CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5382 | medium | 6.5 | 6.5 | 9y ago | program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard. | |||
| CVE-2015-8959 | medium | 6.5 | 6.5 | 9y ago | coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. | |||
| CVE-2015-8958 | medium | 6.5 | 6.5 | 9y ago | coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. | |||
| CVE-2015-8957 | medium | 6.5 | 6.5 | 9y ago | Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. | |||
| CVE-2015-8345 | medium | 6.5 | 6.5 | 9y ago | The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. | |||
| CVE-2015-8272 | medium | 6.5 | 6.5 | 9y ago | RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash). | |||
| CVE-2015-8613 | medium | 6.5 | 6.5 | 9y ago | Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instanc… | |||
| CVE-2015-8568 | medium | 6.5 | 6.5 | 9y ago | Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxne… | |||
| CVE-2015-8504 | medium | 6.5 | 6.5 | 9y ago | Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. | |||
| CVE-2015-8670 | medium | 6.5 | 6.5 | 9y ago | Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service. | |||
| CVE-2015-8896 | medium | 6.5 | 6.5 | 9y ago | Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. | |||
| CVE-2015-4409 | medium | 6.5 | 6.5 | 9y ago | Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request… | |||
| CVE-2015-4408 | medium | 6.5 | 6.5 | 9y ago | Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request… | |||
| CVE-2015-4407 | medium | 6.5 | 6.5 | 9y ago | Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request… | |||
| CVE-2015-8903 | medium | 6.5 | 6.5 | 9y ago | The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. | |||
| CVE-2015-8902 | medium | 6.5 | 6.5 | 9y ago | The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. | |||
| CVE-2015-8901 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. | |||
| CVE-2015-8750 | medium | 6.5 | 6.5 | 9y ago | libdwarf 20151114 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a debug_abbrev section marked NOBITS in an ELF file. | |||
| CVE-2015-7973 | medium | 6.5 | 6.5 | 10y ago | NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in broadcast mode, allows man-in-the-middle attackers to conduct replay attacks by sniffing the network. | |||
| CVE-2015-7743 | medium | 6.5 | 6.5 | 10y ago | XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses… | |||
| CVE-2015-8701 | medium | 6.5 | 6.5 | 10y ago | QEMU (aka Quick Emulator) built with the Rocker switch emulation support is vulnerable to an off-by-one error. It happens while processing transmit (tx) descriptors in 'tx_consume' routine, if a desc… | |||
| CVE-2015-8786 | medium | 6.5 | 6.5 | 10y ago | The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_inc… | |||
| CVE-2015-8923 | medium | 6.5 | 6.5 | 10y ago | The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file. | |||
| CVE-2015-8916 | medium | 6.5 | 6.5 | 10y ago | bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a "split file in multivolume RAR," which allows remote attackers to cause a denial of service (NU… | |||
| CVE-2015-4598 | medium | 6.5 | 6.5 | 10y ago | PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted i… | |||
| CVE-2015-3411 | medium | 6.5 | 6.5 | 10y ago | PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted in… | |||
| CVE-2015-8530 | medium | 6.5 | 6.5 | 10y ago | Stack-based buffer overflow in the Initialize function in an ActiveX control in IBM SPSS Statistics 19 and 20 before 20.0.0.2-IF0008, 21 before 21.0.0.2-IF0010, 22 before 22.0.0.2-IF0011, 23 before 2… | |||
| CVE-2015-5479 | medium | 6.5 | 6.5 | 10y ago | The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with craft… | |||
| CVE-2015-8677 | medium | 6.5 | 6.5 | 10y ago | Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus series switches with software V200R003C00 before V200R003SPH011 and V200R005C00 before V200R005SPH008; S2350EI and S5300LI Campus s… | |||
| CVE-2015-5247 | medium | 6.5 | 6.5 | 10y ago | The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows remote authenticated users with a read-write connection to cause a denial of service (libvirtd crash) by triggering a failed unl… | |||
| CVE-2015-8784 | medium | 6.5 | 6.5 | 10y ago | The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image, as demonstrated by libtiff5.tif. | |||
| CVE-2015-1547 | medium | 6.5 | 6.5 | 10y ago | The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted TIFF image, as demonstrated by libtiff5.tif. | |||
| CVE-2015-8553 | medium | 6.5 | 6.5 | 10y ago | Xen allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory by not enabling memory and I/O decoding control bits. NOTE: this vulnerability exists … | |||
| CVE-2015-5167 | medium | 6.5 | 6.5 | 10y ago | Apache Ranger allows users to bypass intended access restrictions via the REST API | |||
| CVE-2015-2286 | medium | 6.5 | 6.5 | 10y ago | lms/templates/footer-edx-new.html in Open edX edx-platform before 2015-01-29 does not properly restrict links on the password-reset page, which allows user-assisted remote attackers to discover passw… | |||
| CVE-2015-7560 | medium | 6.5 | 6.5 | 10y ago | The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by usi… | |||
| CVE-2015-8489 | medium | 6.5 | 6.5 | 10y ago | customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to cause a denial of service (excessive database locking) via a crafted CSV file, a different vulnerability than CVE-… | |||
| CVE-2015-8631 | medium | 6.5 | 6.5 | 10y ago | Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (mem… | |||
| CVE-2015-7675 | medium | 6.5 | 6.5 | 10y ago | The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID i… | |||
| CVE-2015-7513 | medium | 6.5 | 6.5 | 11y ago | arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and ho… | |||
| CVE-2015-7916 | medium | 6.5 | 6.5 | 11y ago | Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted query. | |||
| CVE-2015-8783 | medium | 6.5 | 6.5 | 11y ago | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds reads) via a crafted TIFF image. | |||
| CVE-2015-8782 | medium | 6.5 | 6.5 | 11y ago | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds writes) via a crafted TIFF image, a different vulnerability than CVE-2015-8781. | |||
| CVE-2015-8781 | medium | 6.5 | 6.5 | 11y ago | tif_luv.c in libtiff allows attackers to cause a denial of service (out-of-bounds write) via an invalid number of samples per pixel in a LogL compressed TIFF image, a different vulnerability than CVE… | |||
| CVE-2015-8794 | medium | 6.5 | 6.5 | 11y ago | Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full path… | |||
| CVE-2015-6317 | medium | 6.5 | 6.5 | 11y ago | Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. | |||
| CVE-2015-4925 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown ve… | |||
| CVE-2015-8704 | medium | 6.5 | 6.5 | 11y ago | apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed … | |||
| CVE-2015-8605 | medium | 6.5 | 6.5 | 11y ago | ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 allows remote attackers to cause a denial of service (application crash) via an invalid length field in a UDP IPv4 packet. | |||
| CVE-2015-8335 | medium | 6.5 | 6.5 | 11y ago | Huawei VCN500 with software before V100R002C00SPC201 logs passwords in cleartext, which allows remote authenticated users to obtain sensitive information by triggering log generation and then reading… | |||
| CVE-2015-6433 | medium | 6.5 | 6.5 | 11y ago | SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | |||
| CVE-2015-5434 | medium | 6.5 | 6.5 | 11y ago | HPE Networking Products, originally branded as Comware 5, Comware 7, H3C, or HP, allow remote attackers to bypass intended access restrictions or cause a denial of service via "Virtual routing and fo… | |||
| CVE-2015-8739 | medium | 5.5 | 6.5 | 11y ago | The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the IPMI dissector in Wireshark 2.0.x before 2.0.1 improperly attempts to access a packet scope, which allows remote attackers to cau… | |||
| CVE-2015-8736 | medium | 5.5 | 6.5 | 11y ago | The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not reserve memory for a trailer, which allows remote attackers to cause a denial of ser… | |||
| CVE-2015-8735 | medium | 5.5 | 6.5 | 11y ago | The get_value function in epan/dissectors/packet-btatt.c in the Bluetooth Attribute (aka BT ATT) dissector in Wireshark 2.0.x before 2.0.1 uses an incorrect integer data type, which allows remote att… | |||
| CVE-2015-8733 | medium | 5.5 | 6.5 | 11y ago | The ngsniffer_process_record function in wiretap/ngsniffer.c in the Sniffer file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationships between record len… | |||
| CVE-2015-8732 | medium | 5.5 | 6.5 | 11y ago | The dissect_zcl_pwr_prof_pwrprofstatersp function in epan/dissectors/packet-zbee-zcl-general.c in the ZigBee ZCL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate t… | |||
| CVE-2015-8731 | medium | 5.5 | 6.5 | 11y ago | The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not reject unknown TLV types, which allows remo… | |||
| CVE-2015-8730 | medium | 5.5 | 6.5 | 11y ago | epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the number of items, which allows remote attackers to cause a denial of … | |||
| CVE-2015-8729 | medium | 5.5 | 6.5 | 11y ago | The ascend_seek function in wiretap/ascendtext.c in the Ascend file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not ensure the presence of a '\0' character at the end of a da… | |||
| CVE-2015-8728 | medium | 5.5 | 6.5 | 11y ago | The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in the ANSI A dissector and (2) epan/dissectors/packet-gsm_a_common.c in the GSM A dissector in Wireshark 1.12.x before 1.12.9 and 2.… | |||
| CVE-2015-8727 | medium | 5.5 | 6.5 | 11y ago | The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in the RSVP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not properly maintain request-key data, which all… | |||
| CVE-2015-8726 | medium | 5.5 | 6.5 | 11y ago | wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate certain signature and Modulation and Coding Scheme (MCS) data, which allows remote… | |||
| CVE-2015-8725 | medium | 5.5 | 6.5 | 11y ago | The dissect_diameter_base_framed_ipv6_prefix function in epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the IPv… | |||
| CVE-2015-8724 | medium | 5.5 | 6.5 | 11y ago | The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not verify the WPA broadcast key length, whi… | |||
| CVE-2015-8723 | medium | 5.5 | 6.5 | 11y ago | The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the 802.11 dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the relationship between the total lengt… | |||
| CVE-2015-7422 | medium | 5.5 | 6.5 | 11y ago | Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors. | |||
| CVE-2015-7456 | medium | 6.5 | 6.5 | 11y ago | IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote authenticated users to discover object-storage admin passwords via unspecified vectors. | |||
| CVE-2015-6004 | medium | 6.5 | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.a… | |||
| CVE-2015-6431 | medium | 6.5 | 6.5 | 11y ago | Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of service (device reload) via a packet with the 00-00-00-00-00-00 source MAC address, aka Bug ID CSCux48405. | |||
| CVE-2015-8377 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the host_new_graphs_save function in graphs_new.php in Cacti 0.8.8f and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted serializ… | |||
| CVE-2015-6361 | medium | — | 6.5 | 11y ago | The administrative web interface on Cisco DPC3939 (XB3) devices with firmware 121109aCMCST allows remote authenticated users to execute arbitrary commands via unspecified fields, aka Bug ID CSCuw8617… | |||
| CVE-2015-6417 | medium | — | 6.5 | 11y ago | Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and earlier does not always use RBAC for backend database access, which allows remote authenticated users to read or write to databa… | |||
| CVE-2015-6395 | medium | — | 6.5 | 11y ago | Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not properly restrict access to web pages, which allows remote attackers to modify the configuration via a direct request, aka Bug ID C… | |||
| CVE-2015-5323 | medium | — | 6.5 | 11y ago | Jenkins allows Administrators to Access API Tokens | |||
| CVE-2015-6380 | medium | — | 6.5 | 11y ago | An unspecified script in the web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to execute arbitrary OS commands via c… | |||
| CVE-2015-7773 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in the Panel component in Bastian Allgeier Kirby before 2.1.2 allows remote authenticated users to execute arbitrary PHP code by uploading a file that lacks an … | |||
| CVE-2015-7712 | medium | — | 6.5 | 11y ago | Multiple eval injection vulnerabilities in mods/_standard/gradebook/edit_marks.php in ATutor 2.2 and earlier allow remote authenticated users with the AT_PRIV_GRADEBOOK privilege to execute arbitrary… | |||
| CVE-2015-7774 | medium | — | 6.5 | 11y ago | PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role. | |||
| CVE-2015-4966 | medium | — | 6.5 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 FP009, and 7.6.0 before 7.6.0.2 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 FP009, 7.5.1, and 7.6.0 before 7.6.0.2 IFI… | |||
| CVE-2015-1989 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-6316 | medium | — | 6.5 | 11y ago | The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by … | |||
| CVE-2015-5673 | medium | — | 6.5 | 11y ago | eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) web application before 2015-10-30 makes improper popen calls, which allows remote attackers to execute arbitrary commands via an … | |||
| CVE-2015-3270 | medium | — | 6.5 | 11y ago | Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote authenticated users to gain administrative privileges via unspecified vectors, possibly related to changing passwords. | |||
| CVE-2015-6350 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the web framework in Cisco Prime Service Catalog 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuw50843. | |||
| CVE-2015-6345 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug… | |||
| CVE-2015-5669 | medium | — | 6.5 | 11y ago | Techno Project Japan Enisys Gw before 1.4.1 allows remote authenticated users to write to arbitrary files and consequently execute arbitrary code via unspecified vectors. | |||
| CVE-2015-6486 | medium | — | 6.5 | 11y ago | SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote authenticated users to execute arbitrary SQL commands via u… | |||
| CVE-2015-4900 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and av… | |||
| CVE-2015-4888 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability … | |||
| CVE-2015-7682 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allow remote administrators to execute arbitrary SQL commands via the (1… | |||
| CVE-2015-1806 | medium | — | 6.5 | 11y ago | Jenkins allows for Privilege Escalation by Remote Authenticated Users | |||
| CVE-2015-7729 | medium | — | 6.5 | 11y ago | Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via uns… | |||
| CVE-2015-7727 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via un… | |||
| CVE-2015-7725 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1) remo… | |||
| CVE-2015-6331 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the web framework in Cisco Prime Collaboration Assurance 10.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID… | |||
| CVE-2015-6329 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Cisco Prime Collaboration Provisioning 10.6 and 11.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCut64074. | |||
| CVE-2015-5659 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Network Applied Communication Laboratory Pref Shimane CMS 2.x before 2.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5648 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in list.php in phpRechnung before 1.6.5 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5645 | medium | — | 6.5 | 11y ago | ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to obtain administrative privileges via unspecified vectors. |