CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2624 | medium | — | 6.9 | 11y ago | Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availab… | |||
| CVE-2015-2583 | medium | — | 6.9 | 11y ago | Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect confidentiality, integrity, and availab… | |||
| CVE-2015-2371 | medium | — | 6.9 | 11y ago | The Windows Installer service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold a… | |||
| CVE-2015-2378 | medium | — | 6.9 | 11y ago | Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel Viewer 2007 SP3, and Office Compatibility Pack SP3 allows local users to gain privileges via a Trojan horse DLL … | |||
| CVE-2015-2369 | medium | — | 6.9 | 11y ago | Untrusted search path vulnerability in Windows Media Device Manager in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users t… | |||
| CVE-2015-2368 | medium | — | 6.9 | 11y ago | Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a Trojan … | |||
| CVE-2015-3709 | medium | — | 6.9 | 11y ago | Race condition in kext tools in Apple OS X before 10.10.4 allows local users to bypass intended signature requirements for kernel extensions by leveraging improper pathname validation. | |||
| CVE-2015-4185 | medium | — | 6.9 | 11y ago | The TCL interpreter in Cisco IOS 15.2 does not properly maintain the vty state, which allows local users to gain privileges by starting a session very soon after a TCL script execution, aka Bug ID CS… | |||
| CVE-2015-1758 | medium | — | 6.9 | 11y ago | Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Wi… | |||
| CVE-2015-2666 | medium | — | 6.9 | 11y ago | Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privi… | |||
| CVE-2015-0717 | medium | — | 6.9 | 11y ago | Cisco Unified Communications Manager 10.0(1.10000.12) allows local users to gain privileges via a command string in an unspecified parameter, aka Bug ID CSCut19546. | |||
| CVE-2015-1702 | medium | — | 6.9 | 11y ago | The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, … | |||
| CVE-2015-2234 | medium | — | 6.9 | 11y ago | Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileg… | |||
| CVE-2015-1484 | medium | — | 6.9 | 11y ago | Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 before SP8 MP2 HF7 and 7.5 before SP1 HF4, when AppMgrService.exe is configured as a service, allows … | |||
| CVE-2015-3002 | medium | — | 6.9 | 11y ago | Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D15, and 12.3X48 before 12.3X48-D10 on SRX series devices does not properly enforce the log-out-on-disconn… | |||
| CVE-2015-1117 | medium | — | 6.9 | 11y ago | The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 do not properly perform privilege drops, which … | |||
| CVE-2015-1101 | medium | — | 6.9 | 11y ago | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corrupti… | |||
| CVE-2015-1086 | medium | — | 6.9 | 11y ago | The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly validate IOKit object metadata, which allows attackers to execute arbitrary code in a privileged context … | |||
| CVE-2015-0978 | medium | — | 6.9 | 11y ago | Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Elipse E3 4.5.232 through 4.6.161 allow local us… | |||
| CVE-2015-2264 | medium | — | 6.9 | 11y ago | Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Telerik Analytics Monitor Library before 3.2.125… | |||
| CVE-2015-1594 | medium | — | 6.9 | 11y ago | Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and … | |||
| CVE-2015-0884 | medium | — | 6.9 | 11y ago | Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse applicat… | |||
| CVE-2015-0833 | medium | — | 6.9 | 11y ago | Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not… | |||
| CVE-2015-0012 | medium | — | 6.9 | 12y ago | Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update Rollup 4 does not properly validate the roles of users, which allows local users to obtain server and virtual-machine administrati… | |||
| CVE-2015-1458 | medium | — | 6.9 | 12y ago | Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privileges by creating /tmp/privexec/dbgcore_enable_shell_access and executing the "shell" command. | |||
| CVE-2015-0421 | medium | — | 6.9 | 12y ago | Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process. | |||
| CVE-2015-0403 | medium | — | 6.9 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |||
| CVE-2015-3241 | medium | — | 6.8 | 4y ago | OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and earlier does not stop the migration process when the instance is deleted, which allows remote authenticated users to cause a denial of … | |||
| CVE-2015-4100 | medium | 6.8 | 6.8 | 9y ago | Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated users to manage certificates for arbitrary nodes by leveraging a client certificate trusted by the master, aka a "Certificate Author… | |||
| CVE-2015-6592 | medium | 6.8 | 6.8 | 9y ago | Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. | |||
| CVE-2015-7317 | medium | 6.8 | 6.8 | 9y ago | Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, and 4.2.0 through 4.2.7 allows remote authenticated users to edit Kupu settings. | |||
| CVE-2015-1878 | medium | 6.8 | 6.8 | 9y ago | Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows physically proximate attackers to sign arbitrary data with previously loaded signing keys, extract t… | |||
| CVE-2015-4049 | medium | 6.8 | 6.8 | 9y ago | Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or syst… | |||
| CVE-2015-8816 | medium | 6.8 | 6.8 | 10y ago | The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a … | |||
| CVE-2015-5332 | medium | 6.8 | 6.8 | 10y ago | Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote attackers to cause a denial of service (disk consumption) by leveraging the guest role and entering drafts with the editor-autos… | |||
| CVE-2015-5266 | medium | 6.8 | 6.8 | 10y ago | Moodle allows attackers to obtain manager privileges | |||
| CVE-2015-4919 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via … | |||
| CVE-2015-8673 | medium | 6.8 | 6.8 | 11y ago | Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software before V100R001C10SPC100 do not require entry of the old password when changing the password for the Debug acco… | |||
| CVE-2015-1928 | medium | 6.8 | 6.8 | 11y ago | Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF11, and 6.x before 6.0.0 IF4; Rational Quality Manager (R… | |||
| CVE-2015-7441 | medium | 6.8 | 6.8 | 11y ago | Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 … | |||
| CVE-2015-5994 | medium | 6.8 | 6.8 | 11y ago | The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the media… | |||
| CVE-2015-8262 | medium | 6.8 | 6.8 | 11y ago | Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof r… | |||
| CVE-2015-8373 | medium | 6.8 | 6.8 | 11y ago | The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, when certain debugging settings are used, allow remote attackers to cause a denial of service (daemon crash) via a malformed packe… | |||
| CVE-2015-8458 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Rea… | |||
| CVE-2015-8580 | medium | — | 6.8 | 11y ago | Multiple use-after-free vulnerabilities in the (1) Print method and (2) App object handling in Foxit Reader before 7.2.2 and Foxit PhantomPDF before 7.2.2 allow remote attackers to execute arbitrary … | |||
| CVE-2015-8563 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the com_templates component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows remote attackers to hijack the authentication of unspecifie… | |||
| CVE-2015-7222 | medium | — | 6.8 | 11y ago | Integer underflow in the Metadata::setData function in MetaData.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code… | |||
| CVE-2015-7216 | medium | — | 6.8 | 11y ago | The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the JasPer decoder, which allows remote attackers to cause a denial of service or possibly hav… | |||
| CVE-2015-7213 | medium | — | 6.8 | 11y ago | Integer overflow in the MPEG4Extractor::readMetaData function in MPEG4Extractor.cpp in libstagefright in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 on 64-bit platforms allows remote… | |||
| CVE-2015-7204 | medium | — | 6.8 | 11y ago | Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments. | |||
| CVE-2015-8572 | medium | — | 6.8 | 11y ago | Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 Hotfix 2 allow remote attackers to execute arbitrary code via crafted RLE data in a (1) BMP or (2) FLI file, (3) encoded scan lin… | |||
| CVE-2015-8571 | medium | — | 6.8 | 11y ago | Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 allows remote attackers to execute arbitrary code via a crafted biClrUsed value in a BMP file, which triggers a buffer overflow. | |||
| CVE-2015-8561 | medium | — | 6.8 | 11y ago | The F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte… | |||
| CVE-2015-7918 | medium | — | 6.8 | 11y ago | Multiple buffer overflows in the F1BookView ActiveX control in F1 Bookview in Schneider Electric ProClima before 6.2 allow remote attackers to execute arbitrary code via the (1) Attach, (2) DefinedNa… | |||
| CVE-2015-6399 | medium | — | 6.8 | 11y ago | The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management Controller (IMC) before 2.0(9) allows remote authenticated users to cause a denial of service (IP interface outage) via crafted param… | |||
| CVE-2015-6378 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 devices with EDVA 5.5.2 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv05943. | |||
| CVE-2015-6405 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Cisco Emergency Responder 10.5(1) and 10.5(1a) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuv26501. | |||
| CVE-2015-6419 | medium | — | 6.8 | 11y ago | Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, 5.3.1, and 5.4.0 allows remote authenticated users to read arbitrary files via a crafted GET request, aka Bug ID CSCur25410. | |||
| CVE-2015-6408 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Cisco Unity Connection 11.5(0.98) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCux24578. | |||
| CVE-2015-7804 | medium | — | 6.8 | 11y ago | Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (uninitialized pointer derefere… | |||
| CVE-2015-7803 | medium | — | 6.8 | 11y ago | The phar_get_entry_data function in ext/phar/util.c in PHP before 5.5.30 and 5.6.x before 5.6.14 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) … | |||
| CVE-2015-7107 | medium | — | 6.8 | 11y ago | QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | |||
| CVE-2015-7105 | medium | — | 6.8 | 11y ago | CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v… | |||
| CVE-2015-7104 | medium | — | 6.8 | 11y ago | WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site. | |||
| CVE-2015-7103 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |||
| CVE-2015-7102 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |||
| CVE-2015-7101 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |||
| CVE-2015-7100 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |||
| CVE-2015-7099 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |||
| CVE-2015-7098 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |||
| CVE-2015-7097 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |||
| CVE-2015-7096 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |||
| CVE-2015-7095 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |||
| CVE-2015-7075 | medium | — | 6.8 | 11y ago | CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupt… | |||
| CVE-2015-7074 | medium | — | 6.8 | 11y ago | CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed… | |||
| CVE-2015-7073 | medium | — | 6.8 | 11y ago | Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application cra… | |||
| CVE-2015-7066 | medium | — | 6.8 | 11y ago | OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a c… | |||
| CVE-2015-7065 | medium | — | 6.8 | 11y ago | OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2015-7064 | medium | — | 6.8 | 11y ago | OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a c… | |||
| CVE-2015-7061 | medium | — | 6.8 | 11y ago | The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte… | |||
| CVE-2015-7060 | medium | — | 6.8 | 11y ago | The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte… | |||
| CVE-2015-7059 | medium | — | 6.8 | 11y ago | The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafte… | |||
| CVE-2015-7054 | medium | — | 6.8 | 11y ago | zlib in the Compression component in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not initialize memory for an unspecified data structure, which allows remo… | |||
| CVE-2015-7053 | medium | — | 6.8 | 11y ago | ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a … | |||
| CVE-2015-7048 | medium | — | 6.8 | 11y ago | WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before 9.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a… | |||
| CVE-2015-7038 | medium | — | 6.8 | 11y ago | Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows remote attackers to execute arbitrary code via a crafted package, a different vuln… | |||
| CVE-2015-7001 | medium | — | 6.8 | 11y ago | AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 mishandles hard links, which allows attackers to bypass Contacts access revocation via a crafted app. | |||
| CVE-2015-6170 | medium | — | 6.8 | 11y ago | Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability." | |||
| CVE-2015-6164 | medium | — | 6.8 | 11y ago | Microsoft Internet Explorer 9 through 11 improperly implements a cross-site scripting (XSS) protection mechanism, which allows remote attackers to bypass the Same Origin Policy via a crafted web site… | |||
| CVE-2015-8131 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Elasticsearch Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vec… | |||
| CVE-2015-8124 | medium | — | 6.8 | 11y ago | Session fixation vulnerability in the "Remember Me" login feature in Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 allows remote attackers to hijack web sessions via a sess… | |||
| CVE-2015-6780 | medium | — | 6.8 | 11y ago | Use-after-free vulnerability in the Infobars implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c… | |||
| CVE-2015-6776 | medium | — | 6.8 | 11y ago | The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in PDFium in Google Chrome before 47.0.2526.73, allow remote attackers to cause a denial of service (out-of-bounds array access) or possi… | |||
| CVE-2015-8365 | medium | — | 6.8 | 11y ago | The smka_decode_frame function in libavcodec/smacker.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not verify that the data size is consistent with the number of channels… | |||
| CVE-2015-8364 | medium | — | 6.8 | 11y ago | Integer overflow in the ff_ivi_init_planes function in libavcodec/ivi.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 allows remote attackers to cause a denial of service (out-o… | |||
| CVE-2015-8363 | medium | — | 6.8 | 11y ago | The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in FFmpeg before 2.6.5, 2.7.x before 2.7.3, and 2.8.x through 2.8.2 does not enforce uniqueness of the SIZ marker in a JPEG 2000 im… | |||
| CVE-2015-5318 | medium | — | 6.8 | 11y ago | Jenkins Vulnerable to Cross-Site Request Forgery (CSRF) Attack | |||
| CVE-2015-5306 | medium | — | 6.8 | 11y ago | OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), when debug mode is enabled, might allow remote attackers to access the Flask console and execute arbitrary Python code by trigge… | |||
| CVE-2015-6379 | medium | — | 6.8 | 11y ago | The XML parser in the management interface in Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote authenticated users to cause a denial of service (device crash) via a crafted XML docu… | |||
| CVE-2015-5451 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in HP Operations Orchestration Central 10.x before 10.22.001 allows remote attackers to hijack the authentication of unspecified victims via unknown ve… |