CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3736 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corru… | |||
| CVE-2015-3735 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corru… | |||
| CVE-2015-3734 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corru… | |||
| CVE-2015-3733 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corru… | |||
| CVE-2015-3732 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corru… | |||
| CVE-2015-3731 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corru… | |||
| CVE-2015-3730 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corru… | |||
| CVE-2015-4491 | medium | — | 6.8 | 11y ago | Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on L… | |||
| CVE-2015-3283 | medium | — | 6.8 | 11y ago | OpenAFS before 1.6.13 allows remote attackers to spoof bos commands via unspecified vectors. | |||
| CVE-2015-5522 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an hre… | |||
| CVE-2015-3228 | medium | — | 6.8 | 11y ago | Integer overflow in the gs_heap_alloc_bytes function in base/gsmalloc.c in Ghostscript 9.15 and earlier allows remote attackers to cause a denial of service (crash) via a crafted Postscript (ps) file… | |||
| CVE-2015-2980 | medium | — | 6.8 | 11y ago | The Yodobashi application 1.2.1.0 and earlier for Android allows remote attackers to execute arbitrary Java methods, and consequently obtain sensitive information or execute OS commands, via a crafte… | |||
| CVE-2015-1872 | medium | — | 6.8 | 11y ago | The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate the number of components in a JPEG-LS Start Of Frame segment, which allows remote attackers to cause… | |||
| CVE-2015-2848 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo Touch before 5.2.19.0_VA allows remote attackers to hijack the authentication of arbitrary users for requests associated with home-… | |||
| CVE-2015-1288 | medium | — | 6.8 | 11y ago | The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorre… | |||
| CVE-2015-1283 | medium | — | 6.8 | 11y ago | Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (… | |||
| CVE-2015-1282 | medium | — | 6.8 | 11y ago | Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allow remote attackers to cause a denial of service or possibly… | |||
| CVE-2015-1274 | medium | — | 6.8 | 11y ago | Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file types, which makes it easier for remote attackers to execute arbitrary code by providing a crafted f… | |||
| CVE-2015-1273 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified… | |||
| CVE-2015-1271 | medium | — | 6.8 | 11y ago | PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory conditions, which allows remote attackers to cause a denial of service (heap-based buffer overflow… | |||
| CVE-2015-1270 | medium | — | 6.8 | 11y ago | The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- sub… | |||
| CVE-2015-4281 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.5 MR1 allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCus56150 and CSCus56146. | |||
| CVE-2015-4111 | medium | — | 6.8 | 11y ago | mc_demux_mp4_ds.ax in an unspecified third-party codec demux in BlackBerry Link before 1.2.3.53 with installer before 1.1.0.22 allows remote attackers to execute arbitrary code via a crafted MP4 file. | |||
| CVE-2015-0157 | medium | — | 6.8 | 11y ago | IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) by leveragin… | |||
| CVE-2015-0795 | medium | — | 6.8 | 11y ago | Multiple stack-based buffer overflows in the SafeShellExecute method in the NetIQExecObject.NetIQExec.1 ActiveX control in NetIQExec.dll in NetIQ Security Solutions for iSeries 8.1 allow remote attac… | |||
| CVE-2015-4274 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified Intelligence Center 10.0(1) and 10.6(1) allows remote attackers to hijack the authentication of arbitrary users, … | |||
| CVE-2015-3259 | medium | — | 6.8 | 11y ago | Stack-based buffer overflow in the xl command line utility in Xen 4.1.x through 4.5.x allows local guest administrators to gain privileges via a long configuration argument. | |||
| CVE-2015-4759 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vec… | |||
| CVE-2015-4758 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vec… | |||
| CVE-2015-4747 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via… | |||
| CVE-2015-2635 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vec… | |||
| CVE-2015-2634 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vec… | |||
| CVE-2015-0446 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vec… | |||
| CVE-2015-0445 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vec… | |||
| CVE-2015-0444 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vec… | |||
| CVE-2015-0443 | medium | — | 6.8 | 11y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vec… | |||
| CVE-2015-4267 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Identity Services Engine (ISE) 1.2(0.793), 1.3(0.876), 1.4(0.109), 2.0(0.147), and 2.0(0.169) allows remote attackers to … | |||
| CVE-2015-5113 | medium | — | 6.8 | 11y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Co… | |||
| CVE-2015-5111 | medium | — | 6.8 | 11y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Co… | |||
| CVE-2015-5110 | medium | — | 6.8 | 11y ago | Stack-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Con… | |||
| CVE-2015-5109 | medium | — | 6.8 | 11y ago | Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous bef… | |||
| CVE-2015-5106 | medium | — | 6.8 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-5086 | medium | — | 6.8 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-5085 | medium | — | 6.8 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-4441 | medium | — | 6.8 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-1927 | medium | — | 6.8 | 11y ago | The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServ… | |||
| CVE-2015-5397 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack the authentication of unspecified victims for requests that upl… | |||
| CVE-2015-4254 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Advanced Media Gateway devices with software 1.1(1.40) allows remote attackers to hijack the authentication of arbitrary users, a… | |||
| CVE-2015-4258 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MSE 8000 devices allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu90444. | |||
| CVE-2015-4257 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence MCU 4500 devices with software 4.5(1.55) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCu… | |||
| CVE-2015-4256 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with software 3.0(1.27) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuu9… | |||
| CVE-2015-4255 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP Gateway devices with software 2.0(3.34) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CS… | |||
| CVE-2015-4253 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence Serial Gateway devices with software 1.0(1.42) allows remote attackers to hijack the authentication of arbitrary users, aka Bug I… | |||
| CVE-2015-4252 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ISDN Gateway devices with software 2.2(1.106) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID… | |||
| CVE-2015-5458 | medium | — | 6.8 | 11y ago | Session fixation vulnerability in fileupload.php in PivotX before 2.3.11 allows remote attackers to hijack web sessions via the sess parameter. | |||
| CVE-2015-4242 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT System Software 5.4.1.2 and 6.0.0 in FireSIGHT Management Center allows remote attackers to hijack the authentication of arbitrary u… | |||
| CVE-2015-4647 | medium | — | 6.8 | 11y ago | Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePass… | |||
| CVE-2015-2727 | medium | — | 6.8 | 11y ago | Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is acces… | |||
| CVE-2015-3727 | medium | — | 6.8 | 11y ago | WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly restrict rename operations on WebSQL tables, which a… | |||
| CVE-2015-3724 | medium | — | 6.8 | 11y ago | CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulner… | |||
| CVE-2015-3723 | medium | — | 6.8 | 11y ago | CoreGraphics in Apple iOS before 8.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted ICC profile in a PDF document, a different vulner… | |||
| CVE-2015-3719 | medium | — | 6.8 | 11y ago | TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file… | |||
| CVE-2015-3718 | medium | — | 6.8 | 11y ago | systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary c… | |||
| CVE-2015-3715 | medium | — | 6.8 | 11y ago | The code-signing implementation in Apple OS X before 10.10.4 does not properly consider libraries that are external to an application bundle, which allows attackers to bypass intended launch restrict… | |||
| CVE-2015-3713 | medium | — | 6.8 | 11y ago | QuickTime in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted movie file. | |||
| CVE-2015-3703 | medium | — | 6.8 | 11y ago | ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image. | |||
| CVE-2015-3694 | medium | — | 6.8 | 11y ago | FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vuln… | |||
| CVE-2015-3692 | medium | — | 6.8 | 11y ago | Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and other products, does not enforce a locking protection mechanism upon being woken from sleep, which allows local users to conduct EFI … | |||
| CVE-2015-3689 | medium | — | 6.8 | 11y ago | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulner… | |||
| CVE-2015-3688 | medium | — | 6.8 | 11y ago | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulner… | |||
| CVE-2015-3687 | medium | — | 6.8 | 11y ago | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulner… | |||
| CVE-2015-3686 | medium | — | 6.8 | 11y ago | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulner… | |||
| CVE-2015-3685 | medium | — | 6.8 | 11y ago | CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file, a different vulner… | |||
| CVE-2015-3684 | medium | — | 6.8 | 11y ago | The HTTPAuthentication implementation in CFNetwork in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) v… | |||
| CVE-2015-3682 | medium | — | 6.8 | 11y ago | Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerab… | |||
| CVE-2015-3681 | medium | — | 6.8 | 11y ago | Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerab… | |||
| CVE-2015-3680 | medium | — | 6.8 | 11y ago | Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerab… | |||
| CVE-2015-3679 | medium | — | 6.8 | 11y ago | Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file, a different vulnerab… | |||
| CVE-2015-3669 | medium | — | 6.8 | 11y ago | QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability th… | |||
| CVE-2015-3668 | medium | — | 6.8 | 11y ago | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti… | |||
| CVE-2015-3667 | medium | — | 6.8 | 11y ago | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti… | |||
| CVE-2015-3666 | medium | — | 6.8 | 11y ago | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti… | |||
| CVE-2015-3665 | medium | — | 6.8 | 11y ago | QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability th… | |||
| CVE-2015-3664 | medium | — | 6.8 | 11y ago | QT Media Foundation in Apple QuickTime before 7.7.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file, a different vulnerability th… | |||
| CVE-2015-3663 | medium | — | 6.8 | 11y ago | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti… | |||
| CVE-2015-3662 | medium | — | 6.8 | 11y ago | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti… | |||
| CVE-2015-3661 | medium | — | 6.8 | 11y ago | QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X before 10.10.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corrupti… | |||
| CVE-2015-3659 | medium | — | 6.8 | 11y ago | The SQLite authorizer in the Storage functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properl… | |||
| CVE-2015-3658 | medium | — | 6.8 | 11y ago | The Page Loading functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7, as used in Apple iOS before 8.4 and other products, does not properly consider redirects… | |||
| CVE-2015-4238 | medium | — | 6.8 | 11y ago | The SNMP implementation in Cisco Adaptive Security Appliance (ASA) Software 8.4(7) and 8.6(1.2) allows remote authenticated users to cause a denial of service (device reload) by sending many SNMP req… | |||
| CVE-2015-5354 | medium | — | 6.8 | 11y ago | Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter to admin/nos/l… | |||
| CVE-2015-4588 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in the DecodeImage function in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted "run-length coun… | |||
| CVE-2015-1330 | medium | — | 6.8 | 11y ago | unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold or (2) force-confnew dpkg options are enabled in the DPkg::Options::* apt configuration, which all… | |||
| CVE-2015-0848 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted BMP image. | |||
| CVE-2015-1485 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authenti… | |||
| CVE-2015-1851 | medium | — | 6.8 | 11y ago | OpenStack Cinder file disclosure in image convert | |||
| CVE-2015-2308 | medium | — | 6.8 | 11y ago | Eval injection vulnerability in the HttpCache class in HttpKernel in Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before 2.6.6 allows remote attackers to execute arbitrary PHP … | |||
| CVE-2015-4586 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL with firmware 1.0.0.20h.HOL allows remote attackers to hijack the authentication of administrators for… | |||
| CVE-2015-4189 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Cisco Data Center Analytics Framework (DCAF) 1.4 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun26807. | |||
| CVE-2015-4204 | medium | — | 6.8 | 11y ago | Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) module on uBR10000 devices allows remote authenticated users to cause a denial of service (memory consumption or PXF process cras… |