CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7304 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data. | |||
| CVE-2015-5907 | low | — | 2.6 | 11y ago | WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. | |||
| CVE-2015-7232 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to i… | |||
| CVE-2015-6921 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inje… | |||
| CVE-2015-2987 | low | — | 2.6 | 11y ago | Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smal… | |||
| CVE-2015-5514 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary w… | |||
| CVE-2015-2476 | low | — | 2.6 | 11y ago | The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL … | |||
| CVE-2015-4744 | low | — | 2.6 | 11y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, … | |||
| CVE-2015-2627 | low | — | 2.6 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation. | |||
| CVE-2015-2625 | low | — | 2.6 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. | |||
| CVE-2015-4388 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows… | |||
| CVE-2015-4387 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy tha… | |||
| CVE-2015-4346 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web … | |||
| CVE-2015-4171 | low | — | 2.6 | 11y ago | strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication rest… | |||
| CVE-2015-3455 | low | — | 2.6 | 11y ago | Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.50… | |||
| CVE-2015-0504 | low | — | 2.6 | 11y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Er… | |||
| CVE-2015-1648 | low | — | 2.6 | 11y ago | ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-… | |||
| CVE-2015-1787 | low | — | 2.6 | 11y ago | The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to c… | |||
| CVE-2015-0820 | low | — | 2.6 | 11y ago | Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sa… | |||
| CVE-2015-2047 | low | — | 2.6 | 11y ago | The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authenti… | |||
| CVE-2015-7755 | unknown | — | 2.5 | 8mo ago | Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device. | |||
| CVE-2015-2291 | unknown | — | 2.5 | 3y ago | Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS). | |||
| CVE-2015-0016 | unknown | — | 2.5 | 4y ago | Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges. | |||
| CVE-2015-4495 | unknown | — | 2.5 | 4y ago | Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. | |||
| CVE-2015-1427 | unknown | — | 2.5 | 4y ago | The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. | |||
| CVE-2015-5122 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | |||
| CVE-2015-3113 | unknown | — | 2.5 | 4y ago | Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-0311 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-0313 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-2426 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. | |||
| CVE-2015-2419 | unknown | — | 2.5 | 4y ago | JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2015-3035 | unknown | — | 2.5 | 4y ago | Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. | |||
| CVE-2015-1187 | unknown | — | 2.5 | 4y ago | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. | |||
| CVE-2015-1701 | unknown | — | 2.5 | 4y ago | An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges. | |||
| CVE-2015-3043 | unknown | — | 2.5 | 4y ago | A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution. | |||
| CVE-2015-5119 | unknown | — | 2.5 | 4y ago | A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution. | |||
| CVE-2015-7645 | unknown | — | 2.5 | 4y ago | Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file. | |||
| CVE-2015-1635 | unknown | — | 2.5 | 4y ago | Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution. | |||
| CVE-2015-1130 | unknown | — | 2.5 | 4y ago | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. | |||
| CVE-2015-2051 | unknown | — | 2.5 | 4y ago | D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |||
| CVE-2015-7450 | unknown | — | 2.5 | 4y ago | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands | |||
| CVE-2015-4852 | unknown | — | 2.5 | 5y ago | Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution. | |||
| CVE-2015-7473 | low | 2.5 | 2.5 | 10y ago | runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp. | |||
| CVE-2015-5313 | low | 2.5 | 2.5 | 10y ago | Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows l… | |||
| CVE-2015-7436 | low | 2.5 | 2.5 | 11y ago | IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos… | |||
| CVE-2015-7435 | low | 2.5 | 2.5 | 11y ago | IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos… | |||
| CVE-2015-4878 | low | — | 2.5 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Ou… | |||
| CVE-2015-4877 | low | — | 2.5 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Ou… | |||
| CVE-2015-0493 | low | — | 2.5 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Ou… | |||
| CVE-2015-0474 | low | — | 2.5 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Ou… | |||
| CVE-2015-8569 | low | 2.3 | 2.3 | 11y ago | The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information … | |||
| CVE-2015-7885 | low | 2.3 | 2.3 | 11y ago | The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive informa… | |||
| CVE-2015-7884 | low | 2.3 | 2.3 | 11y ago | The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive … | |||
| CVE-2015-6556 | low | — | 2.3 | 11y ago | EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. | |||
| CVE-2015-4053 | low | — | 2.1 | 4y ago | The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | |||
| CVE-2015-4922 | low | — | 2.1 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Boot. | |||
| CVE-2015-4920 | low | — | 2.1 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via vectors related to NDMP Backup Service. | |||
| CVE-2015-6414 | low | — | 2.1 | 11y ago | Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protecti… | |||
| CVE-2015-7080 | low | — | 2.1 | 11y ago | Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a devic… | |||
| CVE-2015-7067 | low | — | 2.1 | 11y ago | IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NULL pointer dereference) via an unspecified userclient type. | |||
| CVE-2015-8482 | low | — | 2.1 | 11y ago | Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disabl… | |||
| CVE-2015-5006 | low | — | 2.1 | 11y ago | IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attacke… | |||
| CVE-2015-6375 | low | — | 2.1 | 11y ago | The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. | |||
| CVE-2015-6847 | low | — | 2.1 | 11y ago | The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this… | |||
| CVE-2015-7872 | low | — | 2.1 | 11y ago | The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. | |||
| CVE-2015-6113 | low | — | 2.1 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and… | |||
| CVE-2015-6109 | low | — | 2.1 | 11y ago | The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driv… | |||
| CVE-2015-8025 | low | — | 2.1 | 11y ago | driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors. | |||
| CVE-2015-8100 | low | — | 2.1 | 11y ago | The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. | |||
| CVE-2015-5218 | low | — | 2.1 | 11y ago | Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. | |||
| CVE-2015-4940 | low | — | 2.1 | 11y ago | Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information… | |||
| CVE-2015-1996 | low | — | 2.1 | 11y ago | IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information … | |||
| CVE-2015-7972 | low | — | 2.1 | 11y ago | The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size whe… | |||
| CVE-2015-7971 | low | — | 2.1 | 11y ago | Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence o… | |||
| CVE-2015-7813 | low | — | 2.1 | 11y ago | Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) … | |||
| CVE-2015-3218 | low | — | 2.1 | 11y ago | The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer derefer… | |||
| CVE-2015-5448 | low | — | 2.1 | 11y ago | HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-4981 | low | — | 2.1 | 11y ago | IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory v… | |||
| CVE-2015-1005 | low | — | 2.1 | 11y ago | IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vect… | |||
| CVE-2015-6987 | low | — | 2.1 | 11y ago | The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder. | |||
| CVE-2015-7000 | low | — | 2.1 | 11y ago | Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phon… | |||
| CVE-2015-4910 | low | — | 2.1 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. | |||
| CVE-2015-4865 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors … | |||
| CVE-2015-4824 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Secu… | |||
| CVE-2015-4813 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users … | |||
| CVE-2015-4801 | low | — | 2.1 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones. | |||
| CVE-2015-6252 | low | — | 2.1 | 11y ago | The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that trig… | |||
| CVE-2015-5742 | low | — | 2.1 | 11y ago | VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive… | |||
| CVE-2015-7368 | low | — | 2.1 | 11y ago | Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cac… | |||
| CVE-2015-5923 | low | — | 2.1 | 11y ago | Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. | |||
| CVE-2015-5901 | low | — | 2.1 | 11y ago | The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstr… | |||
| CVE-2015-5893 | low | — | 2.1 | 11y ago | SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||
| CVE-2015-5878 | low | — | 2.1 | 11y ago | Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5875 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text. | |||
| CVE-2015-5870 | low | — | 2.1 | 11y ago | The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. | |||
| CVE-2015-5864 | low | — | 2.1 | 11y ago | IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |||
| CVE-2015-5854 | low | — | 2.1 | 11y ago | The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors. | |||
| CVE-2015-1015 | low | — | 2.1 | 11y ago | Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it… | |||
| CVE-2015-0988 | low | — | 2.1 | 11y ago | Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a fi… | |||
| CVE-2015-2027 | low | — | 2.1 | 11y ago | IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an una… |