CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2334 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Admin Control Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to hijack the authentication of unspecified v… | |||
| CVE-2015-2293 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for … | |||
| CVE-2015-2107 | medium | — | 6.8 | 11y ago | HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows local users to execute OS commands by leveraging SAP administrative privileges. | |||
| CVE-2015-1782 | medium | — | 6.8 | 11y ago | The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT pack… | |||
| CVE-2015-1874 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.32 for WordPress allows remote attackers to hijack the aut… | |||
| CVE-2015-2096 | medium | — | 6.8 | 11y ago | Use-after-free vulnerability in the Connect function in the WESPMonitor.WESPMonitorCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via an invalid IP a… | |||
| CVE-2015-2095 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in the SetConnectInfo function in the WESPPTZ.WESPPTZCtrl.1 ActiveX control in WebGate eDVR Manager allows remote attackers to execute arbitrary code via crafted arguments. | |||
| CVE-2015-2093 | medium | — | 6.8 | 11y ago | Stack-based buffer overflow in the Connect function in the WebGate WebEyeAudio ActiveX control allows remote attackers to execute arbitrary code via a crafted value. | |||
| CVE-2015-1220 | medium | — | 6.8 | 11y ago | Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gif/GIFImageReader.cpp in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attacker… | |||
| CVE-2015-1597 | medium | — | 6.8 | 11y ago | The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server d… | |||
| CVE-2015-0895 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the All In One WP Security & Firewall plugin before 3.9.0 for WordPress allows remote attackers to hijack the authentication of administrators for r… | |||
| CVE-2015-0598 | medium | — | 6.8 | 11y ago | The RADIUS implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service (device reload) via crafted IPv6 Attributes in Access-Accept packets, aka Bug IDs CSCur84322 and… | |||
| CVE-2015-0883 | medium | — | 6.8 | 11y ago | SYNCK GRAPHICA Mailform Pro CGI 4.1.4 and 4.1.5, when the mailauth module is enabled, does not properly send e-mail messages, which allows remote attackers to execute arbitrary code via unspecified v… | |||
| CVE-2015-0651 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the web GUI in Cisco Application Networking Manager (ANM), and Device Manager (DM) on Cisco 4710 Application Control Engine (ACE) appliances, allows… | |||
| CVE-2015-2089 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentica… | |||
| CVE-2015-0633 | medium | — | 6.8 | 11y ago | The Integrated Management Controller (IMC) in Cisco Unified Computing System (UCS) 1.4(7h) and earlier on C-Series servers allows remote attackers to bypass intended access restrictions by sending cr… | |||
| CVE-2015-2083 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows remote attackers to hijack the authentication of administrators for requests that add a value to a profile field via a profilefields… | |||
| CVE-2015-0831 | medium | — | 6.8 | 11y ago | Use-after-free vulnerability in the mozilla::dom::IndexedDB::IDBObjectStore::CreateIndex function in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allows remo… | |||
| CVE-2015-0829 | medium | — | 6.8 | 11y ago | Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback. | |||
| CVE-2015-0828 | medium | — | 6.8 | 11y ago | Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code … | |||
| CVE-2015-0826 | medium | — | 6.8 | 11y ago | The nsTransformedTextRun::SetCapitalization function in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read of heap memory) … | |||
| CVE-2015-0821 | medium | — | 6.8 | 11y ago | Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unsp… | |||
| CVE-2015-2048 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |||
| CVE-2015-2039 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for re… | |||
| CVE-2015-0880 | medium | — | 6.8 | 11y ago | Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of an attachment. | |||
| CVE-2015-1614 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that … | |||
| CVE-2015-1501 | medium | — | 6.8 | 11y ago | The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafte… | |||
| CVE-2015-1500 | medium | — | 6.8 | 11y ago | Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to… | |||
| CVE-2015-1495 | medium | — | 6.8 | 11y ago | Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. | |||
| CVE-2015-1585 | medium | — | 6.8 | 11y ago | Fat Free CRM Cross-Site Request Forgery vulnerability | |||
| CVE-2015-0931 | medium | — | 6.8 | 11y ago | Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document,… | |||
| CVE-2015-1581 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) … | |||
| CVE-2015-1580 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1)… | |||
| CVE-2015-1578 | medium | — | 6.8 | 12y ago | Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie to u5admi… | |||
| CVE-2015-1559 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication… | |||
| CVE-2015-1432 | medium | — | 6.8 | 12y ago | The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the fu… | |||
| CVE-2015-1568 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scr… | |||
| CVE-2015-1049 | medium | — | 6.8 | 12y ago | The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. | |||
| CVE-2015-0596 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. | |||
| CVE-2015-0926 | medium | — | 6.8 | 12y ago | Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file. | |||
| CVE-2015-1361 | medium | — | 6.8 | 12y ago | platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which mi… | |||
| CVE-2015-1359 | medium | — | 6.8 | 12y ago | Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly h… | |||
| CVE-2015-0232 | medium | — | 6.8 | 12y ago | The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (… | |||
| CVE-2015-0435 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated us… | |||
| CVE-2015-0390 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in the MICROS Retail component in Oracle Retail Applications Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, and 6.5.2 allows remote attackers to affe… | |||
| CVE-2015-1060 | medium | — | 6.8 | 12y ago | Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the HTTP… | |||
| CVE-2015-0588 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. | |||
| CVE-2015-0920 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct… | |||
| CVE-2015-3321 | medium | 6.7 | 6.7 | 9y ago | Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | |||
| CVE-2015-5191 | medium | 6.7 | 6.7 | 9y ago | VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privil… | |||
| CVE-2015-4045 | medium | 6.7 | 6.7 | 9y ago | The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script. | |||
| CVE-2015-4056 | medium | 6.7 | 6.7 | 9y ago | The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrati… | |||
| CVE-2015-7024 | medium | 6.7 | 6.7 | 11y ago | Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an un… | |||
| CVE-2015-6851 | medium | 6.7 | 6.7 | 11y ago | EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector. | |||
| CVE-2015-7331 | medium | 6.6 | 6.6 | 10y ago | The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument. | |||
| CVE-2015-7117 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |||
| CVE-2015-7092 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 t… | |||
| CVE-2015-7091 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |||
| CVE-2015-7090 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |||
| CVE-2015-7089 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |||
| CVE-2015-7088 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |||
| CVE-2015-7087 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |||
| CVE-2015-7086 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |||
| CVE-2015-7085 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |||
| CVE-2015-6643 | medium | 6.6 | 6.6 | 11y ago | Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka … | |||
| CVE-2015-8328 | medium | — | 6.6 | 11y ago | Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive… | |||
| CVE-2015-7869 | medium | — | 6.6 | 11y ago | Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before … | |||
| CVE-2015-4837 | medium | — | 6.6 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Security. | |||
| CVE-2015-6322 | medium | — | 6.6 | 11y ago | The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-… | |||
| CVE-2015-4505 | medium | — | 6.6 | 11y ago | updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operati… | |||
| CVE-2015-2594 | medium | — | 6.6 | 11y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity… | |||
| CVE-2015-3436 | medium | — | 6.6 | 11y ago | provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-loc… | |||
| CVE-2015-0665 | medium | — | 6.6 | 11y ago | The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. | |||
| CVE-2015-0663 | medium | — | 6.6 | 11y ago | Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages,… | |||
| CVE-2015-4082 | medium | 6.5 | 6.5 | 4y ago | attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive informa… | |||
| CVE-2015-7889 | medium | 5.5 | 6.5 | 9y ago | The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service a… | |||
| CVE-2015-8470 | medium | 6.5 | 6.5 | 9y ago | The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cook… | |||
| CVE-2015-1239 | medium | 6.5 | 6.5 | 9y ago | Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a craf… | |||
| CVE-2015-5327 | medium | 6.5 | 6.5 | 9y ago | Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. | |||
| CVE-2015-2927 | medium | 6.5 | 6.5 | 9y ago | node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). | |||
| CVE-2015-5248 | medium | 6.5 | 6.5 | 9y ago | Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform. | |||
| CVE-2015-3419 | medium | 6.5 | 6.5 | 9y ago | vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure. | |||
| CVE-2015-0110 | medium | 6.5 | 6.5 | 9y ago | IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal servi… | |||
| CVE-2015-5695 | medium | 6.5 | 6.5 | 9y ago | Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might… | |||
| CVE-2015-0783 | medium | 6.5 | 6.5 | 9y ago | The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. | |||
| CVE-2015-7850 | medium | 6.5 | 6.5 | 9y ago | ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. | |||
| CVE-2015-7702 | medium | 6.5 | 6.5 | 9y ago | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomple… | |||
| CVE-2015-0194 | medium | 6.5 | 6.5 | 9y ago | XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. | |||
| CVE-2015-5187 | medium | 6.5 | 6.5 | 9y ago | Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic. | |||
| CVE-2015-4463 | medium | 6.5 | 6.5 | 9y ago | The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. | |||
| CVE-2015-4462 | medium | 6.5 | 6.5 | 9y ago | Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file fro… | |||
| CVE-2015-7898 | medium | 5.5 | 6.5 | 9y ago | Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||
| CVE-2015-7895 | medium | 5.5 | 6.5 | 9y ago | Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||
| CVE-2015-7780 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | |||
| CVE-2015-3254 | medium | 6.5 | 6.5 | 9y ago | The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function. | |||
| CVE-2015-8538 | medium | 6.5 | 6.5 | 9y ago | dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). | |||
| CVE-2015-7514 | medium | 6.5 | 6.5 | 9y ago | OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information. | |||
| CVE-2015-3830 | medium | 6.5 | 6.5 | 9y ago | The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate… | |||
| CVE-2015-1207 | medium | 6.5 | 6.5 | 9y ago | Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. | |||
| CVE-2015-1834 | medium | 6.5 | 6.5 | 9y ago | A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior t… |