CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5642 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before 2.5.7 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5641 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in baserCMS before 3.0.8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5640 | medium | — | 6.5 | 11y ago | baserCMS Access Control Bypass | |||
| CVE-2015-4967 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX004 a… | |||
| CVE-2015-5703 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the public key discovery API call in Open-Xchange OX Guard before 2.0.0-rev8 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-4542 | medium | — | 6.5 | 11y ago | EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users to bypass intended access restrictions, and read or modify Discussion Forum Fields messages, via unspecified vectors. | |||
| CVE-2015-7310 | medium | — | 6.5 | 11y ago | McAfee Enterprise Security Manager (ESM), Enterprise Security Manager/Log Manager (ESMLM), and Enterprise Security Manager/Receiver (ESMREC) before 9.3.2MR18, 9.4.x before 9.4.2MR8, and 9.5.x before … | |||
| CVE-2015-6299 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the web interface in Cisco Unity Connection 9.1(1.2) and earlier allows remote authenticated users to execute arbitrary SQL commands via a crafted POST request, aka Bug… | |||
| CVE-2015-5274 | medium | — | 6.5 | 11y ago | rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows remote authenticated users to execute arbitrary commands via a crafted request to the Broker. | |||
| CVE-2015-6968 | medium | — | 6.5 | 11y ago | Multiple incomplete blacklist vulnerabilities in the serendipity_isActiveFile function in include/functions_images.inc.php in Serendipity before 2.0.2 allow remote authenticated users to execute arbi… | |||
| CVE-2015-6743 | medium | — | 6.5 | 11y ago | Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password for an unspecified account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge … | |||
| CVE-2015-6742 | medium | — | 6.5 | 11y ago | Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded password for the ANCO account, which allows remote authenticated users to bypass intended access restrictions by leveraging knowledge… | |||
| CVE-2015-5431 | medium | — | 6.5 | 11y ago | HP Matrix Operating Environment before 7.5.0 allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. | |||
| CVE-2015-5405 | medium | — | 6.5 | 11y ago | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information, modify da… | |||
| CVE-2015-2140 | medium | — | 6.5 | 11y ago | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information or modify … | |||
| CVE-2015-5410 | medium | — | 6.5 | 11y ago | HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to execute arbitrary code or cause a denial of service via unspecified vectors. | |||
| CVE-2015-3238 | medium | 6.5 | 6.5 | 11y ago | The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial … | |||
| CVE-2015-4329 | medium | — | 6.5 | 11y ago | The administrator web interface in Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary OS commands via crafted HTTP requests, aka Bug ID … | |||
| CVE-2015-4303 | medium | — | 6.5 | 11y ago | Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows remote authenticated users to execute arbitrary commands in the context of the nobody user account via an unspecified web-page parame… | |||
| CVE-2015-4298 | medium | — | 6.5 | 11y ago | Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) improperly performs authorization, which allows remote authenticated users to read or write to stored data via unspecified vectors,… | |||
| CVE-2015-2058 | medium | — | 6.5 | 11y ago | c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates data without ensuring it remains valid UTF-8, which allows remote authenticated users to read system memory or possibly have other u… | |||
| CVE-2015-1487 | medium | — | 6.5 | 11y ago | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to write to arbitrary files, and consequently obtain administrator pri… | |||
| CVE-2015-4276 | medium | — | 6.5 | 11y ago | Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users to execute arbitrary code via a crafted command parameter, aka Bug ID CSCus56138. | |||
| CVE-2015-2617 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Partition. | |||
| CVE-2015-2595 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unk… | |||
| CVE-2015-1761 | medium | — | 6.5 | 11y ago | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain pr… | |||
| CVE-2015-5459 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the AdvanceSearch.class in AdventNetPassTrix.jar in ManageEngine Password Manager Pro (PMP) before 8.1 Build 8101 allows remote authenticated users to execute arbitrary… | |||
| CVE-2015-4129 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote authenticated users to execute arbitrary SQL commands via modified serialized data in a salt cookie. | |||
| CVE-2015-4524 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 before P31, 6.7SP2 before P23, and 6.8 before P01; Documentum Administrator 6.7SP1 before P31, 6.7SP2 before P23, 7.0 before P18… | |||
| CVE-2015-4233 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuu54037. | |||
| CVE-2015-5149 | medium | — | 6.5 | 11y ago | Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Reque… | |||
| CVE-2015-0126 | medium | — | 6.5 | 11y ago | IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users … | |||
| CVE-2015-1974 | medium | — | 6.5 | 11y ago | The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows … | |||
| CVE-2015-5078 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the insert function in application/controllers/admin/dataentry.php in LimeSurvey 2.06+ allows remote authenticated users to execute arbitrary SQL commands via the close… | |||
| CVE-2015-4222 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Cisco Unified Communications Manager IM and Presence Service 9.1(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug… | |||
| CVE-2015-4713 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote editors to execute arbitrary SQL commands via the pid parameter to index.php. | |||
| CVE-2015-4676 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in ticket.php in TickFa 1.x allows remote authenticated users to execute arbitrary SQL commands via the tid parameter in a read action. | |||
| CVE-2015-4628 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in application/controllers/admin/questiongroups.php in LimeSurvey before 2.06+ Build 150618 allows remote authenticated administrators to execute arbitrary SQL commands vi… | |||
| CVE-2015-4338 | medium | — | 6.5 | 11y ago | Static code injection vulnerability in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to inject arbitrary PHP code into the language files via a Translation LM_FRONT_* field… | |||
| CVE-2015-4336 | medium | — | 6.5 | 11y ago | cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows remote authenticated users to execute arbitrary commands via a file containing filenames with shell metacharacters, as demonstrat… | |||
| CVE-2015-4613 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-4612 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vec… | |||
| CVE-2015-4611 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) extension before 1.0.9 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-4610 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the Store Locator (locator) extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-4609 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-2952 | medium | — | 6.5 | 11y ago | The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and… | |||
| CVE-2015-3993 | medium | — | 6.5 | 11y ago | Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows remote authenticated users to bypass intended write-access restrictions and execute an UPDATE statement by referencing a table. | |||
| CVE-2015-0768 | medium | — | 6.5 | 11y ago | The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated u… | |||
| CVE-2015-1945 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privilege… | |||
| CVE-2015-1392 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1013 | medium | — | 6.5 | 11y ago | OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted Users group lacks the Everyone account, which allows remote authenticated users to bypass intended comm… | |||
| CVE-2015-1008 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated users to gain privileges via malformed input. | |||
| CVE-2015-0540 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the xAdmin interface in EMC Document Sciences xPression 4.2 before P44 and 4.5 SP1 before P03 allows remote authenticated users to execute arbitrary SQL commands via un… | |||
| CVE-2015-0161 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to execute arbitrary SQL commands v… | |||
| CVE-2015-0750 | medium | — | 6.5 | 11y ago | The administrative web interface in Cisco Hosted Collaboration Solution (HCS) 10.6(1) and earlier allows remote authenticated users to execute arbitrary commands via crafted input to unspecified fiel… | |||
| CVE-2015-0916 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows remote authenticated users to execute arbitrary SQL commands via the local_graph_id parameter, a different vulnerability than CV… | |||
| CVE-2015-0715 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the administrative web interface in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via unspe… | |||
| CVE-2015-0912 | medium | — | 6.5 | 11y ago | EasyCTF before 1.4 allows remote authenticated users to write executable content to files via unspecified vectors. | |||
| CVE-2015-3458 | medium | — | 6.5 | 11y ago | The fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 does not restrict the stream wrapper used in a templat… | |||
| CVE-2015-1399 | medium | — | 6.5 | 11y ago | PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Zend class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remo… | |||
| CVE-2015-1398 | medium | — | 6.5 | 11y ago | Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote authenticated users to include and execute certain PHP files v… | |||
| CVE-2015-1889 | medium | — | 6.5 | 11y ago | The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated users to bypass intended HDFS data-access restrictions via (1) a crafted CREATE HADOOP TABLE statem… | |||
| CVE-2015-3345 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the PHPlist Integration Module before 6.x-1.7 for Drupal allows remote administrators to execute arbitrary SQL commands via unspecified vectors, related to the "phpList… | |||
| CVE-2015-2570 | medium | — | 6.5 | 11y ago | Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 11.5.10, 12.0, 12.1, and 12.2 allows remote authenticated users to affect confidentiality, inte… | |||
| CVE-2015-1822 | medium | — | 6.5 | 11y ago | chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies to command requests, which allows remote authenticated users to cause a denial of service (uninitia… | |||
| CVE-2015-1821 | medium | — | 6.5 | 11y ago | Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) … | |||
| CVE-2015-0951 | medium | — | 6.5 | 11y ago | X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request. | |||
| CVE-2015-0684 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the Image Management component in Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary SQL commands via unspecified… | |||
| CVE-2015-0682 | medium | — | 6.5 | 11y ago | Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to execute arbitrary code by visiting a "deprecated page," aka Bug ID CSCup90168. | |||
| CVE-2015-2821 | medium | — | 6.5 | 11y ago | TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote editors to access, create, and modify content nodes in the workspace of other editors via unspecified vectors. | |||
| CVE-2015-2815 | medium | — | 6.5 | 11y ago | Buffer overflow in the C_SAPGPARAM function in the NetWeaver Dispatcher in SAP KERNEL 7.00 (7000.52.12.34966) and 7.40 (7400.12.21.30308) allows remote authenticated users to cause a denial of servic… | |||
| CVE-2015-2172 | medium | — | 6.5 | 11y ago | DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via … | |||
| CVE-2015-2758 | medium | — | 6.5 | 11y ago | The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to obtain sensitive information, modify the database, or po… | |||
| CVE-2015-0934 | medium | — | 6.5 | 11y ago | Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ShareLaTeX before 0.1.3, allows remote authenticated users to execute arbitrary code via ` (backtick) characters in a filename. | |||
| CVE-2015-2194 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in the fusion_options function in functions.php in the Fusion theme 3.1 for Wordpress allows remote authenticated users to execute arbitrary code by uploading a… | |||
| CVE-2015-2087 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in the Avatar Uploader module before 6.x-1.3 for Drupal allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension… | |||
| CVE-2015-2035 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the administrative backend in Piwigo before 2.7.4 allows remote administrators to execute arbitrary SQL commands via the user parameter in the history page to admin.php. | |||
| CVE-2015-1604 | medium | — | 6.5 | 11y ago | Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable exten… | |||
| CVE-2015-1616 | medium | — | 6.5 | 11y ago | SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified … | |||
| CVE-2015-1434 | medium | — | 6.5 | 11y ago | Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category… | |||
| CVE-2015-0611 | medium | — | 6.5 | 12y ago | The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote aut… | |||
| CVE-2015-0580 | medium | — | 6.5 | 12y ago | Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute ar… | |||
| CVE-2015-1393 | medium | — | 6.5 | 12y ago | SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create galle… | |||
| CVE-2015-1195 | medium | — | 6.5 | 12y ago | OpenStack Glance v2 API unrestricted path traversal through filesystem:// scheme | |||
| CVE-2015-0373 | medium | — | 6.5 | 12y ago | Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, … | |||
| CVE-2015-0515 | medium | — | 6.5 | 12y ago | Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an… | |||
| CVE-2015-1029 | medium | — | 6.5 | 12y ago | The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 and earlier allows remote authenticated users to gain privileges or obtain sensitive information by … | |||
| CVE-2015-4072 | medium | 5.4 | 6.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and m… | |||
| CVE-2015-8780 | medium | 6.4 | 6.4 | 9y ago | Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury. | |||
| CVE-2015-5399 | medium | 5.4 | 6.4 | 10y ago | Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment. | |||
| CVE-2015-8511 | medium | 6.4 | 6.4 | 11y ago | Race condition in the lockscreen feature in Mozilla Firefox OS before 2.5 allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors. | |||
| CVE-2015-8579 | medium | — | 6.4 | 11y ago | Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass th… | |||
| CVE-2015-8578 | medium | — | 6.4 | 11y ago | AVG Internet Security 2015 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses when protecting user-mode processes, which allows attackers to bypass the DEP and ASLR… | |||
| CVE-2015-8241 | medium | — | 6.4 | 11y ago | The xmlNextChar function in libxml2 2.9.2 does not properly check the state, which allows context-dependent attackers to cause a denial of service (heap-based buffer over-read and application crash) … | |||
| CVE-2015-8382 | medium | — | 6.4 | 11y ago | The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which… | |||
| CVE-2015-7286 | medium | — | 6.4 | 11y ago | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographi… | |||
| CVE-2015-5305 | medium | — | 6.4 | 11y ago | Directory traversal vulnerability in Kubernetes, as used in Red Hat OpenShift Enterprise 3.0, allows attackers to write to arbitrary files via a crafted object type name, which is not properly handle… | |||
| CVE-2015-5289 | medium | — | 6.4 | 11y ago | Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service (server crash) via unspecified vecto… | |||
| CVE-2015-5288 | medium | — | 6.4 | 11y ago | The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, 9.1.x before 9.1.19, 9.2.x before 9.2.14, 9.3.x before 9.3.10, and 9.4.x before 9.4.5 allows attackers to cause a denial of service… | |||
| CVE-2015-1002 | medium | — | 6.4 | 11y ago | IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote attackers to write to or delete files via a crafted string. |