CVEs from 2015
Total
7,323
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
17.8%
% with KEV
0.6%
% with exploit
0.8%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2015-8572 | medium | — | 6.8 | 11y ago | Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lin… | |
| CVE-2015-8571 | medium | — | 6.8 | 11y ago | Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. | |
| CVE-2015-8561 | medium | — | 6.8 | 11y ago | The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte… | |
| CVE-2015-7918 | medium | — | 6.8 | 11y ago | Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedNa… | |
| CVE-2015-6399 | medium | — | 6.8 | 11y ago | The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted param… | |
| CVE-2015-6378 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. | |
| CVE-2015-6405 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. | |
| CVE-2015-6419 | medium | — | 6.8 | 11y ago | Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. | |
| CVE-2015-6408 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. | |
| CVE-2015-7804 | medium | — | 6.8 | 11y ago | Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer derefere… | |
| CVE-2015-7803 | medium | — | 6.8 | 11y ago | The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) … | |
| CVE-2015-7107 | medium | — | 6.8 | 11y ago | QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | |
| CVE-2015-7105 | medium | — | 6.8 | 11y ago | CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v… | |
| CVE-2015-7104 | medium | — | 6.8 | 11y ago | WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |
| CVE-2015-7103 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |
| CVE-2015-7102 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |
| CVE-2015-7101 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |
| CVE-2015-7100 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |
| CVE-2015-7099 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |
| CVE-2015-7098 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |
| CVE-2015-7097 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |
| CVE-2015-7096 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |
| CVE-2015-7095 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |
| CVE-2015-7075 | medium | — | 6.8 | 11y ago | CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupt… | |
| CVE-2015-7074 | medium | — | 6.8 | 11y ago | CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed… | |
| CVE-2015-7073 | medium | — | 6.8 | 11y ago | Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cra… | |
| CVE-2015-7066 | medium | — | 6.8 | 11y ago | OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a c… | |
| CVE-2015-7065 | medium | — | 6.8 | 11y ago | OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |
| CVE-2015-7064 | medium | — | 6.8 | 11y ago | OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a c… | |
| CVE-2015-7061 | medium | — | 6.8 | 11y ago | The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte… | |
| CVE-2015-7060 | medium | — | 6.8 | 11y ago | The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte… | |
| CVE-2015-7059 | medium | — | 6.8 | 11y ago | The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte… | |
| CVE-2015-7054 | medium | — | 6.8 | 11y ago | zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remo… | |
| CVE-2015-7053 | medium | — | 6.8 | 11y ago | ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a … | |
| CVE-2015-7048 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |
| CVE-2015-7039 | medium | — | 6.8 | 11y ago | Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vuln… | |
| CVE-2015-7038 | medium | — | 6.8 | 11y ago | Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vuln… | |
| CVE-2015-7001 | medium | — | 6.8 | 11y ago | AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app. | |
| CVE-2015-6170 | medium | — | 6.8 | 11y ago | Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability." | |
| CVE-2015-6164 | medium | — | 6.8 | 11y ago | Microsoft Internet Explorer 9 through 11 improperly implements a cross-site scripting (XSS) protection mechanism, which allows remote attackers to bypass the Same Origin Policy via a crafted web site… | |
| CVE-2015-8131 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vec… | |
| CVE-2015-8124 | medium | — | 6.8 | 11y ago | Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a sess… | |
| CVE-2015-6780 | medium | — | 6.8 | 11y ago | Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c… | |
| CVE-2015-6776 | medium | — | 6.8 | 11y ago | The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possi… | |
| CVE-2015-8365 | medium | — | 6.8 | 11y ago | The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels… | |
| CVE-2015-8364 | medium | — | 6.8 | 11y ago | Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-o… | |
| CVE-2015-8363 | medium | — | 6.8 | 11y ago | The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 im… | |
| CVE-2015-5318 | medium | — | 6.8 | 11y ago | Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack | |
| CVE-2015-5306 | medium | — | 6.8 | 11y ago | OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by trigge… | |
| CVE-2015-6379 | medium | — | 6.8 | 11y ago | The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote authenticated users to cause a denial of service (device crash) via a crafted XML docu… | |
| CVE-2015-5451 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown ve… | |
| CVE-2015-7291 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 all… | |
| CVE-2015-6376 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv… | |
| CVE-2015-7984 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the… | |
| CVE-2015-7942 | medium | — | 6.8 | 11y ago | The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a d… | |
| CVE-2015-5999 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrat… | |
| CVE-2015-6373 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary u… | |
| CVE-2015-6357 | medium | — | 6.8 | 11y ago | The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle at… | |
| CVE-2015-6330 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712. | |
| CVE-2015-8218 | medium | — | 6.8 | 11y ago | The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array a… | |
| CVE-2015-6478 | medium | — | 6.8 | 11y ago | Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site. | |
| CVE-2015-6111 | medium | — | 6.8 | 11y ago | IPSec in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles encryption negotiation, which allows remote authenticated … | |
| CVE-2015-5214 | medium | — | 6.8 | 11y ago | LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary co… | |
| CVE-2015-5213 | medium | — | 6.8 | 11y ago | Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbi… | |
| CVE-2015-5212 | medium | — | 6.8 | 11y ago | Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause… | |
| CVE-2015-8003 | medium | — | 6.8 | 11y ago | MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not throttle file uploads, which allows remote authenticated users to have unspecified impact via multiple file uploads. | |
| CVE-2015-8002 | medium | — | 6.8 | 11y ago | The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 allows remote authenticated users to cause a denial of service (disk consumption) via a … | |
| CVE-2015-5731 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php in WordPress before 4.2.4 allows remote attackers to hijack the authentication of administrators for requests that lock a post, an… | |
| CVE-2015-1997 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for req… | |
| CVE-2015-7809 | medium | — | 6.8 | 11y ago | Twig remote code execution in templates | |
| CVE-2015-7696 | medium | — | 6.8 | 11y ago | Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP arc… | |
| CVE-2015-7196 | medium | — | 6.8 | 11y ago | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) o… | |
| CVE-2015-7189 | medium | — | 6.8 | 11y ago | Race condition in the JPEGEncoder function in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based b… | |
| CVE-2015-7650 | medium | — | 6.8 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 o… | |
| CVE-2015-2902 | medium | — | 6.8 | 11y ago | HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 certificates from Logger devices, which allows man-in-the-middle attackers to spoof devices and obtain sensitive information via a crafted… | |
| CVE-2015-8040 | medium | — | 6.8 | 11y ago | The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value. | |
| CVE-2015-8039 | medium | — | 6.8 | 11y ago | Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConf… | |
| CVE-2015-8036 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbi… | |
| CVE-2015-6031 | medium | — | 6.8 | 11y ago | Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) … | |
| CVE-2015-5534 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maint… | |
| CVE-2015-5291 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client c… | |
| CVE-2015-8030 | medium | — | 6.8 | 11y ago | SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted (1) U3D, (2) LWO, (3) JPEG2000, or (4) FBX file, aka "Out-Of-Bounds Indexing" vulnerabilities. | |
| CVE-2015-8029 | medium | — | 6.8 | 11y ago | SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to execute arbitrary code via a crafted Filmbox document, which triggers memory corruption. | |
| CVE-2015-8028 | medium | — | 6.8 | 11y ago | Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) allow remote attackers to execute arbitrary code via a crafted (1) 3DM or (2) Flic Animation file. | |
| CVE-2015-5292 | medium | — | 6.8 | 11y ago | Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 allows remote authenticated users to cause … | |
| CVE-2015-4997 | medium | — | 6.8 | 11y ago | IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to bypass intended access restrictions via a crafted request. | |
| CVE-2015-2901 | medium | — | 6.8 | 11y ago | Multiple stack-based buffer overflows in Medicomp MEDCIN Engine 2.22.20142.166 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the GetProperty… | |
| CVE-2015-2900 | medium | — | 6.8 | 11y ago | The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine before 2.22.20153.226 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified ot… | |
| CVE-2015-2899 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in the QualifierList retrieve_qualifier_list function in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a long list… | |
| CVE-2015-2898 | medium | — | 6.8 | 11y ago | Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before 2.22.20153.226 might allow remote attackers to execute arbitrary code via a crafted packet on port 8190, related to (1) the SetG… | |
| CVE-2015-6493 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to hijack the authentication of unspe… | |
| CVE-2015-3967 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, 509, 511, 604, and 605 devices allows remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2015-5188 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Web Console (web-console) in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) before 2.0.0.C… | |
| CVE-2015-7674 | medium | — | 6.8 | 11y ago | Integer overflow in the pixops_scale_nearest function in pixops/pixops.c in gdk-pixbuf before 2.32.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbi… | |
| CVE-2015-7673 | medium | — | 6.8 | 11y ago | io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its allocation failed, which allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) and po… | |
| CVE-2015-5286 | medium | — | 6.8 | 11y ago | OpenStack Image Service (Glance) allows remote authenticated users to bypass storage quota, cause denial of service | |
| CVE-2015-3280 | medium | — | 6.8 | 11y ago | OpenStack Compute (nova) allows remote authenticated users to cause a denial of service | |
| CVE-2015-7018 | medium | — | 6.8 | 11y ago | FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vuln… | |
| CVE-2015-7015 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in the DNS client library in configd in Apple iOS before 9.1, OS X before 10.11.1, and watchOS before 2.0.1 allows attackers to execute arbitrary code via a crafted app tha… | |
| CVE-2015-7014 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and iTunes before 12.3.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applicati… |