Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-7323 | 1 Juniper | 1 Pulse Connect Secure | 2016-12-07 | 3.5 LOW | N/A |
| The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 allows remote authenticated users to bypass intended access restrictions and log into arbitrary meetings by leveraging a meeting id and meetingAppSun.jar. | |||||
| CVE-2015-7374 | 1 Indusoft | 1 Web Studio | 2016-12-07 | 7.5 HIGH | N/A |
| The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649. | |||||
| CVE-2015-7613 | 1 Linux | 1 Linux Kernel | 2016-12-07 | 6.9 MEDIUM | N/A |
| Race condition in the IPC object implementation in the Linux kernel through 4.2.3 allows local users to gain privileges by triggering an ipc_addid call that leads to uid and gid comparisons against uninitialized data, related to msg.c, shm.c, and util.c. | |||||
| CVE-2015-6526 | 1 Linux | 1 Linux Kernel | 2016-12-07 | 4.9 MEDIUM | N/A |
| The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-bit userspace backtrace. | |||||
| CVE-2015-6602 | 1 Google | 1 Android | 2016-12-07 | 9.3 HIGH | N/A |
| libutils in Android through 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted metadata in a (1) MP3 or (2) MP4 file, as demonstrated by an attack against use of libutils by libstagefright in Android 5.x. | |||||
| CVE-2015-5883 | 1 Apple | 1 Mac Os X | 2016-12-07 | 5.0 MEDIUM | N/A |
| The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attackers to spoof the content of a text document via a crafted character sequence. | |||||
| CVE-2015-5884 | 1 Apple | 1 Mac Os X | 2016-12-07 | 3.3 LOW | N/A |
| The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles encryption parameters for attachments, which makes it easier for remote attackers to obtain sensitive information by sniffing the network during transmission of an S/MIME e-mail message with a large attachment. | |||||
| CVE-2015-5887 | 1 Apple | 1 Mac Os X | 2016-12-07 | 10.0 HIGH | N/A |
| The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data. | |||||
| CVE-2015-5888 | 1 Apple | 1 Mac Os X | 2016-12-07 | 7.2 HIGH | N/A |
| The Install Framework Legacy component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving a privileged executable file. | |||||
| CVE-2015-5890 | 1 Apple | 1 Mac Os X | 2016-12-07 | 7.2 HIGH | N/A |
| IOGraphics in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5871, CVE-2015-5872, and CVE-2015-5873. | |||||
| CVE-2015-5891 | 1 Apple | 1 Mac Os X | 2016-12-07 | 7.2 HIGH | N/A |
| The SMB implementation in the kernel in Apple OS X before 10.11 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||||
| CVE-2015-5893 | 1 Apple | 1 Mac Os X | 2016-12-07 | 2.1 LOW | N/A |
| SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||||
| CVE-2015-5894 | 1 Apple | 1 Mac Os X | 2016-12-07 | 4.3 MEDIUM | N/A |
| The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it easier for man-in-the-middle attackers to spoof endpoints by leveraging access to a revoked certificate. | |||||
| CVE-2015-5897 | 1 Apple | 1 Mac Os X | 2016-12-07 | 4.6 MEDIUM | N/A |
| The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. | |||||
| CVE-2015-5900 | 1 Apple | 1 Mac Os X | 2016-12-07 | 7.1 HIGH | N/A |
| The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes to an unintended address. | |||||
| CVE-2015-5901 | 1 Apple | 1 Mac Os X | 2016-12-07 | 2.1 LOW | N/A |
| The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstrated by reading a flash drive. | |||||
| CVE-2015-5902 | 1 Apple | 1 Mac Os X | 2016-12-07 | 4.9 MEDIUM | N/A |
| The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. | |||||
| CVE-2015-5913 | 1 Apple | 1 Mac Os X | 2016-12-07 | 6.8 MEDIUM | N/A |
| Heimdal, as used in Apple OS X before 10.11, allows remote attackers to conduct replay attacks against the SMB server via packet data that represents a Kerberos authenticated request. | |||||
| CVE-2015-5914 | 1 Apple | 1 Mac Os X | 2016-12-07 | 4.7 MEDIUM | N/A |
| The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498. | |||||
| CVE-2015-5915 | 1 Apple | 1 Mac Os X | 2016-12-07 | 5.0 MEDIUM | N/A |
| Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. | |||||