka a "temporary administrator account vulnerability." |
|
1461 |
CVE-2015-8107 |
134 |
|
Exec Code |
2017-04-13 |
2017-04-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. |
|
1462 |
CVE-2015-7893 |
20 |
|
|
2017-04-11 |
2017-04-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. |
|
1463 |
CVE-2015-7847 |
20 |
|
DoS |
2017-04-02 |
2017-04-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack. |
|
1464 |
CVE-2015-7844 |
20 |
|
|
2017-04-02 |
2017-04-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not usable. |
|
1465 |
CVE-2015-7826 |
295 |
|
|
2017-04-10 |
2017-04-15 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by accepting *.example.com as a match for bar.foo.example.com. |
|
1466 |
CVE-2015-7825 |
|
|
DoS |
2017-04-10 |
2017-04-15 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the certificate chain. |
|
1467 |
CVE-2015-7824 |
200 |
|
+Info |
2017-04-10 |
2017-04-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites. |
|
1468 |
CVE-2015-7740 |
20 |
|
DoS |
2017-04-13 |
2017-04-25 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and P8 ALE-UL00 before ALE-UL00B211 allows local users to cause a denial of service (OS crash) via vectors involving an application that passes crafted input to the GPU driver. |
|
1469 |
CVE-2015-7570 |
918 |
|
|
2017-04-24 |
2018-10-09 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php. |
|
1470 |
CVE-2015-7569 |
89 |
|
Exec Code Sql |
2017-04-24 |
2019-03-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. |
|
1471 |
CVE-2015-7568 |
89 |
|
Sql |
2017-04-24 |
2019-03-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. |
|
1472 |
CVE-2015-7565 |
79 |
|
XSS |
2017-04-13 |
2018-08-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through 1.10.x, 1.11.x before 1.11.4, 1.12.x before 1.12.2, 1.13.x before 1.13.12, 2.0.x before 2.0.3, 2.1.x before 2.1.2, and 2.2.x before 2.2.1 allows remote attackers to inject arbitrary web script or HTML. |
|
1473 |
CVE-2015-7564 |
89 |
|
Exec Code Sql |
2017-04-12 |
2017-04-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php. |
|
1474 |
CVE-2015-7563 |
352 |
|
CSRF |
2017-04-12 |
2020-06-16 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. |
|
1475 |
CVE-2015-7562 |
79 |
|
XSS |
2017-04-12 |
2017-04-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role. |
|
1476 |
CVE-2015-7292 |
119 |
|
DoS Overflow |
2017-04-10 |
2017-04-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have unspecified other impact via a long string to /dev/hv. |
|
1477 |
CVE-2015-7275 |
79 |
|
XSS |
2017-04-10 |
2017-04-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 before 2.30.30.30 has XSS. |
|
1478 |
CVE-2015-7274 |
264 |
|
Exec Code |
2017-04-10 |
2017-04-14 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows remote attackers to execute arbitrary administrative HTTP commands. |
|
1479 |
CVE-2015-7273 |
611 |
|
|
2017-04-10 |
2017-04-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. |
|
1480 |
CVE-2015-7272 |
119 |
|
DoS Overflow |
2017-04-10 |
2017-04-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long SSH username or input. |
|
1481 |
CVE-2015-7271 |
134 |
|
|
2017-04-10 |
2017-04-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. |
|
1482 |
CVE-2015-7270 |
22 |
|
Dir. Trav. |
2017-04-10 |
2017-04-14 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. |
|
1483 |
CVE-2015-7265 |
284 |
|
Bypass |
2017-04-10 |
2018-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks. |
|
1484 |
CVE-2015-7264 |
74 |
|
|
2017-04-10 |
2018-08-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks. |
|
1485 |
CVE-2015-7263 |
284 |
|
Bypass |
2017-04-10 |
2018-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value. |
|
1486 |
CVE-2015-7260 |
264 |
|
+Priv |
2017-04-10 |
2021-08-31 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file. |
|
1487 |
CVE-2015-7247 |
200 |
|
+Info |
2017-04-24 |
2017-04-28 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information. |
|
1488 |
CVE-2015-7246 |
798 |
|
|
2017-04-24 |
2017-04-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access. |
|
1489 |
CVE-2015-7245 |
22 |
|
Dir. Trav. |
2017-04-24 |
2017-04-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter. |
|
1490 |
CVE-2015-6674 |
119 |
|
Overflow |
2017-04-13 |
2020-09-14 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836. |
|
1491 |
CVE-2015-6568 |
20 |
|
Exec Code |
2017-04-14 |
2017-09-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality. |
|
1492 |
CVE-2015-6567 |
20 |
|
Exec Code |
2017-04-14 |
2017-09-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality. |
|
1493 |
CVE-2015-6035 |
79 |
|
XSS |
2017-04-10 |
2017-04-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Opsview before 2015-11-06 has XSS via SNMP. |
|
1494 |
CVE-2015-6028 |
89 |
|
Sql |
2017-04-10 |
2021-09-13 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the sc parameter. |
|
1495 |
CVE-2015-6027 |
79 |
|
XSS |
2017-04-10 |
2021-09-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP. |
|
1496 |
CVE-2015-6021 |
79 |
|
XSS |
2017-04-10 |
2017-04-14 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. |
|
1497 |
CVE-2015-4680 |
295 |
|
|
2017-04-05 |
2018-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. |
|
1498 |
CVE-2015-4673 |
79 |
|
XSS |
2017-04-06 |
2017-04-12 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to upload/manage_collections.php in an add_new action or the (2) photo_description, (3) photo_tags, or (4) photo_title parameter to upload/actions/photo_uploader.php. |
|
1499 |
CVE-2015-4646 |
20 |
|
DoS |
2017-04-13 |
2019-10-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
(1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input. |
|
1500 |
CVE-2015-2947 |
441 |
|
|
2017-04-13 |
2017-04-25 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic. |
