CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0057 | high | — | 8.2 | 12y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and … | |||
| CVE-2015-0004 | high | — | 8.2 | 12y ago | The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and… | |||
| CVE-2015-0002 | high | — | 8.2 | 12y ago | The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold a… | |||
| CVE-2015-3637 | high | 8.1 | 8.1 | 9y ago | SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters. | |||
| CVE-2015-5246 | high | 8.1 | 8.1 | 9y ago | The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory. | |||
| CVE-2015-5263 | high | 8.1 | 8.1 | 9y ago | pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | |||
| CVE-2015-5948 | high | 8.1 | 8.1 | 9y ago | Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947. | |||
| CVE-2015-5947 | high | 8.1 | 8.1 | 9y ago | SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. | |||
| CVE-2015-3206 | high | 8.1 | 8.1 | 9y ago | The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other u… | |||
| CVE-2015-7887 | high | 8.1 | 8.1 | 9y ago | NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. | |||
| CVE-2015-0839 | high | 8.1 | 8.1 | 9y ago | The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to ve… | |||
| CVE-2015-5152 | high | 8.1 | 8.1 | 9y ago | Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-… | |||
| CVE-2015-5232 | high | 8.1 | 8.1 | 9y ago | Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197. | |||
| CVE-2015-6817 | high | 8.1 | 8.1 | 9y ago | PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username. | |||
| CVE-2015-8764 | high | 8.1 | 8.1 | 9y ago | Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. | |||
| CVE-2015-8763 | high | 8.1 | 8.1 | 9y ago | The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. | |||
| CVE-2015-8983 | high | 8.1 | 8.1 | 9y ago | Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (applicatio… | |||
| CVE-2015-8982 | high | 8.1 | 8.1 | 9y ago | Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary co… | |||
| CVE-2015-7599 | high | 8.1 | 8.1 | 9y ago | Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a de… | |||
| CVE-2015-8960 | high | 8.1 | 8.1 | 10y ago | The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute t… | |||
| CVE-2015-5348 | high | 8.1 | 8.1 | 10y ago | Apache Camel can allow remote attackers to execute arbitrary commands | |||
| CVE-2015-7999 | high | 8.1 | 8.1 | 10y ago | Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbi… | |||
| CVE-2015-6184 | high | 8.1 | 8.1 | 10y ago | The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) … | |||
| CVE-2015-5346 | high | 8.1 | 8.1 | 10y ago | Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x before 8.0.30, and 9.x before 9.0.0.M2, when different session settings are used for deployments of multiple versions of the sam… | |||
| CVE-2015-7914 | high | 8.1 | 8.1 | 11y ago | Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password. | |||
| CVE-2015-6467 | high | 8.1 | 8.1 | 11y ago | Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin. | |||
| CVE-2015-3947 | high | 8.1 | 8.1 | 11y ago | SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-7754 | high | 8.1 | 8.1 | 11y ago | Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. | |||
| CVE-2015-7283 | high | 8.1 | 8.1 | 11y ago | The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative pr… | |||
| CVE-2015-5600 | high | 8.1 | 8.1 | 11y ago | The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it ea… | |||
| CVE-2015-4685 | high | 7.0 | 8.0 | 9y ago | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo m… | |||
| CVE-2015-3222 | high | 7.0 | 8.0 | 9y ago | syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. | |||
| CVE-2015-1325 | high | 7.0 | 8.0 | 9y ago | Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and befo… | |||
| CVE-2015-7891 | high | 7.0 | 8.0 | 9y ago | Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging def… | |||
| CVE-2015-0864 | high | 8.0 | 8.0 | 9y ago | Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | |||
| CVE-2015-0863 | high | 8.0 | 8.0 | 9y ago | GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary cod… | |||
| CVE-2015-0721 | high | 8.0 | 8.0 | 10y ago | Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended A… | |||
| CVE-2015-8798 | high | 8.0 | 8.0 | 10y ago | Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for … | |||
| CVE-2015-8152 | high | 8.0 | 8.0 | 10y ago | Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for… | |||
| CVE-2015-5018 | high | 8.0 | 8.0 | 11y ago | IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS command… | |||
| CVE-2015-7284 | high | 8.0 | 8.0 | 11y ago | Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2015-6020 | high | 8.0 | 8.0 | 11y ago | ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. | |||
| CVE-2015-7925 | high | 8.0 | 8.0 | 11y ago | Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware … | |||
| CVE-2015-4545 | high | 8.0 | 8.0 | 11y ago | EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account … | |||
| CVE-2015-1935 | high | — | 8.0 | 11y ago | The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service… | |||
| CVE-2015-8666 | high | 7.9 | 7.9 | 9y ago | Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. | |||
| CVE-2015-7110 | medium | — | 7.9 | 11y ago | The Disk Images component in Apple OS X before 10.11.2 and tvOS before 9.1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted disk image. | |||
| CVE-2015-5287 | medium | — | 7.9 | 11y ago | The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable na… | |||
| CVE-2015-6101 | medium | — | 7.9 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and… | |||
| CVE-2015-6100 | medium | — | 7.9 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and… | |||
| CVE-2015-5693 | high | — | 7.9 | 11y ago | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffi… | |||
| CVE-2015-5692 | high | — | 7.9 | 11y ago | admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading… | |||
| CVE-2015-2518 | medium | — | 7.9 | 11y ago | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows… | |||
| CVE-2015-2517 | medium | — | 7.9 | 11y ago | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows… | |||
| CVE-2015-2511 | medium | — | 7.9 | 11y ago | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows… | |||
| CVE-2015-3214 | medium | — | 7.9 | 11y ago | The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitra… | |||
| CVE-2015-4034 | high | — | 7.9 | 11y ago | The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a seri… | |||
| CVE-2015-0658 | high | — | 7.9 | 11y ago | The DHCP implementation in the PowerOn Auto Provisioning (POAP) feature in Cisco NX-OS does not properly restrict the initialization process, which allows remote attackers to execute arbitrary comman… | |||
| CVE-2015-0059 | medium | — | 7.9 | 12y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users t… | |||
| CVE-2015-0003 | medium | — | 7.9 | 12y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and … | |||
| CVE-2015-1305 | medium | — | 7.9 | 12y ago | McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary memory locations, and consequently gain privileges, via a crafted (1) 0x00224014 or (2) 0x0022c018 … | |||
| CVE-2015-7529 | high | 7.8 | 7.8 | 4y ago | sosreport in SoS 3.x allows local users to obtain sensitive information from sosreport files or gain privileges via a symlink attack on an archive file in a temporary directory, as demonstrated by so… | |||
| CVE-2015-5699 | high | 7.8 | 7.8 | 9y ago | The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label. | |||
| CVE-2015-5675 | high | 7.8 | 7.8 | 9y ago | The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic). | |||
| CVE-2015-2158 | high | 7.8 | 7.8 | 9y ago | Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary c… | |||
| CVE-2015-7359 | high | 7.8 | 7.8 | 9y ago | The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, do not check the impersonation leve… | |||
| CVE-2015-6971 | high | 7.8 | 7.8 | 9y ago | Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0013 allows local users to submit commands to the System Update service (SUService.exe) and gain privileges by launching signed … | |||
| CVE-2015-1537 | high | 7.8 | 7.8 | 9y ago | Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to execute arbitrary code via a crafted application. | |||
| CVE-2015-5704 | high | 7.8 | 7.8 | 9y ago | scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. | |||
| CVE-2015-3887 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in ProxyChains-NG before 4.9 allows local users to gain privileges via a Trojan horse libproxychains4.so library in the current working directory, which is referen… | |||
| CVE-2015-1527 | high | 7.8 | 7.8 | 9y ago | Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a crafted application, aka Android Bug ID 19261727. | |||
| CVE-2015-1590 | high | 7.8 | 7.8 | 9y ago | The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamailio_ctl. | |||
| CVE-2015-2210 | high | 7.8 | 7.8 | 9y ago | The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows local users to execute arbitrary code by injecting Javascript into the window source to create a button that spawns a command sh… | |||
| CVE-2015-8300 | high | 7.8 | 7.8 | 9y ago | Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: Full Control) for "Program Files (x86)\polycom\polycom btoe connector\plcmbtoesrv.exe," which allows local users to gain privilege… | |||
| CVE-2015-0974 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediapla… | |||
| CVE-2015-0114 | high | 7.8 | 7.8 | 9y ago | Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows 6.1 and 7.1. | |||
| CVE-2015-1324 | high | 7.8 | 7.8 | 9y ago | Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and before 2.0.1-0ubuntu17… | |||
| CVE-2015-8308 | high | 7.8 | 7.8 | 9y ago | LXDM before 0.5.2 did not start X server with -auth, which allows local users to bypass authentication with X connections. | |||
| CVE-2015-3617 | high | 7.8 | 7.8 | 9y ago | Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow local users to gain privileges via crafted CLI commands. | |||
| CVE-2015-5946 | high | 7.8 | 7.8 | 9y ago | Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension. | |||
| CVE-2015-8264 | high | 7.8 | 7.8 | 9y ago | Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same f… | |||
| CVE-2015-6585 | high | 7.8 | 7.8 | 9y ago | hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a "type confusion" via an HWPX file containing a crafted para text ta… | |||
| CVE-2015-4035 | high | 7.8 | 7.8 | 9y ago | scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not properly process file names containing semicolons, which allows remote attackers to execute arbitrary code by having a user run x… | |||
| CVE-2015-1438 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged… | |||
| CVE-2015-3932 | high | 7.8 | 7.8 | 9y ago | Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:Ob… | |||
| CVE-2015-3931 | high | 7.8 | 7.8 | 9y ago | Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform XML signature wrapping attacks via an e-akta signed document with a ds:Object node with a crafted payload prepended to a valid ds:… | |||
| CVE-2015-1795 | high | 7.8 | 7.8 | 9y ago | Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary code as root. | |||
| CVE-2015-1591 | high | 7.8 | 7.8 | 9y ago | The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges. | |||
| CVE-2015-9033 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer. | |||
| CVE-2015-9030 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication. | |||
| CVE-2015-9029 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory. | |||
| CVE-2015-9028 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a cryptographic routine. | |||
| CVE-2015-9027 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | |||
| CVE-2015-9026 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | |||
| CVE-2015-9025 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE application. | |||
| CVE-2015-9023 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. | |||
| CVE-2015-9020 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in the unlocking of memory. | |||
| CVE-2015-4596 | high | 7.8 | 7.8 | 9y ago | Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | |||
| CVE-2015-6240 | high | 7.8 | 7.8 | 9y ago | The chroot, jail, and zone connection plugins in ansible before 1.9.2 allow local users to escape a restricted environment via a symlink attack. | |||
| CVE-2015-7724 | high | 7.8 | 7.8 | 9y ago | AMD fglrx-driver before 15.9 allows local users to gain privileges via a symlink attack. NOTE: This vulnerability exists due to an incomplete fix for CVE-2015-7723. |