CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7437 | medium | 5.5 | 5.5 | 11y ago | Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5301 | medium | — | 5.5 | 11y ago | Ipsilon denial of service by deleting a SAML2 Service Provider (SP) | |||
| CVE-2015-5019 | medium | — | 5.5 | 11y ago | IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement. | |||
| CVE-2015-5021 | medium | — | 5.5 | 11y ago | IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors. | |||
| CVE-2015-1775 | medium | — | 5.5 | 11y ago | Apache Ambari SSRF Vulnerability | |||
| CVE-2015-5251 | medium | — | 5.5 | 11y ago | OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions | |||
| CVE-2015-4857 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the RDBMS component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2015-4850 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors re… | |||
| CVE-2015-4818 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors r… | |||
| CVE-2015-6470 | medium | — | 5.5 | 11y ago | Resource Data Management Data Manager before 2.2 allows remote authenticated users to modify arbitrary passwords via unspecified vectors. | |||
| CVE-2015-2873 | medium | — | 5.5 | 11y ago | Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions a… | |||
| CVE-2015-4319 | medium | — | 5.5 | 11y ago | The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authent… | |||
| CVE-2015-4316 | medium | — | 5.5 | 11y ago | The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, whic… | |||
| CVE-2015-4315 | medium | — | 5.5 | 11y ago | The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitra… | |||
| CVE-2015-4322 | medium | — | 5.5 | 11y ago | Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users t… | |||
| CVE-2015-4299 | medium | — | 5.5 | 11y ago | Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vec… | |||
| CVE-2015-1490 | medium | — | 5.5 | 11y ago | Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a rel… | |||
| CVE-2015-2971 | medium | — | 5.5 | 11y ago | Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string. | |||
| CVE-2015-2655 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.3.00.08 allows remote authenticated users to affect confidentiality and integrity via unknown vecto… | |||
| CVE-2015-2647 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1; EM Plugin for DB 12.1.0.5, 12.1.0.6, 12.1.0.7; a… | |||
| CVE-2015-1926 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 and 11.1.1.9.0, and the Oracle Applications Framework component in Oracle E-Business Suite 12… | |||
| CVE-2015-4182 | medium | — | 5.5 | 11y ago | The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or chang… | |||
| CVE-2015-0773 | medium | — | 5.5 | 11y ago | Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSC… | |||
| CVE-2015-0180 | medium | — | 5.5 | 11y ago | The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified v… | |||
| CVE-2015-0171 | medium | — | 5.5 | 11y ago | Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files v… | |||
| CVE-2015-0175 | medium | — | 5.5 | 11y ago | IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vec… | |||
| CVE-2015-1856 | medium | — | 5.5 | 11y ago | OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-vers… | |||
| CVE-2015-0476 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the SQL Trace Analyzer component in Oracle Support Tools before 12.1.11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2015-3028 | medium | — | 5.5 | 11y ago | McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters. | |||
| CVE-2015-0149 | medium | — | 5.5 | 11y ago | The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information… | |||
| CVE-2015-8310 | medium | 5.4 | 5.4 | 4y ago | Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist. | |||
| CVE-2015-7878 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject… | |||
| CVE-2015-5379 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email atta… | |||
| CVE-2015-6521 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. | |||
| CVE-2015-5613 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerabil… | |||
| CVE-2015-8375 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. | |||
| CVE-2015-5181 | medium | 5.4 | 5.4 | 9y ago | The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | |||
| CVE-2015-1864 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) l… | |||
| CVE-2015-7879 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary we… | |||
| CVE-2015-7672 | medium | 5.4 | 5.4 | 9y ago | Centreon Cross-site Scripting Vulnerability | |||
| CVE-2015-3162 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a craf… | |||
| CVE-2015-3976 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. | |||
| CVE-2015-3615 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involvin… | |||
| CVE-2015-9105 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrar… | |||
| CVE-2015-9104 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the a… | |||
| CVE-2015-9103 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or… | |||
| CVE-2015-9102 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML v… | |||
| CVE-2015-6959 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Vindula 1.9. | |||
| CVE-2015-2883 | medium | 5.4 | 5.4 | 9y ago | Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. | |||
| CVE-2015-4673 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to uploa… | |||
| CVE-2015-8687 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HT… | |||
| CVE-2015-7363 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x be… | |||
| CVE-2015-7775 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-20… | |||
| CVE-2015-7989 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a diff… | |||
| CVE-2015-7676 | medium | 5.4 | 5.4 | 10y ago | Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uplo… | |||
| CVE-2015-0284 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the … | |||
| CVE-2015-2344 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-7448 | medium | 5.4 | 5.4 | 10y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, … | |||
| CVE-2015-7491 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a… | |||
| CVE-2015-5336 | medium | 5.4 | 5.4 | 10y ago | Moodle multiple cross-site scripting (XSS) vulnerabilities | |||
| CVE-2015-5269 | medium | 5.4 | 5.4 | 10y ago | Moodle cross-site scripting (XSS) vulnerability | |||
| CVE-2015-5264 | medium | 5.4 | 5.4 | 10y ago | Moodle allows attackers to enter additional answer attempts | |||
| CVE-2015-8486 | medium | 5.4 | 5.4 | 10y ago | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CV… | |||
| CVE-2015-8485 | medium | 5.4 | 5.4 | 10y ago | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than C… | |||
| CVE-2015-8484 | medium | 5.4 | 5.4 | 10y ago | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8… | |||
| CVE-2015-7492 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated… | |||
| CVE-2015-7398 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x b… | |||
| CVE-2015-4957 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted… | |||
| CVE-2015-7536 | medium | 5.4 | 5.4 | 11y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2015-7417 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web… | |||
| CVE-2015-5295 | medium | 5.4 | 5.4 | 11y ago | The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory cons… | |||
| CVE-2015-5009 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authentica… | |||
| CVE-2015-7467 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authentica… | |||
| CVE-2015-7414 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4… | |||
| CVE-2015-8688 | medium | 5.4 | 5.4 | 11y ago | Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. | |||
| CVE-2015-3948 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-8603 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action t… | |||
| CVE-2015-8759 | medium | 5.4 | 5.4 | 11y ago | TYPO3 Cross-site Scripting vulnerability | |||
| CVE-2015-8758 | medium | 5.4 | 5.4 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web scr… | |||
| CVE-2015-8756 | medium | 5.4 | 5.4 | 11y ago | TYPO3 CMS indexed search Cross-site Scripting vulnerability | |||
| CVE-2015-8755 | medium | 5.4 | 5.4 | 11y ago | Typo3 XSS Vulnerability | |||
| CVE-2015-5447 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5037 | medium | 5.4 | 5.4 | 11y ago | Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentic… | |||
| CVE-2015-5036 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script… | |||
| CVE-2015-5035 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script… | |||
| CVE-2015-5023 | medium | 5.4 | 5.4 | 11y ago | SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5017 | medium | 5.4 | 5.4 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2… | |||
| CVE-2015-7396 | medium | 5.4 | 5.4 | 11y ago | The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Con… | |||
| CVE-2015-7451 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6… | |||
| CVE-2015-7402 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-7409 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field. | |||
| CVE-2015-7415 | medium | 5.4 | 5.4 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web sc… | |||
| CVE-2015-5049 | medium | 5.4 | 5.4 | 11y ago | SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecif… | |||
| CVE-2015-5296 | medium | 5.4 | 5.4 | 11y ago | Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unen… | |||
| CVE-2015-4228 | medium | — | 5.4 | 11y ago | Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad servers to cause a denial of service (reboot) via malformed ad messages, aka Bug ID CSCur13999. | |||
| CVE-2015-4203 | medium | — | 5.4 | 11y ago | Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of … | |||
| CVE-2015-3610 | medium | — | 5.4 | 11y ago | The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt… | |||
| CVE-2015-2789 | medium | — | 5.4 | 11y ago | Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse p… | |||
| CVE-2015-1065 | medium | — | 5.4 | 11y ago | Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data str… | |||
| CVE-2015-1349 | medium | — | 5.4 | 11y ago | named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of servic… |