Total
5279 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-5645 | 1 Icz | 1 Matchasns | 2015-10-07 | 6.5 MEDIUM | N/A |
| ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. | |||||
| CVE-2015-3865 | 1 Google | 1 Android | 2015-10-07 | 9.3 HIGH | N/A |
| The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463. | |||||
| CVE-2015-3847 | 1 Google | 1 Android | 2015-10-07 | 6.4 MEDIUM | N/A |
| Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | |||||
| CVE-2015-4964 | 1 Ibm | 1 Urbancode Deploy | 2015-10-06 | 6.0 MEDIUM | N/A |
| IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before 6.1.1.8, and 6.1.2 writes admin AUTH_TOKEN values to execution logs, which allows remote authenticated users to gain privileges by leveraging the ability to create and execute a process. | |||||
| CVE-2015-7709 | 1 Arkeia | 1 Western Digital Arkeia | 2015-10-06 | 10.0 HIGH | N/A |
| The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted requests involving the ARKFS_EXEC_CMD operation. | |||||
| CVE-2015-7685 | 1 Glpi-project | 1 Glpi | 2015-10-06 | 4.0 MEDIUM | N/A |
| GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php. | |||||
| CVE-2015-2027 | 1 Ibm | 1 Websphere Extreme Scale | 2015-10-05 | 2.1 LOW | N/A |
| IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||||
| CVE-2015-0142 | 1 Ibm | 1 Openpages Grc Platform | 2015-10-05 | 4.0 MEDIUM | N/A |
| IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and data-storage outage) by calling the System Administration Mode function. | |||||
| CVE-2015-3849 | 1 Google | 1 Android | 2015-10-01 | 9.3 HIGH | N/A |
| The Region_createFromParcel function in core/jni/android/graphics/Region.cpp in Region in Android before 5.1.1 LMY48M does not check the return values of certain read operations, which allows attackers to execute arbitrary code via an application that sends a crafted message to a service, aka internal bug 21585255. | |||||
| CVE-2015-3858 | 1 Google | 1 Android | 2015-10-01 | 9.3 HIGH | N/A |
| The checkDestination function in internal/telephony/SMSDispatcher.java in Android before 5.1.1 LMY48M relies on an obsolete permission name for an authorization check, which allows attackers to bypass an intended user-confirmation requirement for SMS short-code messaging via a crafted application, aka internal bug 22314646. | |||||
| CVE-2015-3845 | 1 Google | 1 Android | 2015-10-01 | 6.8 MEDIUM | N/A |
| The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, which allows attackers to obtain a different application's privileges via a crafted application, aka internal bug 17312693. | |||||
| CVE-2015-3844 | 1 Google | 1 Android | 2015-10-01 | 6.8 MEDIUM | N/A |
| The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect process loading via a crafted application, as demonstrated by interfering with use of the Settings application, aka internal bug 21669445. | |||||
| CVE-2015-3843 | 1 Google | 1 Android | 2015-10-01 | 9.3 HIGH | N/A |
| The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows attackers to (1) intercept or (2) emulate unspecified Telephony STK SIM commands via an application that sends a crafted Intent, related to com/android/internal/telephony/cat/AppInterface.java, aka internal bug 21697171. | |||||
| CVE-2015-5637 | 1 Newphoria Corporation | 1 1.1 | 2015-09-23 | 6.8 MEDIUM | N/A |
| The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
| CVE-2015-5636 | 1 Newphoria Corporation | 1 Reversi | 2015-09-23 | 6.8 MEDIUM | N/A |
| The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
| CVE-2015-5635 | 1 Newphoria Corporation | 1 Koritore | 2015-09-23 | 6.8 MEDIUM | N/A |
| The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
| CVE-2015-5634 | 1 Newphoria Corporation | 1 Megaphone Music | 2015-09-23 | 6.8 MEDIUM | N/A |
| The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
| CVE-2015-5633 | 1 Newphoria Corporation | 1 Auction Camera | 2015-09-23 | 6.8 MEDIUM | N/A |
| The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
| CVE-2015-5632 | 1 Newphoria Corporation | 1 Applican | 2015-09-23 | 6.8 MEDIUM | N/A |
| The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API access via unspecified vectors. | |||||
| CVE-2015-7238 | 1 Mcafee | 1 Threat Intelligence Exchange | 2015-09-22 | 2.1 LOW | N/A |
| The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sensitive information by reading the files. | |||||