CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7940 | medium | — | 5.0 | 11y ago | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | |||
| CVE-2015-7295 | medium | — | 5.0 | 11y ago | hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest net… | |||
| CVE-2015-5730 | medium | — | 5.0 | 11y ago | The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to con… | |||
| CVE-2015-2695 | medium | — | 5.0 | 11y ago | lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read … | |||
| CVE-2015-5015 | medium | — | 5.0 | 11y ago | IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL. | |||
| CVE-2015-1999 | medium | — | 5.0 | 11y ago | IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs… | |||
| CVE-2015-1994 | medium | — | 5.0 | 11y ago | IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtai… | |||
| CVE-2015-1993 | medium | — | 5.0 | 11y ago | IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these… | |||
| CVE-2015-8081 | medium | — | 5.0 | 11y ago | The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block. | |||
| CVE-2015-7763 | medium | — | 5.0 | 11y ago | rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attac… | |||
| CVE-2015-7762 | medium | — | 5.0 | 11y ago | rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attacke… | |||
| CVE-2015-7770 | medium | — | 5.0 | 11y ago | Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet. | |||
| CVE-2015-7197 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-conten… | |||
| CVE-2015-7195 | medium | — | 5.0 | 11y ago | The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive informat… | |||
| CVE-2015-7190 | medium | — | 5.0 | 11y ago | The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with … | |||
| CVE-2015-6355 | medium | — | 5.0 | 11y ago | The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug… | |||
| CVE-2015-6029 | medium | — | 5.0 | 11y ago | HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||
| CVE-2015-8074 | medium | — | 5.0 | 11y ago | mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs… | |||
| CVE-2015-6611 | medium | — | 5.0 | 11y ago | mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown … | |||
| CVE-2015-6343 | medium | — | 5.0 | 11y ago | The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. | |||
| CVE-2015-6351 | medium | — | 5.0 | 11y ago | Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header… | |||
| CVE-2015-7899 | medium | — | 5.0 | 11y ago | The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-7859 | medium | — | 5.0 | 11y ago | The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5955 | medium | — | 5.0 | 11y ago | ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by read… | |||
| CVE-2015-5671 | medium | — | 5.0 | 11y ago | Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. | |||
| CVE-2015-7873 | medium | — | 5.0 | 11y ago | The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. | |||
| CVE-2015-5713 | medium | — | 5.0 | 11y ago | Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform befor… | |||
| CVE-2015-3973 | medium | — | 5.0 | 11y ago | Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token v… | |||
| CVE-2015-3969 | medium | — | 5.0 | 11y ago | Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235. | |||
| CVE-2015-5220 | medium | — | 5.0 | 11y ago | The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption)… | |||
| CVE-2015-6340 | medium | — | 5.0 | 11y ago | The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) … | |||
| CVE-2015-5223 | medium | — | 5.0 | 11y ago | OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. | |||
| CVE-2015-6484 | medium | — | 5.0 | 11y ago | 3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request. | |||
| CVE-2015-6341 | medium | — | 5.0 | 11y ago | The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecifi… | |||
| CVE-2015-1003 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. | |||
| CVE-2015-7031 | medium | — | 5.0 | 11y ago | The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. | |||
| CVE-2015-6999 | medium | — | 5.0 | 11y ago | The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate. | |||
| CVE-2015-4916 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-490… | |||
| CVE-2015-4911 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different v… | |||
| CVE-2015-4909 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect integrity via vectors related to ADF … | |||
| CVE-2015-4908 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-491… | |||
| CVE-2015-4906 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX, a different vulnerability than CVE-2015-490… | |||
| CVE-2015-4903 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to RMI. | |||
| CVE-2015-4896 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34, 4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP) en… | |||
| CVE-2015-4893 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different v… | |||
| CVE-2015-4884 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality… | |||
| CVE-2015-4882 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect availability via vectors related to CORBA. | |||
| CVE-2015-4875 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote attackers to affect availability via unknown … | |||
| CVE-2015-4872 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect integrity via unknown vectors related to Security. | |||
| CVE-2015-4870 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Parser. | |||
| CVE-2015-4848 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown v… | |||
| CVE-2015-4842 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JAXP. | |||
| CVE-2015-4840 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||
| CVE-2015-4803 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different v… | |||
| CVE-2015-4734 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality via vectors related to JGSS. | |||
| CVE-2015-1829 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unkno… | |||
| CVE-2015-7822 | medium | — | 5.0 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter name to CMSModules/AdminControls/Pages/UIPage.… | |||
| CVE-2015-7863 | medium | — | 5.0 | 11y ago | The default configuration of Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 enables a remote Notify capability without the Extended No… | |||
| CVE-2015-7862 | medium | — | 5.0 | 11y ago | Persistent Accelerite Radia Client Automation (formerly HP Client Automation) 7.9 through 9.1 before 2015-02-19 improperly implements the Role Based Access Control feature, which might allow remote a… | |||
| CVE-2015-7750 | medium | — | 5.0 | 11y ago | The L2TP packet processing functionality in Juniper Netscreen and ScreenOS Firewall products with ScreenOS before 6.3.0r13-dnd1, 6.3.0r14 through 6.3.0r18 before 6.3.0r18-dnc1, and 6.3.0r19 allows re… | |||
| CVE-2015-7748 | medium | — | 5.0 | 11y ago | Juniper chassis with Trio (Trinity) chipset line cards and Junos OS 13.3 before 13.3R8, 14.1 before 14.1R6, 14.2 before 14.2R5, and 15.1 before 15.1R2 allow remote attackers to cause a denial of serv… | |||
| CVE-2015-6482 | medium | — | 5.0 | 11y ago | Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted request. | |||
| CVE-2015-6843 | medium | — | 5.0 | 11y ago | Reviewer in EMC SourceOne Email Supervisor before 7.2 does not properly limit attempts to authenticate, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||
| CVE-2015-6334 | medium | — | 5.0 | 11y ago | Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and 19.0.M0.61045 allow remote attackers to cause a denial of service (vpnmgr process restart) via a crafted header in a TACACS packet, aka … | |||
| CVE-2015-6759 | medium | — | 5.0 | 11y ago | The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is c… | |||
| CVE-2015-7628 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK &… | |||
| CVE-2015-7624 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 o… | |||
| CVE-2015-6706 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 o… | |||
| CVE-2015-6705 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 o… | |||
| CVE-2015-6700 | medium | — | 5.0 | 11y ago | The setBackground function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Cont… | |||
| CVE-2015-6692 | medium | — | 5.0 | 11y ago | Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous befo… | |||
| CVE-2015-7371 | medium | — | 5.0 | 11y ago | Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, which allows remote attackers to run the Maintenance Priority Engine and possibly cause a denial of service (resource consumption… | |||
| CVE-2015-6057 | medium | — | 5.0 | 11y ago | Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability." | |||
| CVE-2015-6053 | medium | — | 5.0 | 11y ago | Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via crafted parameters in an ArrayBuffer.slice call, aka "Internet Explorer Information Disc… | |||
| CVE-2015-6332 | medium | — | 5.0 | 11y ago | Cisco Prime Infrastructure 2.2 allows remote attackers to cause a denial of service (daemon hang) by sending many SSL renegotiation requests, aka Bug ID CSCuv56830. | |||
| CVE-2015-1047 | medium | — | 5.0 | 11y ago | vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message. | |||
| CVE-2015-7761 | medium | — | 5.0 | 11y ago | Mail in Apple OS X before 10.11 does not properly recognize user preferences, which allows attackers to obtain sensitive information via an unspecified action during the printing of an e-mail message… | |||
| CVE-2015-7760 | medium | — | 5.0 | 11y ago | libxpc in launchd in Apple OS X before 10.11 does not restrict the creation of processes for network connections, which allows remote attackers to cause a denial of service (resource consumption) by … | |||
| CVE-2015-5917 | medium | — | 5.0 | 11y ago | The glob implementation in tnftpd (formerly lukemftpd), as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service (memory consumption and daemon outage) via a STAT comm… | |||
| CVE-2015-5915 | medium | — | 5.0 | 11y ago | Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors. | |||
| CVE-2015-5883 | medium | — | 5.0 | 11y ago | The bidirectional text-display and text-selection implementations in Terminal in Apple OS X before 10.11 interpret directional override formatting characters differently, which allows remote attacker… | |||
| CVE-2015-6310 | medium | — | 5.0 | 11y ago | The REST interface in Cisco Unified Communications Manager IM and Presence Service 11.5(1) allows remote attackers to cause a denial of service (SIP proxy service restart) via a crafted HTTP request,… | |||
| CVE-2015-7718 | medium | — | 5.0 | 11y ago | mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different … | |||
| CVE-2015-6605 | medium | — | 5.0 | 11y ago | mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bugs 20915134 and 23142203, a different vulnerability th… | |||
| CVE-2015-3862 | medium | — | 5.0 | 11y ago | mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22954006. | |||
| CVE-2015-5650 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in AjaXplorer 2.0 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2015-0987 | medium | — | 5.0 | 11y ago | Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive informat… | |||
| CVE-2015-7322 | medium | — | 5.0 | 11y ago | The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure (formerly Juniper Junos Pulse) before 7.1R22.1, 7.4, 8.0 before 8.0R11, and 8.1 before 8.1R3 provides different messages for attempts … | |||
| CVE-2015-2030 | medium | — | 5.0 | 11y ago | IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before 7.1.1.1 has an improper account-lockout setting, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||
| CVE-2015-1934 | medium | — | 5.0 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6.0.1 IFIX001; Maximo Asset Management 7.5.x before 7.5.0.8 IFIX002 and 7.6.0 before 7.6.0.1 IFIX001… | |||
| CVE-2015-3861 | medium | — | 5.0 | 11y ago | Multiple integer overflows in the addVorbisCodecInfo function in matroska/MatroskaExtractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allow remote attackers to cause a denia… | |||
| CVE-2015-3826 | medium | — | 5.0 | 11y ago | The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (… | |||
| CVE-2015-0852 | medium | — | 5.0 | 11y ago | Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width o… | |||
| CVE-2015-6806 | medium | — | 5.0 | 11y ago | The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does not properly limit recursion, which allows remote attackers to cause a denial of service (stack consumption) via an escape sequenc… | |||
| CVE-2015-5185 | medium | — | 5.0 | 11y ago | The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and 1.3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty classNa… | |||
| CVE-2015-5372 | medium | — | 5.0 | 11y ago | The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before 4.18.3.1, when using SAML POST-Binding, does not match all attributes of the X.509 certificate embedded in the assertion against the c… | |||
| CVE-2015-6011 | medium | — | 5.0 | 11y ago | Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge before 2015-01-08 allows remote attackers to conduct XML injection attacks via (1) the id parameter to unapi.php or (2) the styles… | |||
| CVE-2015-6474 | medium | — | 5.0 | 11y ago | IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code. | |||
| CVE-2015-6469 | medium | — | 5.0 | 11y ago | The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors. | |||
| CVE-2015-6454 | medium | — | 5.0 | 11y ago | Everest PeakHMI before 8.7.0.2, when the video server is used, allows remote attackers to cause a denial of service (incorrect pointer dereference and daemon crash) via a crafted packet. |