| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
201 |
CVE-2015-1261 |
20 |
|
|
2015-05-20 |
2017-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text. |
|
202 |
CVE-2015-1260 |
|
|
DoS Exec Code |
2015-05-20 |
2017-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request. |
|
203 |
CVE-2015-1259 |
17 |
|
DoS |
2015-05-20 |
2017-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. |
|
204 |
CVE-2015-1258 |
189 |
|
DoS |
2015-05-20 |
2017-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and consequently cause a denial of service or possibly have unspecified other impact, via a crafted frame size in VP9 video data. |
|
205 |
CVE-2015-1257 |
119 |
|
DoS Overflow |
2015-05-20 |
2017-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMatrix filter, which allows remote attackers to cause a denial of service (container overflow) or possibly have unspecified other impact via a crafted document. |
|
206 |
CVE-2015-1256 |
|
|
DoS |
2015-05-20 |
2017-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document that leverages improper handling of a shadow tree for a use element. |
|
207 |
CVE-2015-1255 |
|
|
DoS Mem. Corr. |
2015-05-20 |
2017-01-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio implementation in Google Chrome before 43.0.2357.65 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by leveraging improper handling of a stop action for an audio track. |
|
208 |
CVE-2015-1254 |
264 |
|
Bypass |
2015-05-20 |
2017-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing. |
|
209 |
CVE-2015-1253 |
284 |
|
Exec Code Bypass |
2015-05-20 |
2017-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions. |
|
210 |
CVE-2015-1252 |
119 |
|
DoS Overflow Bypass |
2015-05-20 |
2017-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of service (out-of-bounds write) via vectors that trigger a write operation with a large amount of data, related to the PartialCircularBuffer::Write and PartialCircularBuffer::DoWrite functions. |
|
211 |
CVE-2015-1251 |
|
|
Exec Code |
2015-05-20 |
2018-10-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document. |
|
212 |
CVE-2015-1250 |
|
|
DoS |
2015-05-01 |
2017-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. |
|
213 |
CVE-2015-1243 |
|
|
DoS |
2015-05-01 |
2017-01-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering an attempt to unregister a MutationObserver object that is not currently registered. |
|
214 |
CVE-2015-1188 |
|
|
|
2015-05-20 |
2021-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors. |
|
215 |
CVE-2015-1157 |
17 |
|
DoS |
2015-05-28 |
2016-11-28 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2) a WhatsApp message. |
|
216 |
CVE-2015-1154 |
|
|
DoS Exec Code Mem. Corr. |
2015-05-08 |
2015-07-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153. |
|
217 |
CVE-2015-1153 |
|
|
DoS Exec Code Mem. Corr. |
2015-05-08 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1154. |
|
218 |
CVE-2015-1152 |
|
|
DoS Exec Code Mem. Corr. |
2015-05-08 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1153 and CVE-2015-1154. |
|
219 |
CVE-2015-1013 |
89 |
|
Sql Bypass |
2015-05-26 |
2015-05-27 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended command restrictions via SQL statements. |
|
220 |
CVE-2015-1008 |
89 |
|
+Priv Sql |
2015-05-26 |
2016-04-06 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. |
|
221 |
CVE-2015-0986 |
119 |
|
Overflow |
2015-05-26 |
2016-12-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command. |
|
222 |
CVE-2015-0971 |
399 |
|
DoS |
2015-05-14 |
2015-05-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates. |
|
223 |
CVE-2015-0935 |
94 |
|
Exec Code |
2015-05-25 |
2017-09-07 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts. |
|
224 |
CVE-2015-0916 |
89 |
|
Exec Code Sql |
2015-05-22 |
2015-05-22 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CVE-2007-6035. |
|
225 |
CVE-2015-0914 |
284 |
|
|
2015-05-01 |
2015-05-01 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request. |
|
226 |
CVE-2015-0912 |
|
|
|
2015-05-01 |
2015-05-01 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors. |
|
227 |
CVE-2015-0847 |
17 |
|
DoS |
2015-05-29 |
2016-12-31 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
nbd-server.c in Network Block Device (nbd-server) before 3.11 does not properly handle signals, which allows remote attackers to cause a denial of service (deadlock) via unspecified vectors. |
|
228 |
CVE-2015-0797 |
|
|
DoS Exec Code |
2015-05-14 |
2020-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. |
|
229 |
CVE-2015-0757 |
200 |
|
+Info |
2015-05-29 |
2017-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140. |
|
230 |
CVE-2015-0756 |
20 |
|
DoS |
2015-05-29 |
2017-01-04 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) allow remote attackers to cause a denial of service (wireless-networking outage) via crafted TCP traffic on the local network, aka Bug ID CSCug67104. |
|
231 |
CVE-2015-0755 |
284 |
|
+Priv |
2015-05-29 |
2017-01-04 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
The Posture module for Cisco Identity Services Engine (ISE), as distributed in Cisco AnyConnect Secure Mobility Client 4.0(64), allows local users to gain privileges via unspecified commands, aka Bug ID CSCut05797. |
|
232 |
CVE-2015-0754 |
20 |
|
DoS +Info |
2015-05-29 |
2017-01-04 |
7.5 |
None |
Remote |
Low |
??? |
Partial |
None |
Complete |
|
Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. |
|
233 |
CVE-2015-0753 |
20 |
|
Exec Code Sql |
2015-05-29 |
2017-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Cisco Unified Email Interaction Manager (EIM) and Unified Web Interaction Manager (WIM) 9.0(2) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu30028. |
|
234 |
CVE-2015-0751 |
20 |
|
DoS |
2015-05-29 |
2017-01-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800. |
|
235 |
CVE-2015-0750 |
264 |
|
Exec Code |
2015-05-23 |
2015-05-26 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fields, aka Bug ID CSCut02786. |
|
236 |
CVE-2015-0746 |
254 |
|
DoS |
2015-05-22 |
2016-04-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. |
|
237 |
CVE-2015-0745 |
200 |
|
+Info |
2015-05-30 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug ID CSCus44909. |
|
238 |
CVE-2015-0744 |
399 |
|
DoS |
2015-05-30 |
2017-01-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System Release allow remote attackers to cause a denial of service (CPU and memory consumption, and TCP service outage) via (1) a SYN flood or (2) another type of TCP traffic flood, aka Bug IDs CSCus50642, CSCus50662, CSCus50625, CSCus50657, and CSCus68315. |
|
239 |
CVE-2015-0743 |
399 |
|
DoS |
2015-05-30 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097. |
|
240 |
CVE-2015-0742 |
399 |
|
DoS |
2015-05-21 |
2017-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 100.13(20.3), 100.13(21.9), and 100.14(1.1) does not properly implement multicast-forwarding registration, which allows remote attackers to cause a denial of service (forwarding outage) via a crafted multicast packet, aka Bug ID CSCus74398. |
|
241 |
CVE-2015-0741 |
352 |
|
CSRF |
2015-05-21 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(1) and earlier allow remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut04596. |
|
242 |
CVE-2015-0740 |
352 |
|
CSRF |
2015-05-20 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Intelligence Center 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus28826. |
|
243 |
CVE-2015-0736 |
352 |
|
CSRF |
2015-05-16 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense 10.5(1) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu16728. |
|
244 |
CVE-2015-0735 |
352 |
|
CSRF |
2015-05-17 |
2017-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Cisco Unified Customer Voice Portal (CVP) 10.5(1) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCut93970. |
|
245 |
CVE-2015-0731 |
399 |
|
DoS |
2015-05-16 |
2017-01-06 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The ISDN implementation in Cisco IOS 15.3S allows remote attackers to cause a denial of service (device reload) via malformed Q931 SETUP messages, aka Bug ID CSCut37890. |
|
246 |
CVE-2015-0730 |
20 |
|
DoS |
2015-05-16 |
2017-01-06 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug ID CSCuo75645. |
|
247 |
CVE-2015-0726 |
20 |
|
DoS |
2015-05-16 |
2021-04-16 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
The web administration interface on Cisco Wireless LAN Controller (WLC) devices before 7.0.241, 7.1.x through 7.4.x before 7.4.122, and 7.5.x and 7.6.x before 7.6.120 allows remote authenticated users to cause a denial of service (device crash) via unspecified parameters, aka Bug IDs CSCum65159 and CSCum65252. |
|
248 |
CVE-2015-0723 |
399 |
|
DoS |
2015-05-16 |
2017-01-06 |
6.1 |
None |
Local Network |
Low |
Not required |
None |
None |
Complete |
|
The wireless web-authentication subsystem on Cisco Wireless LAN Controller (WLC) devices 7.5.x and 7.6.x before 7.6.120 allows remote attackers to cause a denial of service (process crash and device restart) via a crafted value, aka Bug ID CSCum03269. |
|
249 |
CVE-2015-0722 |
399 |
|
DoS |
2015-05-25 |
2015-05-26 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The network drivers in Cisco TelePresence T, Cisco TelePresence TE, and Cisco TelePresence TC before 7.3.2 allow remote attackers to cause a denial of service (process restart or device reload) via a flood of crafted IP packets, aka Bug ID CSCuj68952. |
|
250 |
CVE-2015-0717 |
264 |
|
+Priv |
2015-05-16 |
2017-01-06 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. |
