CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3976 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in GE Multilink ML810/3000/3100 series switch 5.2.0 and earlier, and GE Multilink ML800/1200/1600/2400 4.2.1 and earlier. | |||
| CVE-2015-3615 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote authenticated users to inject arbitrary web script or HTML via vectors involvin… | |||
| CVE-2015-9105 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Synology Video Station 1.2 before 1.2-0455, 1.5 before 1.5-0772, and 1.6 before 1.6-0847 allow remote authenticated attackers to inject arbitrar… | |||
| CVE-2015-9104 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerabilities in Synology Audio Station 5.1 before 5.1-2550 and 5.4 before 5.4-2857 allows remote authenticated attackers to inject arbitrary web script or HTML via the a… | |||
| CVE-2015-9103 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Synology Note Station 1.1-0212 and earlier allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) note title or… | |||
| CVE-2015-9102 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML v… | |||
| CVE-2015-6959 | medium | 5.4 | 5.4 | 9y ago | Cross-site scripting (XSS) vulnerability in Vindula 1.9. | |||
| CVE-2015-2883 | medium | 5.4 | 5.4 | 9y ago | Philips In.Sight B120/37 has XSS, related to the Weaved cloud web service, as demonstrated by the name parameter to deviceSettings.php or shareDevice.php. | |||
| CVE-2015-4673 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.7.0.5 allow remote authenticated users to inject arbitrary web script or HTML via (1) the collection_description parameter to uploa… | |||
| CVE-2015-8687 | medium | 5.4 | 5.4 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HT… | |||
| CVE-2015-7363 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the advanced settings page in Fortinet FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.3, in hardware models with a hard disk, and FortiAnalyzer 5.x be… | |||
| CVE-2015-7775 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-20… | |||
| CVE-2015-7989 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a diff… | |||
| CVE-2015-7676 | medium | 5.4 | 5.4 | 10y ago | Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uplo… | |||
| CVE-2015-0284 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in spacewalk-java in Spacewalk and Red Hat Satellite 5.7 allows remote authenticated users to inject arbitrary web script or HTML via crafted XML data to the … | |||
| CVE-2015-2344 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-7448 | medium | 5.4 | 5.4 | 10y ago | SQL injection vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX003, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX003, … | |||
| CVE-2015-7491 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a… | |||
| CVE-2015-5336 | medium | 5.4 | 5.4 | 10y ago | Moodle multiple cross-site scripting (XSS) vulnerabilities | |||
| CVE-2015-5269 | medium | 5.4 | 5.4 | 10y ago | Moodle cross-site scripting (XSS) vulnerability | |||
| CVE-2015-5264 | medium | 5.4 | 5.4 | 10y ago | Moodle allows attackers to enter additional answer attempts | |||
| CVE-2015-8486 | medium | 5.4 | 5.4 | 10y ago | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary report titles via unspecified vectors, a different vulnerability than CV… | |||
| CVE-2015-8485 | medium | 5.4 | 5.4 | 10y ago | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended access restrictions and read arbitrary posting titles via unspecified vectors, a different vulnerability than C… | |||
| CVE-2015-8484 | medium | 5.4 | 5.4 | 10y ago | Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users to bypass intended calendar-viewing restrictions via unspecified vectors, a different vulnerability than CVE-2015-8485, CVE-2015-8… | |||
| CVE-2015-7492 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in Reference Data Management (RDM) in IBM InfoSphere Master Data Management 10.1, 11.0 before FP5, 11.3, 11.4, and 11.5 before FP1 allows remote authenticated… | |||
| CVE-2015-7398 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x b… | |||
| CVE-2015-4957 | medium | 5.4 | 5.4 | 10y ago | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted… | |||
| CVE-2015-7536 | medium | 5.4 | 5.4 | 11y ago | Improper Neutralization of Input During Web Page Generation in Jenkins | |||
| CVE-2015-7417 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web… | |||
| CVE-2015-5295 | medium | 5.4 | 5.4 | 11y ago | The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory cons… | |||
| CVE-2015-5009 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authentica… | |||
| CVE-2015-7467 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authentica… | |||
| CVE-2015-7414 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in the GDS component in IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4… | |||
| CVE-2015-8688 | medium | 5.4 | 5.4 | 11y ago | Gajim before 0.16.5 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza. | |||
| CVE-2015-3948 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-8603 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the serendipity[entry_id] parameter in an "edit" admin action t… | |||
| CVE-2015-8759 | medium | 5.4 | 5.4 | 11y ago | TYPO3 Cross-site Scripting vulnerability | |||
| CVE-2015-8758 | medium | 5.4 | 5.4 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web scr… | |||
| CVE-2015-8756 | medium | 5.4 | 5.4 | 11y ago | TYPO3 CMS indexed search Cross-site Scripting vulnerability | |||
| CVE-2015-8755 | medium | 5.4 | 5.4 | 11y ago | Typo3 XSS Vulnerability | |||
| CVE-2015-5447 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5037 | medium | 5.4 | 5.4 | 11y ago | Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to hijack the authentic… | |||
| CVE-2015-5036 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script… | |||
| CVE-2015-5035 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script… | |||
| CVE-2015-5023 | medium | 5.4 | 5.4 | 11y ago | SQL injection vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5017 | medium | 5.4 | 5.4 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2… | |||
| CVE-2015-7396 | medium | 5.4 | 5.4 | 11y ago | The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.1 FP1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.1 FP1 for SmartCloud Con… | |||
| CVE-2015-7451 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6… | |||
| CVE-2015-7402 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-7409 | medium | 5.4 | 5.4 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field. | |||
| CVE-2015-7415 | medium | 5.4 | 5.4 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web sc… | |||
| CVE-2015-5049 | medium | 5.4 | 5.4 | 11y ago | SQL injection vulnerability in the API in IBM OpenPages GRC Platform 7.0 before 7.0.0.4 IF3 and 7.1 before 7.1.0.1 IF6 allows remote authenticated users to execute arbitrary SQL commands via unspecif… | |||
| CVE-2015-5296 | medium | 5.4 | 5.4 | 11y ago | Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3 supports connections that are encrypted but unsigned, which allows man-in-the-middle attackers to conduct encrypted-to-unen… | |||
| CVE-2015-4228 | medium | — | 5.4 | 11y ago | Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad servers to cause a denial of service (reboot) via malformed ad messages, aka Bug ID CSCur13999. | |||
| CVE-2015-4203 | medium | — | 5.4 | 11y ago | Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine (PRE) module on uBR10000 devices, when NetFlow and an MPLS IPv6 VPN are configured, allows remote attackers to cause a denial of … | |||
| CVE-2015-3610 | medium | — | 5.4 | 11y ago | The Siemens HomeControl for Room Automation application before 2.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obt… | |||
| CVE-2015-2789 | medium | — | 5.4 | 11y ago | Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse p… | |||
| CVE-2015-1065 | medium | — | 5.4 | 11y ago | Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 allow man-in-the-middle attackers to execute arbitrary code by modifying the client-server data str… | |||
| CVE-2015-1349 | medium | — | 5.4 | 11y ago | named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of servic… | |||
| CVE-2015-0383 | medium | — | 5.4 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via un… | |||
| CVE-2015-8748 | medium | 5.3 | 5.3 | 4y ago | Radicale before 1.1 allows remote authenticated users to bypass owner_write and owner_only limitations via regex metacharacters in the user name, as demonstrated by ".*". | |||
| CVE-2015-1839 | medium | 5.3 | 5.3 | 4y ago | modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | |||
| CVE-2015-1835 | medium | 5.3 | 5.3 | 9y ago | Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit values in config.xml, allows remote attackers to modify undefined secondary configuration variables… | |||
| CVE-2015-9232 | medium | 5.3 | 5.3 | 9y ago | The Good for Enterprise application 3.0.0.415 for Android does not use signature protection for its Authentication Delegation API intent. Also, the Good Dynamic application activation process does no… | |||
| CVE-2015-4688 | medium | 5.3 | 5.3 | 9y ago | Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow remote attackers to enumerate user accounts via a series of requests. | |||
| CVE-2015-8079 | medium | 5.3 | 5.3 | 9y ago | qt5-qtwebkit before 5.4 records private browsing URLs to its favicon database, WebpageIcons.db. | |||
| CVE-2015-6250 | medium | 5.3 | 5.3 | 9y ago | simple-php-captcha before commit 9d65a945029c7be7bb6bc893759e74c5636be694 allows remote attackers to automatically generate the captcha response by running the same code on the client-side. | |||
| CVE-2015-5186 | medium | 5.3 | 5.3 | 9y ago | Audit before 2.4.4 in Linux does not sanitize escape characters in filenames. | |||
| CVE-2015-5146 | medium | 5.3 | 5.3 | 9y ago | ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote config… | |||
| CVE-2015-5059 | medium | 5.3 | 5.3 | 9y ago | The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download at… | |||
| CVE-2015-3295 | medium | 5.3 | 5.3 | 9y ago | markdown-it before 4.1.0 does not block data: URLs. | |||
| CVE-2015-1838 | medium | 5.3 | 5.3 | 9y ago | modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp. | |||
| CVE-2015-9019 | medium | 5.3 | 5.3 | 9y ago | In libxslt 1.1.29 and earlier, the EXSLT math.random function was not initialized with a random seed during startup, which could cause usage of this function to produce predictable outputs. | |||
| CVE-2015-8309 | medium | 4.3 | 5.3 | 9y ago | Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download." | |||
| CVE-2015-8628 | medium | 5.3 | 5.3 | 9y ago | The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.2… | |||
| CVE-2015-8627 | medium | 5.3 | 5.3 | 9y ago | MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers… | |||
| CVE-2015-1610 | medium | 5.3 | 5.3 | 9y ago | hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information by spoofing the MAC address, aka "topology spoofing." | |||
| CVE-2015-3882 | medium | 5.3 | 5.3 | 9y ago | qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message. | |||
| CVE-2015-8987 | medium | 5.3 | 5.3 | 9y ago | Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in McAfee (now Intel Security) Agent (MA) 4.8.0 patch 2 and earlier allows attackers to make a McAfee Agent talk with another, possi… | |||
| CVE-2015-8139 | medium | 5.3 | 5.3 | 10y ago | ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin timestamps and then impersonate peers via unspecified vectors. | |||
| CVE-2015-8138 | medium | 5.3 | 5.3 | 10y ago | NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to bypass the origin timestamp validation via a packet with an origin timestamp set to zero. | |||
| CVE-2015-8859 | medium | 5.3 | 5.3 | 10y ago | The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors. | |||
| CVE-2015-3271 | medium | 5.3 | 5.3 | 10y ago | Apache Tika Server exposes sensitive information | |||
| CVE-2015-1000008 | medium | 5.3 | 5.3 | 10y ago | Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 | |||
| CVE-2015-3412 | medium | 5.3 | 5.3 | 10y ago | PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read arbitrary files via crafted input to an ap… | |||
| CVE-2015-5207 | medium | 5.3 | 5.3 | 10y ago | Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods. | |||
| CVE-2015-8537 | medium | 5.3 | 5.3 | 10y ago | app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before 3.0.7, and 3.1.x before 3.1.3 allows remote attackers to obtain sensitive information by viewing an Atom feed. | |||
| CVE-2015-8346 | medium | 5.3 | 5.3 | 10y ago | app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote attackers to obtain sensitive information about subjects of issues by viewing the ti… | |||
| CVE-2015-8108 | medium | 5.3 | 5.3 | 10y ago | The management interface in LenovoEMC EZ Media & Backup (hm3), ix2/ix2-dl, ix4-300d, px12-400r/450r, px6-300d, px2-300d, px4-300r, px4-400d, px4-400r, and px4-300d NAS devices with firmware before 4.… | |||
| CVE-2015-8399 | medium | 4.3 | 5.3 | 10y ago | Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdeco… | |||
| CVE-2015-7528 | medium | 5.3 | 5.3 | 10y ago | Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name. | |||
| CVE-2015-6485 | medium | 5.3 | 5.3 | 10y ago | Schneider Electric Telvent Sage 2300 RTUs with firmware before C3413-500-S01, and LANDAC II-2, Sage 1410, Sage 1430, Sage 1450, Sage 2400, and Sage 3030M RTUs with firmware before C3414-500-S02J2, al… | |||
| CVE-2015-5345 | medium | 5.3 | 5.3 | 10y ago | The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which a… | |||
| CVE-2015-5970 | medium | 5.3 | 5.3 | 10y ago | The ChangePassword RPC method in Novell ZENworks Configuration Management (ZCM) 11.3 and 11.4 allows remote attackers to conduct XPath injection attacks, and read arbitrary text files, via a malforme… | |||
| CVE-2015-8287 | medium | 5.3 | 5.3 | 10y ago | Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM devices with firmware through 1022 allow remote attackers to watch live video by visiting an unspecified URL. | |||
| CVE-2015-7444 | medium | 5.3 | 5.3 | 10y ago | The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and 7.0.0.9 does not properly replicate the search index, which allows attackers to obtain sensitive information via unspecified vect… | |||
| CVE-2015-2005 | medium | 5.3 | 5.3 | 10y ago | IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.5 Patch 6 does not properly expire sessions, which allows remote attackers to obtain sensitive information by leveraging an… | |||
| CVE-2015-8629 | medium | 5.3 | 5.3 | 10y ago | The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which… | |||
| CVE-2015-7680 | medium | 5.3 | 5.3 | 10y ago | Ipswitch MOVEit DMZ before 8.2 provides different error messages for authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a s… | |||
| CVE-2015-8792 | medium | 5.3 | 5.3 | 11y ago | The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 allows context-dependent attackers to obtain sensitive information from process heap memory via crafted EBML lacing, which triggers… |