CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7285 | medium | — | 5.8 | 11y ago | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do not require authentication from Alarm Receiving Center (ARC) servers, which allows man-in-the-middle attackers to bypass intended … | |||
| CVE-2015-6112 | medium | — | 5.8 | 11y ago | SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required ext… | |||
| CVE-2015-5655 | medium | — | 5.8 | 11y ago | The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a c… | |||
| CVE-2015-6614 | medium | — | 5.8 | 11y ago | Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain privileges, and consequently bypass intended network-interface restrictions, perform expensive data transfers, or cause a denial … | |||
| CVE-2015-5210 | medium | — | 5.8 | 11y ago | Apache Ambari Open Redirect | |||
| CVE-2015-7023 | medium | — | 5.8 | 11y ago | CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite coo… | |||
| CVE-2015-4871 | medium | — | 5.8 | 11y ago | Unspecified vulnerability in Oracle Java SE 7u85 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | |||
| CVE-2015-4859 | medium | — | 5.8 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect confidentiality and integ… | |||
| CVE-2015-7823 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS 8.2 through 8.2.41 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in th… | |||
| CVE-2015-6463 | medium | — | 5.8 | 11y ago | CodeWrights HART Comm DTM components, as used with Endress+Hauser FieldCare, allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU … | |||
| CVE-2015-6012 | medium | — | 5.8 | 11y ago | Multiple open redirect vulnerabilities in Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allow remote attackers to redirect users to arbitrary web sites and co… | |||
| CVE-2015-6548 | medium | — | 5.8 | 11y ago | Multiple SQL injection vulnerabilities in a PHP script in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote authenticated users to … | |||
| CVE-2015-6932 | medium | — | 5.8 | 11y ago | VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify X.509 certificates from TLS LDAP servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat… | |||
| CVE-2015-0943 | medium | — | 5.8 | 11y ago | Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt communication between the client and the backend server, which allows man-in-the-middle attackers to obtain encryption keys, user cred… | |||
| CVE-2015-5717 | medium | — | 5.8 | 11y ago | The Siemens COMPAS Mobile application before 1.6 for Android does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensiti… | |||
| CVE-2015-2014 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the web server in IBM Domino 8.5 before 8.5.3 FP6 IF9 and 9.0 before 9.0.1 FP4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing att… | |||
| CVE-2015-4297 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via crafted HTTP reque… | |||
| CVE-2015-5510 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Content Construction Kit (CCK) 6.x-2.x before 6.x-2.10 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via … | |||
| CVE-2015-5503 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Chamilo integration module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspe… | |||
| CVE-2015-5770 | medium | — | 5.8 | 11y ago | MobileInstallation in Apple iOS before 8.4.1 does not ensure the uniqueness of universal provisioning profile bundle IDs, which allows attackers to replace arbitrary extensions via a crafted enterpri… | |||
| CVE-2015-5176 | medium | — | 5.8 | 11y ago | The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to r… | |||
| CVE-2015-3963 | medium | — | 5.8 | 11y ago | Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, 6.8.x before 6.8.3, 6.9.x before 6.9.4.4, and 7.x before 7 ipnet_coreip 1.2.2.0, as used on Schneider Electric SAGE RTU devices be… | |||
| CVE-2015-4529 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, Documentum Administrator before 7.2P01, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishers through 6.5SP7,… | |||
| CVE-2015-0543 | medium | — | 5.8 | 11y ago | EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain… | |||
| CVE-2015-5062 | medium | — | 5.8 | 11y ago | Silverstripe CMS Open Redirect | |||
| CVE-2015-2859 | medium | — | 5.8 | 11y ago | Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x through 5.1.2 does not validate server names and Certification Authority names in X.509 certificates from SSL servers, which allows m… | |||
| CVE-2015-3233 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2015-3232 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Field UI module in Drupal 7.x before 7.38 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination… | |||
| CVE-2015-4398 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Chaos tool suite (ctools) module before 6.x-1.12 and 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct … | |||
| CVE-2015-4371 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Perfecto module before 7.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspecified … | |||
| CVE-2015-4363 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the finder_form_goto function in the Finder module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecif… | |||
| CVE-2015-4353 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via un… | |||
| CVE-2015-4352 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Spider Video Player module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete videos via… | |||
| CVE-2015-4349 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Spider Contacts module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete contact catego… | |||
| CVE-2015-2337 | medium | — | 5.8 | 11y ago | TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mode… | |||
| CVE-2015-2336 | medium | — | 5.8 | 11y ago | TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before 7.1.1, and VMware Horizon Client 3.2.x before 3.2.1, 3.3.x, and 5.x local-mod… | |||
| CVE-2015-2783 | medium | — | 5.8 | 11y ago | ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over… | |||
| CVE-2015-4094 | medium | — | 5.8 | 11y ago | The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s… | |||
| CVE-2015-3175 | medium | — | 5.8 | 11y ago | Moodle Arbitrary Redirect | |||
| CVE-2015-4134 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter. | |||
| CVE-2015-3922 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in mode.php in Coppermine Photo Gallery before 1.5.36 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the refere… | |||
| CVE-2015-2694 | medium | — | 5.8 | 11y ago | The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an int… | |||
| CVE-2015-3644 | medium | — | 5.8 | 11y ago | Stunnel 5.00 through 5.13, when using the redirect option, does not redirect client connections to the expected server after the initial connection, which allows remote attackers to bypass authentica… | |||
| CVE-2015-1863 | medium | — | 5.8 | 11y ago | Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information… | |||
| CVE-2015-0706 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in Cisco FireSIGHT System Software 5.3.1.1, 5.3.1.2, and 6.0.0 in FireSIGHT Management Center allows remote attackers to redirect users to arbitrary web sites and conduct … | |||
| CVE-2015-3393 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Commerce WeDeal module before 7.x-1.3 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified pa… | |||
| CVE-2015-3388 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Commerce Balanced Payments module for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete th… | |||
| CVE-2015-3383 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Node basket module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | |||
| CVE-2015-3382 | medium | — | 5.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Node basket module for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add or (2)… | |||
| CVE-2015-3380 | medium | — | 5.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Feature Set module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (… | |||
| CVE-2015-3375 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Shibboleth Authentication module before 6.x-4.1 and 7.x-4.x before 7.x-4.1 for Drupal allows remote attackers to hijack the authentication of ad… | |||
| CVE-2015-3374 | medium | — | 5.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Corner module for Drupal allow remote attackers to hijack the authentication of administrators for requests that (1) enable or (2) di… | |||
| CVE-2015-3371 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Node Invite module before 6.x-2.5 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination param… | |||
| CVE-2015-3366 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Alfresco module before 6.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that delete an al… | |||
| CVE-2015-3358 | medium | — | 5.8 | 11y ago | Multiple open redirect vulnerabilities in the Tadaa! module before 7.x-1.4 for Drupal allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a desti… | |||
| CVE-2015-3354 | medium | — | 5.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Wishlist module before 6.x-2.7 and 7.x-2.x before 7.x-2.7 for Drupal allows remote attackers to hijack the authentication of arbitrary users for… | |||
| CVE-2015-3342 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Ubercart Currency Conversion module before 6.x-1.2 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a UR… | |||
| CVE-2015-0480 | medium | — | 5.8 | 11y ago | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools. | |||
| CVE-2015-0906 | medium | — | 5.8 | 11y ago | Directory traversal vulnerability in Lhaplus before 1.70 allows remote attackers to write to arbitrary files via a crafted archive. | |||
| CVE-2015-0697 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the login page in Cisco TC Software before 6.3-26 and 7.x before 7.3.0 on Cisco TelePresence Collaboration Desk and Room Endpoints devices allows remote attackers to re… | |||
| CVE-2015-1638 | medium | — | 5.8 | 11y ago | Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by l… | |||
| CVE-2015-0557 | medium | — | 5.8 | 11y ago | Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multipl… | |||
| CVE-2015-0556 | medium | — | 5.8 | 11y ago | Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. | |||
| CVE-2015-2167 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the 3PI Manager in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to redirect users to arbitrary web sites and conduct phish… | |||
| CVE-2015-1596 | medium | — | 5.8 | 11y ago | The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive in… | |||
| CVE-2015-2215 | medium | — | 5.8 | 11y ago | Open redirect vulnerability in the Services single sign-on server helper (services_sso_server_helper) module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct ph… | |||
| CVE-2015-0878 | medium | — | 5.8 | 11y ago | Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d allows remote attackers to write to arbitrary files via a crafted filename of an attachment. | |||
| CVE-2015-1042 | medium | — | 5.8 | 12y ago | The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an incorrect regular expression, which allows remote attackers to conduct open redirect and phishing at… | |||
| CVE-2015-0512 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in EMC Unisphere Central before 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter. | |||
| CVE-2015-1038 | medium | — | 5.8 | 12y ago | p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||
| CVE-2015-0406 | medium | — | 5.8 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. | |||
| CVE-2015-1051 | medium | — | 5.8 | 12y ago | Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing atta… | |||
| CVE-2015-6286 | medium | — | 5.7 | 11y ago | Cisco Application Visibility and Control (AVC) 15.3(3)JA, when FlexConnect is enabled, allows remote attackers to cause a denial of service (access-point outage) via a crafted UDP packet, aka Bug ID … | |||
| CVE-2015-4205 | medium | — | 5.7 | 11y ago | Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to cause a denial of service (NPU chip reset or line-card reload) by sending crafted IEEE 802.3x flow-control PAUSE frames on the local … | |||
| CVE-2015-0501 | medium | — | 5.7 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Compiling. | |||
| CVE-2015-0632 | medium | — | 5.7 | 11y ago | Race condition in the Neighbor Discovery (ND) protocol implementation in Cisco IOS and IOS XE allows remote attackers to cause a denial of service via a flood of Router Solicitation messages on the l… | |||
| CVE-2015-0060 | medium | — | 5.7 | 12y ago | The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Se… | |||
| CVE-2015-0578 | medium | — | 5.7 | 12y ago | Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay is configured, allows remote attackers to cause a denial of service (device reload) via crafted DHCP packets on the local network… | |||
| CVE-2015-7515 | medium | 4.6 | 5.6 | 10y ago | The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash… | |||
| CVE-2015-7566 | medium | 4.6 | 5.6 | 11y ago | The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system cras… | |||
| CVE-2015-1985 | medium | 5.6 | 5.6 | 11y ago | The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file. | |||
| CVE-2015-7020 | medium | — | 5.6 | 11y ago | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read… | |||
| CVE-2015-7019 | medium | — | 5.6 | 11y ago | The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X before 10.11.1 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read… | |||
| CVE-2015-1674 | medium | — | 5.6 | 11y ago | The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the … | |||
| CVE-2015-2572 | medium | — | 5.6 | 11y ago | Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, in… | |||
| CVE-2015-0095 | medium | — | 5.6 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Window… | |||
| CVE-2015-8011 | medium | — | 5.5 | — | Buffer overflow in the lldp_decode function in daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code vi… | |||
| CVE-2015-9253 | medium | — | 5.5 | — | denial of service in php-fpm | |||
| CVE-2015-8366 | medium | — | 5.5 | — | Array index error in smal_decode_segment function in LibRaw before 0.17.1 allows context-dependent attackers to cause memory errors and possibly execute arbitrary code via vectors related to indexes. | |||
| CVE-2015-9252 | medium | — | 5.5 | — | An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc. | |||
| CVE-2015-8367 | medium | — | 5.5 | — | The phase_one_correct function in Libraw before 0.17.1 allows attackers to cause memory errors and possibly execute arbitrary code, related to memory object initialization. | |||
| CVE-2015-20107 | medium | — | 5.5 | 4y ago | RHSA-2022:7593: python27:2.7 security update (Moderate) | |||
| CVE-2015-9541 | medium | — | 5.5 | 6y ago | RHSA-2020:4690: qt5-qtbase and qt5-qtwebsockets security and bug fix update (Moderate) | |||
| CVE-2015-9251 | medium | — | 5.5 | 9y ago | RHSA-2020:4847: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update (Moderate) | |||
| CVE-2015-1206 | medium | 5.5 | 5.5 | 9y ago | Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of service (unpaged memory write and process crash) via a crafted MP4 file. | |||
| CVE-2015-1526 | medium | 5.5 | 5.5 | 9y ago | The media_server component in Android allows remote attackers to cause a denial of service via a crafted application. | |||
| CVE-2015-7837 | medium | 5.5 | 5.5 | 9y ago | The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot re… | |||
| CVE-2015-3211 | medium | 5.5 | 5.5 | 9y ago | php-fpm allows local users to write to or create arbitrary files via a symlink attack. | |||
| CVE-2015-3156 | medium | 5.5 | 5.5 | 9y ago | Openstack DBaaS (Trove) Improper Link Resolution Before File Access | |||
| CVE-2015-8621 | medium | 5.5 | 5.5 | 9y ago | t-coffee before 11.00.8cbe486-2 allows local users to write to ~/.t_coffee globally. |