CVEs from 2015
Total
7,323
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
17.8%
% with KEV
0.6%
% with exploit
0.8%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2015-8481 | low | 3.1 | 3.1 | 11y ago | Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup r… | |
| CVE-2015-6641 | low | 3.1 | 3.1 | 11y ago | Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. | |
| CVE-2015-8801 | low | 2.9 | 2.9 | 10y ago | Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations befo… | |
| CVE-2015-4640 | low | — | 2.9 | 11y ago | The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attack… | |
| CVE-2015-3340 | low | — | 2.9 | 11y ago | Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_g… | |
| CVE-2015-7494 | low | 2.8 | 2.8 | 9y ago | A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API … | |
| CVE-2015-4836 | low | — | 2.8 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. | |
| CVE-2015-2566 | low | — | 2.8 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |
| CVE-2015-0511 | low | — | 2.8 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. | |
| CVE-2015-2115 | low | — | 2.7 | 11y ago | Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information … | |
| CVE-2015-4961 | low | 2.6 | 2.6 | 10y ago | IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A b… | |
| CVE-2015-4926 | low | — | 2.6 | 11y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect integrity via vectors related to UIX. | |
| CVE-2015-8577 | low | — | 2.6 | 11y ago | The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platform… | |
| CVE-2015-7094 | low | — | 2.6 | 11y ago | CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL. | |
| CVE-2015-7046 | low | — | 2.6 | 11y ago | The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the… | |
| CVE-2015-6627 | low | — | 2.6 | 11y ago | The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature o… | |
| CVE-2015-5281 | low | — | 2.6 | 11y ago | The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a … | |
| CVE-2015-8035 | low | — | 2.6 | 11y ago | The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML da… | |
| CVE-2015-8233 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject … | |
| CVE-2015-7412 | low | — | 2.6 | 11y ago | The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext da… | |
| CVE-2015-5667 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a cr… | |
| CVE-2015-4456 | low | — | 2.6 | 11y ago | ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate dist… | |
| CVE-2015-4812 | low | — | 2.6 | 11y ago | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module. | |
| CVE-2015-4508 | low | — | 2.6 | 11y ago | Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site. | |
| CVE-2015-7304 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data. | |
| CVE-2015-5907 | low | — | 2.6 | 11y ago | WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. | |
| CVE-2015-7232 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to i… | |
| CVE-2015-6921 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inje… | |
| CVE-2015-2987 | low | — | 2.6 | 11y ago | Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smal… | |
| CVE-2015-5514 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary w… | |
| CVE-2015-2476 | low | — | 2.6 | 11y ago | The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL … | |
| CVE-2015-4744 | low | — | 2.6 | 11y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, … | |
| CVE-2015-2627 | low | — | 2.6 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation. | |
| CVE-2015-2625 | low | — | 2.6 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. | |
| CVE-2015-4388 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows… | |
| CVE-2015-4387 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy tha… | |
| CVE-2015-4346 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web … | |
| CVE-2015-4171 | low | — | 2.6 | 11y ago | strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication rest… | |
| CVE-2015-3455 | low | — | 2.6 | 11y ago | Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.50… | |
| CVE-2015-0504 | low | — | 2.6 | 11y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Er… | |
| CVE-2015-1648 | low | — | 2.6 | 11y ago | ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-… | |
| CVE-2015-1787 | low | — | 2.6 | 11y ago | The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to c… | |
| CVE-2015-0820 | low | — | 2.6 | 11y ago | Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sa… | |
| CVE-2015-2047 | low | — | 2.6 | 11y ago | The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authenti… | |
| CVE-2015-7473 | low | 2.5 | 2.5 | 10y ago | runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp. | |
| CVE-2015-5313 | low | 2.5 | 2.5 | 10y ago | Directory traversal vulnerability in the virStorageBackendFileSystemVolCreate function in storage/storage_backend_fs.c in libvirt, when fine-grained Access Control Lists (ACL) are in effect, allows l… | |
| CVE-2015-7436 | low | 2.5 | 2.5 | 11y ago | IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos… | |
| CVE-2015-7435 | low | 2.5 | 2.5 | 11y ago | IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, 2.1.1.2 before IF9, 3.1.0.0 through 3.1.2 as used in Cognos Business Intelligence before 10.2 IF16, and 3.1.2.1 as used in Cognos… | |
| CVE-2015-8569 | low | 2.3 | 2.3 | 11y ago | The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address length, which allows local users to obtain sensitive information … | |
| CVE-2015-7885 | low | 2.3 | 2.3 | 11y ago | The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive informa… | |
| CVE-2015-7884 | low | 2.3 | 2.3 | 11y ago | The vivid_fb_ioctl function in drivers/media/platform/vivid/vivid-osd.c in the Linux kernel through 4.3.3 does not initialize a certain structure member, which allows local users to obtain sensitive … | |
| CVE-2015-6556 | low | — | 2.3 | 11y ago | EACommunicatorSrv.exe in the Framework Service in the client in Symantec Endpoint Encryption (SEE) before 11.1.0 allows remote authenticated users to discover credentials by triggering a memory dump. | |
| CVE-2015-4053 | low | — | 2.1 | 4y ago | The admin command in ceph-deploy before 1.5.25 uses world-readable permissions for /etc/ceph/ceph.client.admin.keyring, which allows local users to obtain sensitive information by reading the file. | |
| CVE-2015-4922 | low | — | 2.1 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Boot. | |
| CVE-2015-4920 | low | — | 2.1 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via vectors related to NDMP Backup Service. | |
| CVE-2015-6414 | low | — | 2.1 | 11y ago | Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protecti… | |
| CVE-2015-7080 | low | — | 2.1 | 11y ago | Siri in Apple iOS before 9.2 allows physically proximate attackers to bypass an intended client-side protection mechanism and obtain sensitive content-notification information by listening to a devic… | |
| CVE-2015-7067 | low | — | 2.1 | 11y ago | IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to cause a denial of service (NULL pointer dereference) via an unspecified userclient type. | |
| CVE-2015-8482 | low | — | 2.1 | 11y ago | Blue Coat Unified Agent before 4.6.2 does not prevent modification of its configuration files when running in local enforcement mode, which allows local administrators to unblock categories or disabl… | |
| CVE-2015-5006 | low | — | 2.1 | 11y ago | IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR2, 7 R1 before SR3 FP20, 7 before SR9 FP20, 6 R1 before SR8 FP15, and 6 before SR16 FP15 allow physically proximate attacke… | |
| CVE-2015-6375 | low | — | 2.1 | 11y ago | The debug-logging (aka debug cns) feature in Cisco Networking Services (CNS) for IOS 15.2(2)E3 allows local users to obtain sensitive information by reading an unspecified file, aka Bug ID CSCux18010. | |
| CVE-2015-6847 | low | — | 2.1 | 11y ago | The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this… | |
| CVE-2015-7872 | low | — | 2.1 | 11y ago | The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands. | |
| CVE-2015-6113 | low | — | 2.1 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and… | |
| CVE-2015-6109 | low | — | 2.1 | 11y ago | The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driv… | |
| CVE-2015-6102 | low | — | 2.1 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and… | |
| CVE-2015-8025 | low | — | 2.1 | 11y ago | driver/subprocs.c in XScreenSaver before 5.34 does not properly perform an internal consistency check, which allows physically proximate attackers to bypass the lock screen by hot swapping monitors. | |
| CVE-2015-8100 | low | — | 2.1 | 11y ago | The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file. | |
| CVE-2015-5218 | low | — | 2.1 | 11y ago | Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before 2.27 allows local users to cause a denial of service (crash) via a crafted file, related to the page global variable. | |
| CVE-2015-4940 | low | — | 2.1 | 11y ago | Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information… | |
| CVE-2015-1996 | low | — | 2.1 | 11y ago | IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS responses, which allows physically proximate attackers to obtain sensitive local-cache information … | |
| CVE-2015-7972 | low | — | 2.1 | 11y ago | The (1) libxl_set_memory_target function in tools/libxl/libxl.c and (2) libxl__build_post function in tools/libxl/libxl_dom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size whe… | |
| CVE-2015-7971 | low | — | 2.1 | 11y ago | Xen 3.2.x through 4.6.x does not limit the number of printk console messages when logging certain pmu and profiling hypercalls, which allows local guests to cause a denial of service via a sequence o… | |
| CVE-2015-7813 | low | — | 2.1 | 11y ago | Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk console messages when reporting unimplemented hypercalls, which allows local guests to cause a denial of service via a sequence of (1) … | |
| CVE-2015-3218 | low | — | 2.1 | 11y ago | The authentication_agent_new function in polkitbackend/polkitbackendinteractiveauthority.c in PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (NULL pointer derefer… | |
| CVE-2015-5448 | low | — | 2.1 | 11y ago | HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 before 9.50.11925 P3 allows local users to obtain sensitive information via unspecified vectors. | |
| CVE-2015-4981 | low | — | 2.1 | 11y ago | IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and 4.1.x before 4.1.1.2 and Spectrum Scale 4.1.1.x before 4.1.1.2 allow local users to obtain sensitive information from system memory v… | |
| CVE-2015-1005 | low | — | 2.1 | 11y ago | IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password storage, which allows context-dependent attackers to obtain sensitive information via unspecified vect… | |
| CVE-2015-6987 | low | — | 2.1 | 11y ago | The File Bookmark component in Apple OS X before 10.11.1 allows local users to cause a denial of service (application crash) via crafted bookmark metadata in a folder. | |
| CVE-2015-7000 | low | — | 2.1 | 11y ago | Notification Center in Apple iOS before 9.1 mishandles changes to "Show on Lock Screen" settings, which allows physically proximate attackers to obtain sensitive information by looking for a (1) Phon… | |
| CVE-2015-4910 | low | — | 2.1 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Memcached. | |
| CVE-2015-4865 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors … | |
| CVE-2015-4824 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Secu… | |
| CVE-2015-4813 | low | — | 2.1 | 11y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when using a Windows guest, allows local users … | |
| CVE-2015-4801 | low | — | 2.1 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality via unknown vectors related to Solaris Kernel Zones. | |
| CVE-2015-6252 | low | — | 2.1 | 11y ago | The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that trig… | |
| CVE-2015-5742 | low | — | 2.1 | 11y ago | VeeamVixProxy in Veeam Backup & Replication (B&R) before 8.0 update 3 stores local administrator credentials in log files with world-readable permissions, which allows local users to obtain sensitive… | |
| CVE-2015-7368 | low | — | 2.1 | 11y ago | Revive Adserver before 3.2.2 does not send the appropriate Cache-Control HTTP headers in responses for admin UI pages, which allows local users to obtain sensitive information via the web browser cac… | |
| CVE-2015-5923 | low | — | 2.1 | 11y ago | Apple iOS before 9.0.2 does not properly restrict the options available on the lock screen, which allows physically proximate attackers to read contact data or view photos via unspecified vectors. | |
| CVE-2015-5901 | low | — | 2.1 | 11y ago | The Secure Empty Trash feature in Finder in Apple OS X before 10.11 improperly deletes Trash files, which might allow local users to obtain sensitive information by reading storage media, as demonstr… | |
| CVE-2015-5893 | low | — | 2.1 | 11y ago | SMBClient in SMB in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |
| CVE-2015-5878 | low | — | 2.1 | 11y ago | Notes in Apple OS X before 10.11 misparses links, which allows local users to obtain sensitive information via unspecified vectors. | |
| CVE-2015-5875 | low | — | 2.1 | 11y ago | Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before 10.11 allows local users to inject arbitrary web script or HTML via crafted text. | |
| CVE-2015-5870 | low | — | 2.1 | 11y ago | The debugging interfaces in the kernel in Apple OS X before 10.11 allow local users to obtain sensitive memory-layout information via unspecified vectors. | |
| CVE-2015-5864 | low | — | 2.1 | 11y ago | IOAudioFamily in Apple OS X before 10.11 allows local users to obtain sensitive kernel memory-layout information via unspecified vectors. | |
| CVE-2015-5854 | low | — | 2.1 | 11y ago | The backup implementation in Time Machine in Apple OS X before 10.11 allows local users to obtain access to keychain items via unspecified vectors. | |
| CVE-2015-1015 | low | — | 2.1 | 11y ago | Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 use a reversible format for password storage in object files on Compact Flash cards, which makes it… | |
| CVE-2015-0988 | low | — | 2.1 | 11y ago | Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a fi… | |
| CVE-2015-2027 | low | — | 2.1 | 11y ago | IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 improperly performs logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an una… | |
| CVE-2015-1933 | low | — | 2.1 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX001 and 7.6.0 before 7.6.0.1 IFIX001… |