CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2068 | medium | — | 5.3 | 11y ago | MAGMI cross-site scripting (XSS) | |||
| CVE-2015-1494 | medium | — | 5.3 | 11y ago | The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter i… | |||
| CVE-2015-1575 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; t… | |||
| CVE-2015-0072 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors invol… | |||
| CVE-2015-1478 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the view parameter to /classifi… | |||
| CVE-2015-1422 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) ja… | |||
| CVE-2015-1373 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter in a search reques… | |||
| CVE-2015-1368 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to cred… | |||
| CVE-2015-1366 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user … | |||
| CVE-2015-1058 | medium | — | 5.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add… | |||
| CVE-2015-1057 | medium | — | 5.3 | 12y ago | Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value. | |||
| CVE-2015-1865 | medium | 5.1 | 5.1 | 9y ago | fts.c in coreutils 8.4 allows local users to delete arbitrary files. | |||
| CVE-2015-8945 | medium | 5.1 | 5.1 | 10y ago | openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores router credentials as envvars in the pod when the --credentials option is used, which allows local users to obtain sensitive pri… | |||
| CVE-2015-8839 | medium | 5.1 | 5.1 | 10y ago | Multiple race conditions in the ext4 filesystem implementation in the Linux kernel before 4.5 allow local users to cause a denial of service (disk corruption) by writing to a page that is associated … | |||
| CVE-2015-7502 | medium | 5.1 | 5.1 | 10y ago | Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms 4.0 Management Engine (CFME) 5.5.0 do not properly encrypt data in the backend PostgreSQL database, which might allow local users … | |||
| CVE-2015-4996 | medium | 5.1 | 5.1 | 11y ago | IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x before 8.0.1.10 allows local users to spoof database servers and discover credentials via unspecified vectors. | |||
| CVE-2015-6613 | medium | — | 5.1 | 11y ago | Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows attackers to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated … | |||
| CVE-2015-5665 | medium | — | 5.1 | 11y ago | Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.3 allows remote attackers to hijack the authentication of arbitrary users for requests that write to PHP scripts,… | |||
| CVE-2015-7298 | medium | — | 5.1 | 11y ago | ownCloud Desktop Client before 2.0.1, when compiled with a Qt release after 5.3.x, does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which makes it easier for remote… | |||
| CVE-2015-4507 | medium | — | 5.1 | 11y ago | The SavedStacks class in the JavaScript implementation in Mozilla Firefox before 41.0, when the Debugger API is enabled, allows remote attackers to cause a denial of service (getSlotRef assertion fai… | |||
| CVE-2015-7233 | medium | — | 5.1 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Import module is enabled, allows remote attackers to hijack the authentication of adm… | |||
| CVE-2015-5508 | medium | — | 5.1 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the XC NCIP Provider module in the eXtensible Catalog (XC) Drupal Toolkit allows remote attackers to hijack the authentication of users with the "ad… | |||
| CVE-2015-4396 | medium | — | 5.1 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Keyword Research module 6.x-1.x before 6.x-1.2 for Drupal allow remote attackers to hijack the authentication of users with the "kwre… | |||
| CVE-2015-1743 | medium | — | 5.1 | 11y ago | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability tha… | |||
| CVE-2015-0259 | medium | — | 5.1 | 11y ago | OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authenticati… | |||
| CVE-2015-0813 | medium | — | 5.1 | 11y ago | Use-after-free vulnerability in the AppendElements function in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 on Linux, when the Fluendo MP3 plugin for GStream… | |||
| CVE-2015-3982 | medium | — | 5.0 | 4y ago | The session.flush function in the cached_db backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the … | |||
| CVE-2015-8213 | medium | — | 5.0 | 4y ago | The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via … | |||
| CVE-2015-0219 | medium | — | 5.0 | 4y ago | Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 allows remote attackers to spoof WSGI headers by using an _ (underscore) character instead of a - (dash) character in an HTTP header,… | |||
| CVE-2015-0222 | medium | — | 5.0 | 4y ago | ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x before 1.7.3, when show_hidden_initial is set to True, allows remote attackers to cause a denial of service by submitting duplicate va… | |||
| CVE-2015-7713 | medium | — | 5.0 | 4y ago | OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before 2015.1.2 (kilo) do not properly apply security group changes, which allows remote attackers to bypass intended restriction by lever… | |||
| CVE-2015-2253 | medium | 5.0 | 5.0 | 9y ago | The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document. | |||
| CVE-2015-7499 | medium | — | 5.0 | 11y ago | Heap-based buffer overflow in nokogiri | |||
| CVE-2015-8615 | medium | 5.0 | 5.0 | 11y ago | The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 does not limit the number of printk console messages when logging the new callback method, which allows local HVM guest OS users to … | |||
| CVE-2015-6645 | medium | 5.0 | 5.0 | 11y ago | SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205. | |||
| CVE-2015-2007 | medium | 5.0 | 5.0 | 11y ago | Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.5 Patch 6 allows remote authenticated users to read arbitrary files via a crafted URL. | |||
| CVE-2015-7756 | medium | — | 5.0 | 11y ago | The encryption implementation in Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, 6.3.0r13 before 6.3.0r13b, 6.3.0r14 before 6.3.0r14b, 6.3.0r15 before 6.3.0r15b, 6.3.0r16 befor… | |||
| CVE-2015-6429 | medium | — | 5.0 | 11y ago | The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 through 3.17 allows remote attackers to cause a denial of service (IPsec connection termination) via a crafted IKEv1 packet to a… | |||
| CVE-2015-6428 | medium | — | 5.0 | 11y ago | Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to obtain sensitive information via a crafted HTTP request, aka Bug ID CSCuv03958. | |||
| CVE-2015-6427 | medium | — | 5.0 | 11y ago | Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detection feature and avoid triggering Snort IDS rules via an SSL session that is mishandled after decryption, aka … | |||
| CVE-2015-8601 | medium | — | 5.0 | 11y ago | The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restr… | |||
| CVE-2015-8476 | medium | — | 5.0 | 11y ago | SMTP Injection in PHPMailer | |||
| CVE-2015-8000 | medium | — | 5.0 | 11y ago | db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attrib… | |||
| CVE-2015-6425 | medium | — | 5.0 | 11y ago | The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session … | |||
| CVE-2015-7219 | medium | — | 5.0 | 11y ago | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise … | |||
| CVE-2015-7218 | medium | — | 5.0 | 11y ago | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header fra… | |||
| CVE-2015-7215 | medium | — | 5.0 | 11y ago | The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the f… | |||
| CVE-2015-7214 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. | |||
| CVE-2015-7211 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. | |||
| CVE-2015-7208 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. | |||
| CVE-2015-7207 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive inform… | |||
| CVE-2015-8317 | medium | — | 5.0 | 11y ago | The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declar… | |||
| CVE-2015-7500 | medium | — | 5.0 | 11y ago | The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect en… | |||
| CVE-2015-7498 | medium | — | 5.0 | 11y ago | Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extra… | |||
| CVE-2015-7497 | medium | — | 5.0 | 11y ago | Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2015-6411 | medium | — | 5.0 | 11y ago | Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by… | |||
| CVE-2015-7081 | medium | — | 5.0 | 11y ago | iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity r… | |||
| CVE-2015-7056 | medium | — | 5.0 | 11y ago | IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a fil… | |||
| CVE-2015-7045 | medium | — | 5.0 | 11y ago | Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors. | |||
| CVE-2015-7037 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname. | |||
| CVE-2015-6135 | medium | — | 5.0 | 11y ago | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from p… | |||
| CVE-2015-6632 | medium | — | 5.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unkno… | |||
| CVE-2015-6631 | medium | — | 5.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unkno… | |||
| CVE-2015-6629 | medium | — | 5.0 | 11y ago | Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug… | |||
| CVE-2015-6628 | medium | — | 5.0 | 11y ago | Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vec… | |||
| CVE-2015-6626 | medium | — | 5.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unkno… | |||
| CVE-2015-6622 | medium | — | 5.0 | 11y ago | The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, v… | |||
| CVE-2015-4334 | medium | — | 5.0 | 11y ago | The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when u… | |||
| CVE-2015-5302 | medium | — | 5.0 | 11y ago | libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1)… | |||
| CVE-2015-1794 | medium | — | 5.0 | 11y ago | The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-He… | |||
| CVE-2015-6388 | medium | — | 5.0 | 11y ago | Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. | |||
| CVE-2015-6386 | medium | — | 5.0 | 11y ago | The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions… | |||
| CVE-2015-6382 | medium | — | 5.0 | 11y ago | Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815. | |||
| CVE-2015-5324 | medium | — | 5.0 | 11y ago | Jenkins allows Unauthorized Viewing of Queue API Information | |||
| CVE-2015-5322 | medium | — | 5.0 | 11y ago | Jenkins has Local File Inclusion Vulnerability | |||
| CVE-2015-5321 | medium | — | 5.0 | 11y ago | Jenkins has Information Disclosure via Sidepanel Widget | |||
| CVE-2015-5320 | medium | — | 5.0 | 11y ago | Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2015-5319 | medium | — | 5.0 | 11y ago | Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI | |||
| CVE-2015-8329 | medium | — | 5.0 | 11y ago | SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecifie… | |||
| CVE-2015-7981 | medium | — | 5.0 | 11y ago | The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via cra… | |||
| CVE-2015-8320 | medium | — | 5.0 | 11y ago | Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value. | |||
| CVE-2015-8087 | medium | — | 5.0 | 11y ago | Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to othe… | |||
| CVE-2015-7845 | medium | — | 5.0 | 11y ago | The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cau… | |||
| CVE-2015-6368 | medium | — | 5.0 | 11y ago | Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608. | |||
| CVE-2015-8023 | medium | — | 5.0 | 11y ago | The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers t… | |||
| CVE-2015-7998 | medium | — | 5.0 | 11y ago | The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler … | |||
| CVE-2015-7996 | medium | — | 5.0 | 11y ago | The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service … | |||
| CVE-2015-7995 | medium | — | 5.0 | 11y ago | The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to… | |||
| CVE-2015-5311 | medium | — | 5.0 | 11y ago | PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. | |||
| CVE-2015-5276 | medium | — | 5.0 | 11y ago | The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent… | |||
| CVE-2015-0272 | medium | — | 5.0 | 11y ago | GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability tha… | |||
| CVE-2015-8215 | medium | — | 5.0 | 11y ago | net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packe… | |||
| CVE-2015-7427 | medium | — | 5.0 | 11y ago | IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspe… | |||
| CVE-2015-6364 | medium | — | 5.0 | 11y ago | Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka … | |||
| CVE-2015-6366 | medium | — | 5.0 | 11y ago | Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circums… | |||
| CVE-2015-7819 | medium | — | 5.0 | 11y ago | The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a… | |||
| CVE-2015-7991 | medium | — | 5.0 | 11y ago | The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vector… | |||
| CVE-2015-8005 | medium | — | 5.0 | 11y ago | MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading… | |||
| CVE-2015-8095 | medium | — | 5.0 | 11y ago | The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an … | |||
| CVE-2015-8041 | medium | — | 5.0 | 11y ago | Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a lar… |