CVEs from 2015
Total
7,313
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
17.9%
% with KEV
0.6%
% with exploit
0.8%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2015-7678 | high | 8.8 | 8.8 | 10y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vecto… | |
| CVE-2015-7538 | high | 8.8 | 8.8 | 11y ago | Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack | |
| CVE-2015-7537 | high | 8.8 | 8.8 | 11y ago | Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack | |
| CVE-2015-8379 | high | 8.8 | 8.8 | 11y ago | CakePHP might allow remote attackers to bypass CSRF protection mechanism via the _method parameter | |
| CVE-2015-5007 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 8 allows remote authenticated users to hijack the authenticat… | |
| CVE-2015-3946 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess before 8.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |
| CVE-2015-7465 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to hijack t… | |
| CVE-2015-5445 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to hijack the authentication of unspecified victims via unknown … | |
| CVE-2015-7407 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in IBM Mashup Center 3.0.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequ… | |
| CVE-2015-2023 | high | 8.8 | 8.8 | 11y ago | Buffer overflow in IBM i Access 7.1 on Windows allows local users to gain privileges via unspecified vectors. | |
| CVE-2015-5990 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2015-7281 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD devices with firmware 1.0.26 allows remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2015-7278 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2015-5996 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2015-2912 | high | 8.8 | 8.8 | 11y ago | OrientDB-Server vulnerable to Cross-Site Request Forgery | |
| CVE-2015-2876 | high | 8.8 | 8.8 | 11y ago | Unrestricted file upload vulnerability on Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 allows… | |
| CVE-2015-8650 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8649 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8648 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8647 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8646 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8645 | high | 8.8 | 8.8 | 11y ago | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe … | |
| CVE-2015-8644 | high | 8.8 | 8.8 | 11y ago | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe … | |
| CVE-2015-8643 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8642 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8641 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8640 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8639 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8638 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8636 | high | 8.8 | 8.8 | 11y ago | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe … | |
| CVE-2015-8635 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8634 | high | 8.8 | 8.8 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR S… | |
| CVE-2015-8460 | high | 8.8 | 8.8 | 11y ago | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe … | |
| CVE-2015-8664 | high | 8.8 | 8.8 | 11y ago | Integer overflow in the WebCursor::Deserialize function in content/common/cursors/webcursor.cc in Google Chrome before 47.0.2526.106 allows remote attackers to cause a denial of service or possibly h… | |
| CVE-2015-7924 | high | 8.8 | 8.8 | 11y ago | eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveragi… | |
| CVE-2015-8968 | high | 8.8 | 8.8 | 11y ago | git-fastclone permits arbitrary shell command execution from .gitmodules | |
| CVE-2015-6984 | high | — | 8.8 | 11y ago | libarchive in Apple OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that conducts an unspecified symlink attack. | |
| CVE-2015-6983 | high | — | 8.8 | 11y ago | Double free vulnerability in Apple iOS before 9.1 and OS X before 10.11.1 allows attackers to write to arbitrary files via a crafted app that accesses AtomicBufferedFile descriptors. | |
| CVE-2015-3708 | high | — | 8.8 | 11y ago | kextd in kext tools in Apple OS X before 10.10.4 allows attackers to write to arbitrary files via a crafted app that conducts a symlink attack. | |
| CVE-2015-4619 | high | 8.8 | 8.8 | 11y ago | Spina gem vulnerable to Cross-site request forgery (CSRF) vulnerability | |
| CVE-2015-0970 | high | 8.8 | 8.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in SearchBlox before 8.2 allows remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2015-0973 | high | 8.8 | 8.8 | 12y ago | Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a larg… | |
| CVE-2015-7931 | high | 8.7 | 8.7 | 11y ago | The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station does not authenticate the station device, which allows man-in-the-middle attackers to spoof devices and obtain sensitive informa… | |
| CVE-2015-2120 | high | — | 8.7 | 11y ago | Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-… | |
| CVE-2015-8555 | high | 8.6 | 8.6 | 10y ago | Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU stack and XMM registers when XSAVE/XRSTOR are not used to manage guest extended register state, which allows local guest domains … | |
| CVE-2015-8702 | high | 8.6 | 8.6 | 10y ago | The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 allows remote DNS servers to cause a denial of service (netsplit) via an invalid character in a PTR response, as demonstrated by a "\0… | |
| CVE-2015-8616 | high | 8.6 | 8.6 | 11y ago | Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application … | |
| CVE-2015-4988 | high | 8.6 | 8.6 | 11y ago | Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9… | |
| CVE-2015-8279 | high | 8.6 | 8.6 | 11y ago | Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. | |
| CVE-2015-1779 | high | 8.6 | 8.6 | 11y ago | The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section. | |
| CVE-2015-4694 | high | 8.6 | 8.6 | 11y ago | Directory traversal vulnerability in download.php in the Zip Attachments plugin before 1.5.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the za_file parameter. | |
| CVE-2015-5259 | high | 8.6 | 8.6 | 11y ago | Integer overflow in the read_string function in libsvn_ra_svn/marshal.c in Apache Subversion 1.9.x before 1.9.3 allows remote attackers to execute arbitrary code via an svn:// protocol string, which … | |
| CVE-2015-5987 | high | 8.6 | 8.6 | 11y ago | Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by pred… | |
| CVE-2015-8263 | high | 8.6 | 8.6 | 11y ago | NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source port number for every DNS query, which makes it easier for remote attackers to spoof responses by selecting that number for the de… | |
| CVE-2015-7934 | high | 8.6 | 8.6 | 11y ago | The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. | |
| CVE-2015-7932 | high | 8.6 | 8.6 | 11y ago | Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to obtain sensitive information by sniffing the network. | |
| CVE-2015-7907 | high | 8.6 | 8.6 | 11y ago | Directory traversal vulnerability in the web server on Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allows remote attackers to bypass authentication, and wr… | |
| CVE-2015-5003 | high | 8.5 | 8.5 | 11y ago | The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 before FP7 allows remote authenticated users to execute arbitrary commands by leveraging Take Action view aut… | |
| CVE-2015-7429 | high | 8.5 | 8.5 | 11y ago | The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.4 and… | |
| CVE-2015-6019 | high | 8.5 | 8.5 | 11y ago | The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not terminate sessions upon a logout action, which allows remote attackers to bypass intended access restrictions by… | |
| CVE-2015-7928 | high | 8.5 | 8.5 | 11y ago | eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workst… | |
| CVE-2015-6848 | high | — | 8.5 | 11y ago | EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and 7.2.1.x before 7.2.1.1, when the RFC 2307 feature is configured but SFU is not universally present, allows remote authenticated AD u… | |
| CVE-2015-8227 | high | — | 8.5 | 11y ago | The built-in web server in Huawei VP9660 multi-point control unit with software before V200R001C30SPC700 allows remote administrators to obtain sensitive information or cause a denial of service via … | |
| CVE-2015-2698 | high | — | 8.5 | 11y ago | The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticate… | |
| CVE-2015-6555 | high | — | 8.5 | 11y ago | Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port. | |
| CVE-2015-5005 | high | — | 8.5 | 11y ago | CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an "su root" action by leveraging presence on the cluster-wide password-change list. | |
| CVE-2015-5647 | high | — | 8.5 | 11y ago | The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-866. | |
| CVE-2015-5646 | high | — | 8.5 | 11y ago | Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote authenticated users to execute arbitrary PHP code via unspecified vectors, aka CyVDB-863 and CyVDB-867. | |
| CVE-2015-1536 | high | — | 8.5 | 11y ago | Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in Android before 5.1.1 LMY48I allows attackers to cause a denial of service (system_server crash) or … | |
| CVE-2015-5690 | high | — | 8.5 | 11y ago | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to bypass intended access restrictions and execute arbitrary… | |
| CVE-2015-4306 | high | — | 8.5 | 11y ago | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended login-session read restrictions, and impersonate administrators of … | |
| CVE-2015-6464 | high | — | 8.5 | 11y ago | The administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to bypass a read-only protection mechanism by using Firefox with a w… | |
| CVE-2015-5190 | high | — | 8.5 | 11y ago | The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated users to execute arbitrary commands via "escape characters" in a URL. | |
| CVE-2015-5222 | high | — | 8.5 | 11y ago | Red Hat OpenShift Enterprise 3.0.0.0 does not properly check permissions, which allows remote authenticated users with build permissions to execute arbitrary shell commands with root permissions on a… | |
| CVE-2015-1492 | high | — | 8.5 | 11y ago | Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-RU6-MP1 allows local users to gain privileges via a Trojan horse DLL in a client install package. | |
| CVE-2015-1489 | high | — | 8.5 | 11y ago | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors. | |
| CVE-2015-1763 | high | — | 8.5 | 11y ago | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remo… | |
| CVE-2015-0550 | high | — | 8.5 | 11y ago | Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intende… | |
| CVE-2015-2996 | high | — | 8.5 | 11y ago | Multiple directory traversal vulnerabilities in SysAid Help Desk before 15.2 allow remote attackers to (1) read arbitrary files via a .. (dot dot) in the fileName parameter to getGfiUpgradeFile or (2… | |
| CVE-2015-4004 | high | — | 8.5 | 11y ago | The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or caus… | |
| CVE-2015-1882 | high | — | 8.5 | 11y ago | Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in… | |
| CVE-2015-1804 | high | — | 8.5 | 11y ago | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticate… | |
| CVE-2015-1803 | high | — | 8.5 | 11y ago | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated u… | |
| CVE-2015-1802 | high | — | 8.5 | 11y ago | The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash)… | |
| CVE-2015-1499 | high | — | 8.5 | 11y ago | The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | |
| CVE-2015-0307 | high | — | 8.5 | 12y ago | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27… | |
| CVE-2015-7551 | high | 8.4 | 8.4 | 10y ago | The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles … | |
| CVE-2015-6566 | high | 8.4 | 8.4 | 11y ago | zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | |
| CVE-2015-8612 | high | 8.4 | 8.4 | 11y ago | The EnableNetwork method in the Network class in plugins/mechanism/Network.py in Blueman before 2.0.3 allows local users to gain privileges via the dhcp_handler argument. | |
| CVE-2015-6862 | high | 8.4 | 8.4 | 11y ago | HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors. | |
| CVE-2015-6860 | high | 8.4 | 8.4 | 11y ago | HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859. | |
| CVE-2015-7430 | high | 8.4 | 8.4 | 11y ago | The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecif… | |
| CVE-2015-6850 | high | 8.4 | 8.4 | 11y ago | EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | |
| CVE-2015-8973 | high | 8.3 | 8.3 | 9y ago | xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to… | |
| CVE-2015-7521 | high | 8.3 | 8.3 | 11y ago | High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service | |
| CVE-2015-8765 | high | 8.3 | 8.3 | 11y ago | Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a craft… | |
| CVE-2015-8663 | high | 8.3 | 8.3 | 11y ago | The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds ar… | |
| CVE-2015-8661 | high | 8.3 | 8.3 | 11y ago | The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote at… | |
| CVE-2015-6481 | high | 8.3 | 8.3 | 11y ago | The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login se… | |
| CVE-2015-6480 | high | 8.3 | 8.3 | 11y ago | The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrate… |