LiveActive security incident?Get immediate response
CVE archive

August 2015

Browse CVE records published in August 2015, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 876 matching CVEs · Page 4 of 18.

Unknown · CVSS Not scored

CVE-2015-8943: drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 d...

drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226.

Published Aug 6, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8942: drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-...

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246.

Published Aug 6, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8935: The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6....

The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.

Published Aug 7, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8941: drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 20...

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473.

Published Aug 6, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8939: drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) dev...

drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021.

Published Aug 6, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8944: The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android befo...

The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts.

Published Aug 6, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8332: Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user...

Huawei Video Content Management (VCM) before V100R001C10SPC001 does not properly "authenticate online user identities and privileges," which allows remote authenticated users to gain privileges and perform a case operation as another user via a crafted message, aka "Horizontal Privilege Escalation Vulnerability."

Published Aug 28, 2017 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-8022: The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2....

The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AAM 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP AFM and PEM 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; BIG-IP Edge Gateway, WebAccelerator, and WOM 11.x before 11.2.1 HF16 and 11.3.0; and BIG-IP PSM 11.x before 11.2.1 HF16, 11.3.x, and 11.4.x before 11.4.1 HF10 allows remote authenticated users with certain permissions to gain privileges by leveraging an Access Policy Manager customization configuration section that allows file uploads.

Published Aug 19, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2015-7944: The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11....

The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2, when used in SSL mode, allows remote attackers to cause a denial of service (resource consumption) via SSL parameter renegotiation.

Published Aug 18, 2017 · Updated Aug 6, 2024