CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1933 | low | — | 2.1 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001… | |||
| CVE-2015-7238 | low | — | 2.1 | 11y ago | The Secondary server in Threat Intelligence Exchange (TIE) before 1.2.0 uses weak permissions for unspecified (1) configuration files and (2) installation logs, which allows local users to obtain sen… | |||
| CVE-2015-5898 | low | — | 2.1 | 11y ago | CFNetwork in Apple iOS before 9 relies on the hardware UID for its cache encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID. | |||
| CVE-2015-5892 | low | — | 2.1 | 11y ago | Siri in Apple iOS before 9 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a device … | |||
| CVE-2015-5863 | low | — | 2.1 | 11y ago | IOStorageFamily in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive information from kernel memory via unknown vectors. | |||
| CVE-2015-5861 | low | — | 2.1 | 11y ago | SpringBoard in Apple iOS before 9 allows physically proximate attackers to bypass a lock-screen preview-disabled setting, and reply to an audio message, via unspecified vectors. | |||
| CVE-2015-5851 | low | — | 2.1 | 11y ago | The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an enc… | |||
| CVE-2015-5850 | low | — | 2.1 | 11y ago | AppleKeyStore in Apple iOS before 9 allows physically proximate attackers to reset the count of incorrect passcode attempts via a device backup. | |||
| CVE-2015-5842 | low | — | 2.1 | 11y ago | XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors. | |||
| CVE-2015-5832 | low | — | 2.1 | 11y ago | The iTunes Store component in Apple iOS before 9 does not properly delete AppleID credentials from the keychain upon a signout action, which might allow physically proximate attackers to obtain sensi… | |||
| CVE-2015-1319 | low | — | 2.1 | 11y ago | The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20150408-0ubuntu1.2 does not properly detect if the screen is locked, which allows physically proxima… | |||
| CVE-2015-2529 | low | — | 2.1 | 11y ago | The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypa… | |||
| CVE-2015-6807 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" p… | |||
| CVE-2015-6654 | low | — | 2.1 | 11y ago | The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, 4.4.x, and earlier does not limit the number of printk console messages when reporting a failure to retrieve a reference on a for… | |||
| CVE-2015-6754 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the administration interface in the Path Breadcrumbs module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "Administer Path B… | |||
| CVE-2015-6752 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Search API Autocomplete module 7.x-1.x before 7.x-1.3 for Drupal, when the search index is configured to use the HTML filter processor, allows remote a… | |||
| CVE-2015-6746 | low | — | 2.1 | 11y ago | Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys in plaintext in the SQL database, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE:… | |||
| CVE-2015-5697 | low | — | 2.1 | 11y ago | The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from ker… | |||
| CVE-2015-3291 | low | — | 2.1 | 11y ago | arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform does not properly determine when nested NMI processing is occurring, which allows local users to cause a denial of se… | |||
| CVE-2015-6557 | low | — | 2.1 | 11y ago | IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 5.5 before 5.5.6.1, 6.3 before 6.3.1.5, 6.4 before 6.4.1.7, and 7.1 before 7.1.2; Tivoli Storage Manager for Mail: D… | |||
| CVE-2015-4949 | low | — | 2.1 | 11y ago | IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server 7.1 before 7.1.2, Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 7.1 before 7.1.2, a… | |||
| CVE-2015-5513 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Shibboleth authentication module 6.x-4.x before 6.x-4.2 and 7.x-4.x before 7.x-4.2 for Drupal allows remote authenticated users with the "Administer bl… | |||
| CVE-2015-5495 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Mobile sliding menu module 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "administer menu" permission to inject arbitrar… | |||
| CVE-2015-5488 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the "administer mailchimp" … | |||
| CVE-2015-5748 | low | — | 2.1 | 11y ago | The kernel in Apple OS X before 10.10.5 does not properly mount HFS volumes, which allows local users to cause a denial of service via a crafted volume. | |||
| CVE-2015-3757 | low | — | 2.1 | 11y ago | Apple OS X before 10.10.5 does not properly restrict access to the Date & Time preferences pane, which allows local users to spoof the time by visiting this pane. | |||
| CVE-2015-3756 | low | — | 2.1 | 11y ago | The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 certificate acceptance within the lock screen, which allows physically proximate attackers to establish arbitrary certificate trust… | |||
| CVE-2015-2465 | low | — | 2.1 | 11y ago | The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 d… | |||
| CVE-2015-2454 | low | — | 2.1 | 11y ago | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not… | |||
| CVE-2015-2428 | low | — | 2.1 | 11y ago | Object Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properl… | |||
| CVE-2015-3285 | low | — | 2.1 | 11y ago | The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the wrong pointer when writing the results of the RPC, which allows local users to cause a denial of service (memory corruption and ker… | |||
| CVE-2015-3284 | low | — | 2.1 | 11y ago | pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read kernel memory via crafted commands. | |||
| CVE-2015-1970 | low | — | 2.1 | 11y ago | The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data on SSD cards, which might allow physically proximate attackers to obtain sensitive information by e… | |||
| CVE-2015-5084 | low | — | 2.1 | 11y ago | The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically proximate attackers to obtain sensitive… | |||
| CVE-2015-4753 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the RDBMS Support Tools component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality via unknown vectors. | |||
| CVE-2015-2661 | low | — | 2.1 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows local users to affect availability via unknown vectors related to Client. | |||
| CVE-2015-2618 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integ… | |||
| CVE-2015-2585 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0 allows remote authenticated users to affect availability via unknown vectors. | |||
| CVE-2015-2382 | low | — | 2.1 | 11y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel … | |||
| CVE-2015-2381 | low | — | 2.1 | 11y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to obtain sensitive information from kernel … | |||
| CVE-2015-2367 | low | — | 2.1 | 11y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 201… | |||
| CVE-2015-1951 | low | — | 2.1 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.0 IFIX005 does not prevent caching of HTTPS responses, which allows physically proximate attacke… | |||
| CVE-2015-2019 | low | — | 2.1 | 11y ago | IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not prevent caching of documents … | |||
| CVE-2015-1981 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 and 9.x before 9.0.1 FP4, when Webmail is enabled, allows remote authenticated users to inject arbi… | |||
| CVE-2015-3010 | low | — | 2.1 | 11y ago | ceph-deploy before 1.5.23 uses weak permissions (644) for ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | |||
| CVE-2015-4385 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Imagefield Info module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "Administer ima… | |||
| CVE-2015-4378 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Crumbs module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with the "Administer Crumbs" permission to inject arbitrary web scrip… | |||
| CVE-2015-4377 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Petition module 6.x-1.x before 6.x-1.3 for Drupal allows remote authenticated users with the "create petition" perm… | |||
| CVE-2015-3949 | low | — | 2.1 | 11y ago | Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page. | |||
| CVE-2015-1719 | low | — | 2.1 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2,… | |||
| CVE-2015-3201 | low | — | 2.1 | 11y ago | Thermostat before 2.0.0 uses world-readable permissions for the web.xml configuration file, which allows local users to obtain user credentials by reading the file. | |||
| CVE-2015-0200 | low | — | 2.1 | 11y ago | IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors. | |||
| CVE-2015-0170 | low | — | 2.1 | 11y ago | IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows local users to obtain sensitive information by reading cached data. | |||
| CVE-2015-3999 | low | — | 2.1 | 11y ago | Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space. | |||
| CVE-2015-2714 | low | — | 2.1 | 11y ago | Mozilla Firefox before 38.0 on Android does not properly restrict writing URL data to the Android logging system, which allows attackers to obtain sensitive information via a crafted application that… | |||
| CVE-2015-3978 | low | — | 2.1 | 11y ago | SAP Sybase Unwired Platform Online Data Proxy allows local users to obtain usernames and passwords via the DataVault, aka SAP Security Note 2094830. | |||
| CVE-2015-0257 | low | — | 2.1 | 11y ago | Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local … | |||
| CVE-2015-3448 | low | — | 2.1 | 11y ago | REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. | |||
| CVE-2015-3361 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in the Linkit module before 7.x-2.7 and 7.x-3.x before 7.x-3.3 for Drupal, when the node search plugin is enabled, allows remote authenticated users to inject… | |||
| CVE-2015-3320 | low | — | 2.1 | 11y ago | Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 includes active debugging code in SKHOOKS.DLL, which allows local users to obtain keypress information by accessing debug output. | |||
| CVE-2015-1314 | low | — | 2.1 | 11y ago | The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen before prompting the user for login, which might allow physically proximate users to obtain bankin… | |||
| CVE-2015-2579 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the Oracle Health Sciences Argus Safety component in Oracle Health Sciences Applications 8.0 allows local users to affect confidentiality via vectors related to BIP Insta… | |||
| CVE-2015-2576 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installati… | |||
| CVE-2015-2574 | low | — | 2.1 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities. | |||
| CVE-2015-1647 | low | — | 2.1 | 11y ago | Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 allows guest OS users to cause a denial of service (VMM functionality loss) via a crafted application, aka… | |||
| CVE-2015-1415 | low | — | 2.1 | 11y ago | The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, uses world-readable permissions for the GELI keyfile (/boot/encryption.key), which allows local user… | |||
| CVE-2015-1142 | low | — | 2.1 | 11y ago | LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder crash) via crafted localization data. | |||
| CVE-2015-1127 | low | — | 2.1 | 11y ago | The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 places browsing history into an index, which might allow local users to obtain sensi… | |||
| CVE-2015-1116 | low | — | 2.1 | 11y ago | The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive informatio… | |||
| CVE-2015-1109 | low | — | 2.1 | 11y ago | NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file. | |||
| CVE-2015-1108 | low | — | 2.1 | 11y ago | The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain… | |||
| CVE-2015-1106 | low | — | 2.1 | 11y ago | The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate attackers to discover passcodes by reading the lock screen during use of a Bluetooth keyboard. | |||
| CVE-2015-1087 | low | — | 2.1 | 11y ago | Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path. | |||
| CVE-2015-1602 | low | — | 2.1 | 11y ago | Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-leve… | |||
| CVE-2015-0777 | low | — | 2.1 | 11y ago | drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows … | |||
| CVE-2015-2111 | low | — | 2.1 | 11y ago | Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2015-0992 | low | — | 2.1 | 11y ago | Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-0999 | low | — | 2.1 | 11y ago | Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allow… | |||
| CVE-2015-0996 | low | — | 2.1 | 11y ago | Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project … | |||
| CVE-2015-2157 | low | — | 2.1 | 11y ago | The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information … | |||
| CVE-2015-0527 | low | — | 2.1 | 11y ago | EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) prov… | |||
| CVE-2015-0136 | low | — | 2.1 | 11y ago | powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sen… | |||
| CVE-2015-0146 | low | — | 2.1 | 11y ago | IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileN… | |||
| CVE-2015-2045 | low | — | 2.1 | 11y ago | The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-2044 | low | — | 2.1 | 11y ago | The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involvin… | |||
| CVE-2015-0094 | low | — | 2.1 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Window… | |||
| CVE-2015-0084 | low | — | 2.1 | 11y ago | The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonati… | |||
| CVE-2015-0077 | low | — | 2.1 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Window… | |||
| CVE-2015-1599 | low | — | 2.1 | 11y ago | The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. | |||
| CVE-2015-1598 | low | — | 2.1 | 11y ago | The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device file… | |||
| CVE-2015-1355 | low | — | 2.1 | 11y ago | Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting … | |||
| CVE-2015-0519 | low | — | 2.1 | 11y ago | The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows … | |||
| CVE-2015-1345 | low | — | 2.1 | 12y ago | The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. | |||
| CVE-2015-1426 | low | — | 2.1 | 12y ago | Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata | |||
| CVE-2015-1563 | low | — | 2.1 | 12y ago | The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. | |||
| CVE-2015-1200 | low | — | 2.1 | 12y ago | Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to byp… | |||
| CVE-2015-0418 | low | — | 2.1 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown v… | |||
| CVE-2015-0397 | low | — | 2.1 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600. | |||
| CVE-2015-0378 | low | — | 2.1 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc. | |||
| CVE-2015-7511 | low | 2.0 | 2.0 | 10y ago | Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring elec… |