CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1399 | medium | — | 6.5 | 11y ago | PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remo… | |||
| CVE-2015-1398 | medium | — | 6.5 | 11y ago | Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files v… | |||
| CVE-2015-1889 | medium | — | 6.5 | 11y ago | The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statem… | |||
| CVE-2015-3345 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList… | |||
| CVE-2015-2570 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 11.5.10, 12.0, 12.1, and 12.2 allows remote authenticated users to affect confidentiality, inte… | |||
| CVE-2015-1822 | medium | — | 6.5 | 11y ago | chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitia… | |||
| CVE-2015-1821 | medium | — | 6.5 | 11y ago | Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) … | |||
| CVE-2015-0951 | medium | — | 6.5 | 11y ago | X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request. | |||
| CVE-2015-0684 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified… | |||
| CVE-2015-0682 | medium | — | 6.5 | 11y ago | Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. | |||
| CVE-2015-2821 | medium | — | 6.5 | 11y ago | TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors. | |||
| CVE-2015-2815 | medium | — | 6.5 | 11y ago | Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of servic… | |||
| CVE-2015-2172 | medium | — | 6.5 | 11y ago | DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via … | |||
| CVE-2015-2758 | medium | — | 6.5 | 11y ago | The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or po… | |||
| CVE-2015-0934 | medium | — | 6.5 | 11y ago | Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | |||
| CVE-2015-2194 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a… | |||
| CVE-2015-2087 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension… | |||
| CVE-2015-2035 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php. | |||
| CVE-2015-1604 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable exten… | |||
| CVE-2015-1616 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified … | |||
| CVE-2015-1434 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category… | |||
| CVE-2015-0611 | medium | — | 6.5 | 12y ago | The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote aut… | |||
| CVE-2015-0580 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute ar… | |||
| CVE-2015-1393 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create galle… | |||
| CVE-2015-1195 | medium | — | 6.5 | 12y ago | OpenStack Glance v2 API unrestricted path traversal through filesystem:// scheme | |||
| CVE-2015-0373 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, … | |||
| CVE-2015-0515 | medium | — | 6.5 | 12y ago | Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an… | |||
| CVE-2015-1029 | medium | — | 6.5 | 12y ago | The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by … | |||
| CVE-2015-4072 | medium | 5.4 | 6.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and m… | |||
| CVE-2015-8780 | medium | 6.4 | 6.4 | 9y ago | Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury. | |||
| CVE-2015-5399 | medium | 5.4 | 6.4 | 10y ago | Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment. | |||
| CVE-2015-8511 | medium | 6.4 | 6.4 | 11y ago | Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |||
| CVE-2015-8579 | medium | — | 6.4 | 11y ago | Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass th… | |||
| CVE-2015-8578 | medium | — | 6.4 | 11y ago | AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR… | |||
| CVE-2015-8241 | medium | — | 6.4 | 11y ago | The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) … | |||
| CVE-2015-8382 | medium | — | 6.4 | 11y ago | The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which… | |||
| CVE-2015-7286 | medium | — | 6.4 | 11y ago | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographi… | |||
| CVE-2015-5305 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handle… | |||
| CVE-2015-5289 | medium | — | 6.4 | 11y ago | Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vecto… | |||
| CVE-2015-5288 | medium | — | 6.4 | 11y ago | The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service… | |||
| CVE-2015-1002 | medium | — | 6.4 | 11y ago | IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string. | |||
| CVE-2015-4886 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integri… | |||
| CVE-2015-4827 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle Retail Open Commerce Platform component in Oracle Retail Applications 3.0 allows remote attackers to affect confidentiality and integrity via unknown vectors r… | |||
| CVE-2015-4806 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | |||
| CVE-2015-5662 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive. | |||
| CVE-2015-3847 | medium | — | 6.4 | 11y ago | Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove stored SMS messages via a crafted application, aka internal bug 22343270. | |||
| CVE-2015-4520 | medium | — | 6.4 | 11y ago | Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of… | |||
| CVE-2015-4512 | medium | — | 6.4 | 11y ago | gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux improperly attempts to use the Cairo library with 32-bit color-depth surface creation followed by 16-bit color-depth surface disp… | |||
| CVE-2015-4504 | medium | — | 6.4 | 11y ago | The lut_inverse_interp16 function in the QCMS library in Mozilla Firefox before 41.0 allows remote attackers to obtain sensitive information or cause a denial of service (buffer over-read and applica… | |||
| CVE-2015-6285 | medium | — | 6.4 | 11y ago | Format string vulnerability in Cisco Email Security Appliance (ESA) 7.6.0 and 8.0.0 allows remote attackers to cause a denial of service (memory overwrite or service outage) via format string specifi… | |||
| CVE-2015-2484 | medium | — | 6.4 | 11y ago | Microsoft Internet Explorer 10 and 11 uses an incorrect flag during certain filesystem accesses, which allows remote attackers to delete arbitrary files via unspecified vectors, aka "Tampering Vulner… | |||
| CVE-2015-1291 | medium | — | 6.4 | 11y ago | The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote atta… | |||
| CVE-2015-6563 | medium | 6.4 | 6.4 | 11y ago | The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD platforms accepts extraneous username data in MONITOR_REQ_PAM_INIT_CTX requests, which allows local users to conduct impersonation a… | |||
| CVE-2015-4302 | medium | — | 6.4 | 11y ago | The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows remote attackers to delete arbitrary system policies via modified parameters in a POST request, aka Bug ID CSCuu25390. | |||
| CVE-2015-4670 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in the AjaxFileUpload control in DevExpress AJAX Control Toolkit (aka AjaxControlToolkit) before 15.1 allows remote attackers to write to arbitrary files via a .. (d… | |||
| CVE-2015-3750 | medium | — | 6.4 | 11y ago | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not enforce the HTTP Strict Transport Security (HSTS) protection mech… | |||
| CVE-2015-2323 | medium | — | 6.4 | 11y ago | FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, export, RC4, and possibly other weak ciphers when using TLS to connect to FortiGuard servers, which allows man-in-the-middle att… | |||
| CVE-2015-4289 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in Cisco AnyConnect Secure Mobility Client 4.0(2049) allows remote head-end systems to write to arbitrary files via a crafted configuration attribute, aka Bug ID CSC… | |||
| CVE-2015-2653 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to affec… | |||
| CVE-2015-2581 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.1 and 5.2 allows remote attackers to affect confidentiality and availability via unknown vectors rel… | |||
| CVE-2015-4271 | medium | — | 6.4 | 11y ago | Cisco TelePresence TC before 7.3.4 on Integrator C devices allows remote attackers to bypass authentication via vectors involving multiple request parameters, aka Bug ID CSCuv00604. | |||
| CVE-2015-2970 | medium | — | 6.4 | 11y ago | index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to delete arbitrary files via the oekakis parameter. | |||
| CVE-2015-5461 | medium | — | 6.4 | 11y ago | Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and … | |||
| CVE-2015-2966 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in the Droidware UK Explorer+ File Manager application before 2.3.3 for Android allows remote attackers to write to arbitrary files via unspecified vectors. | |||
| CVE-2015-4209 | medium | — | 6.4 | 11y ago | Cisco WebEx Meeting Center does not properly determine authorization for reading a host calendar, which allows remote attackers to obtain sensitive information by obtaining a list of all meetings and… | |||
| CVE-2015-3237 | medium | — | 6.4 | 11y ago | The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and cra… | |||
| CVE-2015-4641 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and cons… | |||
| CVE-2015-4152 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in the file output plugin in Elasticsearch Logstash before 1.4.3 allows remote attackers to write to arbitrary files via vectors related to dynamic field references … | |||
| CVE-2015-2958 | medium | — | 6.4 | 11y ago | Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and modify settings via unspecified vectors, a different vulne… | |||
| CVE-2015-2950 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in the Brandon Bowles Open Explorer application before 0.254 Beta for Android allows remote attackers to write to arbitrary files via a crafted filename. | |||
| CVE-2015-1921 | medium | — | 6.4 | 11y ago | Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a… | |||
| CVE-2015-3085 | medium | — | 6.4 | 11y ago | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Ad… | |||
| CVE-2015-3294 | medium | — | 6.4 | 11y ago | The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of se… | |||
| CVE-2015-1100 | medium | — | 6.4 | 11y ago | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (out-of-bounds memory access) or obtain sensitive memory-content i… | |||
| CVE-2015-1473 | medium | — | 6.4 | 11y ago | The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca functi… | |||
| CVE-2015-0993 | medium | — | 6.4 | 11y ago | Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation. | |||
| CVE-2015-2814 | medium | — | 6.4 | 11y ago | SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task Tracker (com.sap.mobile.healthcare.ctt) does not properly restrict access, which allows remote attackers to change the backendurl,… | |||
| CVE-2015-0811 | medium | — | 6.4 | 11y ago | The QCMS implementation in Mozilla Firefox before 37.0 allows remote attackers to obtain sensitive information from process heap memory or cause a denial of service (out-of-bounds read) via an image … | |||
| CVE-2015-2106 | medium | — | 6.4 | 11y ago | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers to bypass intended access restrictions or cause a denial o… | |||
| CVE-2015-0250 | medium | — | 6.4 | 11y ago | Improper Input Validation in Apache Batik | |||
| CVE-2015-0670 | medium | — | 6.4 | 11y ago | The default configuration of Cisco Small Business IP phones SPA 300 7.5.5 and SPA 500 7.5.5 does not properly support authentication, which allows remote attackers to read audio-stream data or origin… | |||
| CVE-2015-0669 | medium | — | 6.4 | 11y ago | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 15.4S and 15.4(3)S allows remote attackers to modify configuration settings or cause a denial of service (partial service out… | |||
| CVE-2015-2304 | medium | — | 6.4 | 11y ago | Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 and earlier allows remote attackers to write to arbitrary files via a full pathname in an archive. | |||
| CVE-2015-1464 | medium | — | 6.4 | 11y ago | RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack sessions via an RSS feed URL. | |||
| CVE-2015-0888 | medium | — | 6.4 | 11y ago | KENT-WEB Clip Board before 4.1 allows remote attackers to delete arbitrary files via unspecified vectors. | |||
| CVE-2015-0255 | medium | — | 6.4 | 12y ago | X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via … | |||
| CVE-2015-0552 | medium | — | 6.4 | 12y ago | Directory traversal vulnerability in the gcab_folder_extract function in libgcab/gcab-folder.c in gcab 0.4 allows remote attackers to write to arbitrary files via crafted path in a CAB file, as demon… | |||
| CVE-2015-6918 | medium | 6.3 | 6.3 | 9y ago | salt before 2015.5.5 leaks git usernames and passwords to the log. | |||
| CVE-2015-2826 | medium | 5.3 | 6.3 | 9y ago | WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information. | |||
| CVE-2015-4071 | medium | 5.3 | 6.3 | 9y ago | The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/… | |||
| CVE-2015-7769 | medium | 6.3 | 6.3 | 10y ago | baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2015-6864 | medium | 6.3 | 6.3 | 11y ago | HPE ArcSight Logger before 6.1P1 allows remote authenticated users to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | |||
| CVE-2015-5471 | medium | 5.3 | 6.3 | 11y ago | Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file par… | |||
| CVE-2015-6933 | medium | 6.3 | 6.3 | 11y ago | The VMware Tools HGFS (aka Shared Folders) implementation in VMware Workstation 11.x before 11.1.2, VMware Player 7.x before 7.1.2, VMware Fusion 7.x before 7.1.2, and VMware ESXi 5.0 through 6.0 all… | |||
| CVE-2015-8740 | medium | 5.3 | 6.3 | 11y ago | The dissect_tds7_colmetadata_token function in epan/dissectors/packet-tds.c in the TDS dissector in Wireshark 2.0.x before 2.0.1 does not validate the number of columns, which allows remote attackers… | |||
| CVE-2015-7791 | medium | 6.3 | 6.3 | 11y ago | Multiple SQL injection vulnerabilities in admin.php in the Collne Welcart plugin before 1.5.3 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) search[colum… | |||
| CVE-2015-6263 | medium | — | 6.3 | 11y ago | The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a shared RADIUS secret is configured, allows remote RADIUS servers to cause a denial of service (device reload) via malformed answers, … | |||
| CVE-2015-5200 | medium | — | 6.3 | 11y ago | The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors. | |||
| CVE-2015-0771 | medium | — | 6.3 | 11y ago | The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted … | |||
| CVE-2015-0687 | medium | — | 6.3 | 11y ago | The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 devices, when single-switch Virtual Switching System (VSS) is configured, allows remote authenticated users to cause a denial of servi… |