CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8953 | medium | 5.5 | 5.5 | 10y ago | fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an incorrect cleanup code path, which allows local users to cause a denial of service (dentry reference leak) via filesystem operations on… | |||
| CVE-2015-8952 | medium | 5.5 | 5.5 | 10y ago | The mbcache feature in the ext2 and ext4 filesystem implementations in the Linux kernel before 4.6 mishandles xattr block caching, which allows local users to cause a denial of service (soft lockup) … | |||
| CVE-2015-8950 | medium | 5.5 | 5.5 | 10y ago | arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used in the ION subsystem in Android and other products, does not initialize certain data structures, which allows local users to obta… | |||
| CVE-2015-8934 | medium | 5.5 | 5.5 | 10y ago | The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ra… | |||
| CVE-2015-8933 | medium | 5.5 | 5.5 | 10y ago | Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafte… | |||
| CVE-2015-8932 | medium | 5.5 | 5.5 | 10y ago | The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which trigg… | |||
| CVE-2015-8929 | medium | 5.5 | 5.5 | 10y ago | Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file. | |||
| CVE-2015-8928 | medium | 5.5 | 5.5 | 10y ago | The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. | |||
| CVE-2015-8927 | medium | 5.5 | 5.5 | 10y ago | The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a cra… | |||
| CVE-2015-8926 | medium | 5.5 | 5.5 | 10y ago | The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive. | |||
| CVE-2015-8925 | medium | 5.5 | 5.5 | 10y ago | The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newlin… | |||
| CVE-2015-8924 | medium | 5.5 | 5.5 | 10y ago | The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafte… | |||
| CVE-2015-8922 | medium | 5.5 | 5.5 | 10y ago | The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7… | |||
| CVE-2015-8920 | medium | 5.5 | 5.5 | 10y ago | The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file. | |||
| CVE-2015-8915 | medium | 5.5 | 5.5 | 10y ago | bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file. | |||
| CVE-2015-8944 | medium | 5.5 | 5.5 | 10y ago | The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which … | |||
| CVE-2015-8808 | medium | 5.5 | 5.5 | 10y ago | The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. | |||
| CVE-2015-3192 | medium | 5.5 | 5.5 | 10y ago | Pivotal Spring Framework DoS Attack with XML Input | |||
| CVE-2015-8893 | medium | 5.5 | 5.5 | 10y ago | app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted a… | |||
| CVE-2015-5231 | medium | 5.5 | 5.5 | 10y ago | The service daemon in CRIU does not properly restrict access to non-dumpable processes, which allows local users to obtain sensitive information via (1) process dumps or (2) ptrace access. | |||
| CVE-2015-8558 | medium | 5.5 | 5.5 | 10y ago | The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via a circular isochronous transfer de… | |||
| CVE-2015-4178 | medium | 5.5 | 5.5 | 10y ago | The fs_pin implementation in the Linux kernel before 4.0.5 does not ensure the internal consistency of a certain list data structure, which allows local users to cause a denial of service (system cra… | |||
| CVE-2015-4177 | medium | 5.5 | 5.5 | 10y ago | The collect_mounts function in fs/namespace.c in the Linux kernel before 4.0.5 does not properly consider that it may execute after a path has been unmounted, which allows local users to cause a deni… | |||
| CVE-2015-4176 | medium | 5.5 | 5.5 | 10y ago | fs/namespace.c in the Linux kernel before 4.0.2 does not properly support mount connectivity, which allows local users to read arbitrary files by leveraging user-namespace root access for deletion of… | |||
| CVE-2015-2672 | medium | 5.5 | 5.5 | 10y ago | The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the Linux kernel before 3.19.2 creates certain .altinstr_replacement pointers and consequently does not provide any protection again… | |||
| CVE-2015-1573 | medium | 5.5 | 5.5 | 10y ago | The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mishandles the interaction between cross-chain jumps and ruleset flushes, which allows local users to c… | |||
| CVE-2015-1350 | medium | 5.5 | 5.5 | 10y ago | The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allows local users to cau… | |||
| CVE-2015-8845 | medium | 5.5 | 5.5 | 10y ago | The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim c… | |||
| CVE-2015-8844 | medium | 5.5 | 5.5 | 10y ago | The signal implementation in the Linux kernel before 4.3.5 on powerpc platforms does not check for an MSR with both the S and T bits set, which allows local users to cause a denial of service (TM Bad… | |||
| CVE-2015-7802 | medium | 5.5 | 5.5 | 10y ago | gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote attackers to cause a denial of service (uninitialized memory read) via a crafted GIF file. | |||
| CVE-2015-8683 | medium | 5.5 | 5.5 | 10y ago | The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via a packed TIFF image. | |||
| CVE-2015-8665 | medium | 5.5 | 5.5 | 10y ago | tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a denial of service (out-of-bounds read) via the SamplesPerPixel tag in a TIFF image. | |||
| CVE-2015-7555 | medium | 5.5 | 5.5 | 10y ago | Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allows attackers to cause a denial of service (program crash) via crafted image and logical screen width fields in a GIF file. | |||
| CVE-2015-5158 | medium | 5.5 | 5.5 | 10y ago | Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built with SCSI-device emulation support, allows guest OS users with CAP_SYS_RAWIO permissions to cause a denial of service (instance c… | |||
| CVE-2015-8679 | medium | 5.5 | 5.5 | 10y ago | The Maxim_smartpa_dev driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230,… | |||
| CVE-2015-8305 | medium | 5.5 | 5.5 | 10y ago | Huawei Sophia-L10 smartphones with software before P7-L10C900B852 allow attackers to cause a denial of service (system panic) via a crafted application with the system or camera privilege. | |||
| CVE-2015-7550 | medium | 5.5 | 5.5 | 11y ago | The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows local users to cause a denial of service (NULL pointer derefere… | |||
| CVE-2015-8777 | medium | 5.5 | 5.5 | 11y ago | The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTE… | |||
| CVE-2015-8337 | medium | 5.5 | 5.5 | 11y ago | The HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B220SP01, GRA-CL00 before GRA-CL00C92B220, GRA-CL10 before GRA-CL10C92B220, GRA-UL00 before GRA-UL00C00B220, GRA-UL10 befo… | |||
| CVE-2015-8226 | medium | 5.5 | 5.5 | 11y ago | The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100… | |||
| CVE-2015-8225 | medium | 5.5 | 5.5 | 11y ago | The Joint Photographic Experts Group Processing Unit (JPU) driver in Huawei ALE smartphones with software before ALE-UL00C00B220 and ALE-TL00C01B220 and GEM-703L smartphones with software before V100… | |||
| CVE-2015-8742 | medium | 5.5 | 5.5 | 11y ago | The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark 2.0.x before 2.0.1 does not validate the column size, which allows remote attackers to cause… | |||
| CVE-2015-8741 | medium | 5.5 | 5.5 | 11y ago | The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI dissector in Wireshark 2.0.x before 2.0.1 does not initialize a packet-header data structure, which allows remote attackers to caus… | |||
| CVE-2015-8738 | medium | 5.5 | 5.5 | 11y ago | The s7comm_decode_ud_cpu_szl_subfunc function in epan/dissectors/packet-s7comm_szl_ids.c in the S7COMM dissector in Wireshark 2.0.x before 2.0.1 does not validate the list count in an SZL response, w… | |||
| CVE-2015-8737 | medium | 5.5 | 5.5 | 11y ago | The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in Wireshark 2.0.x before 2.0.1 does not validate the bit rate, which allows remote attackers to cause a denial of service (divide-by-… | |||
| CVE-2015-8734 | medium | 5.5 | 5.5 | 11y ago | The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP dissector in Wireshark 2.0.x before 2.0.1 mishandles the packet type, which allows remote attackers to cause a denial of service (a… | |||
| CVE-2015-8722 | medium | 5.5 | 5.5 | 11y ago | epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate the frame pointer, which allows remote attackers to cause a denial of se… | |||
| CVE-2015-8721 | medium | 5.5 | 5.5 | 11y ago | Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 allows remote attackers to cause a denial of service (application crash) … | |||
| CVE-2015-8720 | medium | 5.5 | 5.5 | 11y ago | The dissect_ber_GeneralizedTime function in epan/dissectors/packet-ber.c in the BER dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 improperly checks an sscanf return value, which … | |||
| CVE-2015-8719 | medium | 5.5 | 5.5 | 11y ago | The dissect_dns_answer function in epan/dissectors/packet-dns.c in the DNS dissector in Wireshark 1.12.x before 1.12.9 mishandles the EDNS0 Client Subnet option, which allows remote attackers to caus… | |||
| CVE-2015-8718 | medium | 5.5 | 5.5 | 11y ago | Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1, when the "Match MSG/RES packets for async NLM" option is enabl… | |||
| CVE-2015-8717 | medium | 5.5 | 5.5 | 11y ago | The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP dissector in Wireshark 1.12.x before 1.12.9 does not prevent use of a negative media count, which allows remote attackers to cause … | |||
| CVE-2015-8716 | medium | 5.5 | 5.5 | 11y ago | The init_t38_info_conv function in epan/dissectors/packet-t38.c in the T.38 dissector in Wireshark 1.12.x before 1.12.9 does not ensure that a conversation exists, which allows remote attackers to ca… | |||
| CVE-2015-8715 | medium | 5.5 | 5.5 | 11y ago | epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark 1.12.x before 1.12.9 does not check for empty arguments, which allows remote attackers to cause a denial of service (infinite lo… | |||
| CVE-2015-8714 | medium | 5.5 | 5.5 | 11y ago | The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in the DCOM dissector in Wireshark 1.12.x before 1.12.9 does not initialize a certain IPv4 data structure, which allows remote attack… | |||
| CVE-2015-8713 | medium | 5.5 | 5.5 | 11y ago | epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not properly reserve memory for channel ID mappings, which allows remote attackers to cause a denial o… | |||
| CVE-2015-8712 | medium | 5.5 | 5.5 | 11y ago | The dissect_hsdsch_channel_info function in epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.9 does not validate the number of PDUs, which allows remote attac… | |||
| CVE-2015-8711 | medium | 5.5 | 5.5 | 11y ago | epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x before 2.0.1 does not validate conversation data, which allows remote attackers to cause a denial of se… | |||
| CVE-2015-3182 | medium | 5.5 | 5.5 | 11y ago | epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in Wireshark 1.10.12 through 1.10.14 mishandles a certain strdup return value, which allows remote attackers to cause a denial of ser… | |||
| CVE-2015-7437 | medium | 5.5 | 5.5 | 11y ago | Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5301 | medium | — | 5.5 | 11y ago | Ipsilon denial of service by deleting a SAML2 Service Provider (SP) | |||
| CVE-2015-5019 | medium | — | 5.5 | 11y ago | IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement. | |||
| CVE-2015-5021 | medium | — | 5.5 | 11y ago | IBM InfoSphere Information Server 11.3 and 11.5 allows remote authenticated DataStage users to bypass intended job-execution restrictions or obtain sensitive information via unspecified vectors. | |||
| CVE-2015-1775 | medium | — | 5.5 | 11y ago | Apache Ambari SSRF Vulnerability | |||
| CVE-2015-5251 | medium | — | 5.5 | 11y ago | OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions | |||
| CVE-2015-4857 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the RDBMS component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2015-4850 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors re… | |||
| CVE-2015-4818 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors r… | |||
| CVE-2015-6470 | medium | — | 5.5 | 11y ago | Resource Data Management Data Manager before 2.2 allows remote authenticated users to modify arbitrary passwords via unspecified vectors. | |||
| CVE-2015-2873 | medium | — | 5.5 | 11y ago | Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x before 3.7.1248, 3.8.x before 3.8.1263, and other versions a… | |||
| CVE-2015-4319 | medium | — | 5.5 | 11y ago | The password-change feature in the administrative web interface in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 improperly performs authorization, which allows remote authent… | |||
| CVE-2015-4316 | medium | — | 5.5 | 11y ago | The Mobile and Remote Access (MRA) endpoint-validation feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly validates the phone line used for registration, whic… | |||
| CVE-2015-4315 | medium | — | 5.5 | 11y ago | The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.3 improperly validates external DTDs, which allows remote authenticated users to read arbitra… | |||
| CVE-2015-4322 | medium | — | 5.5 | 11y ago | Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users t… | |||
| CVE-2015-4299 | medium | — | 5.5 | 11y ago | Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly performs authorization, which allows remote authenticated users to remove default messaging-queue system folders via unspecified vec… | |||
| CVE-2015-1490 | medium | — | 5.5 | 11y ago | Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via a rel… | |||
| CVE-2015-2971 | medium | — | 5.5 | 11y ago | Directory traversal vulnerability in Seeds acmailer before 3.8.18 and 3.9.x before 3.9.12 Beta allows remote authenticated users to delete arbitrary files via a crafted string. | |||
| CVE-2015-2655 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.3.00.08 allows remote authenticated users to affect confidentiality and integrity via unknown vecto… | |||
| CVE-2015-2647 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1; EM Plugin for DB 12.1.0.5, 12.1.0.6, 12.1.0.7; a… | |||
| CVE-2015-1926 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 and 11.1.1.9.0, and the Oracle Applications Framework component in Oracle E-Business Suite 12… | |||
| CVE-2015-4182 | medium | — | 5.5 | 11y ago | The administrative web interface in Cisco Identity Services Engine (ISE) before 1.3 allows remote authenticated users to bypass intended access restrictions, and obtain sensitive information or chang… | |||
| CVE-2015-0773 | medium | — | 5.5 | 11y ago | Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSC… | |||
| CVE-2015-0180 | medium | — | 5.5 | 11y ago | The Connector Migration Tool in IBM InfoSphere Information Server 8.1 through 11.3 allows remote authenticated users to bypass intended restrictions on job creation and modification via unspecified v… | |||
| CVE-2015-0171 | medium | — | 5.5 | 11y ago | Directory traversal vulnerability in IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to write to arbitrary files v… | |||
| CVE-2015-0175 | medium | — | 5.5 | 11y ago | IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vec… | |||
| CVE-2015-1856 | medium | — | 5.5 | 11y ago | OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authenticated users to delete the latest version of an object by leveraging listing access to the x-vers… | |||
| CVE-2015-0476 | medium | — | 5.5 | 11y ago | Unspecified vulnerability in the SQL Trace Analyzer component in Oracle Support Tools before 12.1.11 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||
| CVE-2015-3028 | medium | — | 5.5 | 11y ago | McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to bypass intended restrictions and change or update configuration settings via crafted parameters. | |||
| CVE-2015-0149 | medium | — | 5.5 | 11y ago | The developer portal in IBM API Management 3.0 before 3.0.4.1 does not properly restrict access to the public and private APIs, which allows remote authenticated users to obtain sensitive information… | |||
| CVE-2015-8310 | medium | 5.4 | 5.4 | 4y ago | Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist. | |||
| CVE-2015-7878 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the Taxonomy Find module 6.x-2.x through 6.x-1.2 and 7.x-2.x through 7.x-1.0 in Drupal allows remote authenticated users with certain permissions to inject… | |||
| CVE-2015-5379 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email atta… | |||
| CVE-2015-6521 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. | |||
| CVE-2015-5613 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in October CMS build 271 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors involving a file title, a different vulnerabil… | |||
| CVE-2015-8375 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. | |||
| CVE-2015-5181 | medium | 5.4 | 5.4 | 9y ago | The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript. | |||
| CVE-2015-1864 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) l… | |||
| CVE-2015-7879 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x before 7.x-1.3 for Drupal allows remote authenticated users with permission to create or edit a stickynote to inject arbitrary we… | |||
| CVE-2015-7672 | medium | 5.4 | 5.4 | 9y ago | Centreon Cross-site Scripting Vulnerability | |||
| CVE-2015-3162 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a craf… |