CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6302 | medium | — | 5.0 | 11y ago | The RADIUS functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.0(250.0) and 7.0(252.0) allows remote attackers to disconnect arbitrary sessions via crafted Disconnect-Request… | |||
| CVE-2015-4503 | medium | — | 5.0 | 11y ago | The TCP Socket API implementation in Mozilla Firefox before 41.0 mishandles array boundaries that were established with a navigator.mozTCPSocket.open method call and send method calls, which allows r… | |||
| CVE-2015-6940 | medium | — | 5.0 | 11y ago | The GetResource servlet in Pentaho Business Analytics (BA) Suite 4.5.x, 4.8.x, and 5.0.x through 5.2.x and Pentaho Data Integration (PDI) Suite 4.3.x, 4.4.x, and 5.0.x through 5.2.x does not restrict… | |||
| CVE-2015-6679 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-5576 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-5572 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-7305 | medium | — | 5.0 | 11y ago | The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly restrict access to fields, which allows remote attackers to obtain sensitive atom property information via vectors involving a "de… | |||
| CVE-2015-2914 | medium | — | 5.0 | 11y ago | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M use a fixed source-port number in outbound DNS queries performed on behalf o… | |||
| CVE-2015-2864 | medium | — | 5.0 | 11y ago | Retrospect and Retrospect Client before 10.0.2.119 on Windows, before 12.0.2.116 on OS X, and before 10.0.2.104 on Linux improperly generate password hashes, which makes it easier for remote attacker… | |||
| CVE-2015-6301 | medium | — | 5.0 | 11y ago | The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun72171. | |||
| CVE-2015-6297 | medium | — | 5.0 | 11y ago | The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 Base allows remote attackers to cause a denial of service (process reset) via crafted packets, aka Bug ID CSCun36525. | |||
| CVE-2015-3962 | medium | — | 5.0 | 11y ago | Schneider Electric StruxureWare Building Expert MPM before 2.15 does not use encryption for the client-server data stream, which allows remote attackers to discover credentials by sniffing the networ… | |||
| CVE-2015-7237 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in the remote log viewing functionality in McAfee Agent (MA) 5.x before 5.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-4638 | medium | — | 5.0 | 11y ago | The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.3.0 through 11.5.2 and 11.6.0 through 11.6.0 HF4, BIG-IP Edge Gateway, WebAccelerator, and … | |||
| CVE-2015-5912 | medium | — | 5.0 | 11y ago | The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses. | |||
| CVE-2015-5909 | medium | — | 5.0 | 11y ago | IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict access to repository e-mail lists, which allows remote attackers to obtain potentially sensitive build information in opportunist… | |||
| CVE-2015-5906 | medium | — | 5.0 | 11y ago | The HTML form implementation in WebKit in Apple iOS before 9 does not prevent QuickType access to the final character of a password, which might make it easier for remote attackers to discover a pass… | |||
| CVE-2015-5905 | medium | — | 5.0 | 11y ago | Safari in Apple iOS before 9 allows remote attackers to spoof the relationship between URLs and web content via a crafted window opener on a web site. | |||
| CVE-2015-5885 | medium | — | 5.0 | 11y ago | The CFNetwork Cookies component in Apple iOS before 9 allows remote attackers to track users via vectors involving a cookie for a top-level domain. | |||
| CVE-2015-5879 | medium | — | 5.0 | 11y ago | XNU in the kernel in Apple iOS before 9 does not properly validate the headers of TCP packets, which allows remote attackers to bypass the sequence-number protection mechanism and cause a denial of s… | |||
| CVE-2015-5860 | medium | — | 5.0 | 11y ago | The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles HSTS state, which allows remote attackers to bypass the Safari private-browsing protection mechanism and track users via a crafte… | |||
| CVE-2015-5858 | medium | — | 5.0 | 11y ago | The CFNetwork HTTPProtocol component in Apple iOS before 9 allows remote attackers to bypass the HSTS protection mechanism, and consequently obtain sensitive information, via a crafted URL. | |||
| CVE-2015-5857 | medium | — | 5.0 | 11y ago | Mail in Apple iOS before 9 allows remote attackers to use an address-book contact as a spoofed e-mail sender address via unspecified vectors. | |||
| CVE-2015-5841 | medium | — | 5.0 | 11y ago | The CFNetwork Proxies component in Apple iOS before 9 does not properly handle a Set-Cookie header within a response to an HTTP CONNECT request, which allows remote proxy servers to conduct cookie-in… | |||
| CVE-2015-5840 | medium | — | 5.0 | 11y ago | The checkint division routines in removefile in Apple iOS before 9 allow attackers to cause a denial of service (overflow fault and app crash) via crafted data. | |||
| CVE-2015-5839 | medium | — | 5.0 | 11y ago | dyld in Apple iOS before 9 allows attackers to bypass a code-signing protection mechanism via an app that places a crafted signature in an executable file. | |||
| CVE-2015-5831 | medium | — | 5.0 | 11y ago | NetworkExtension in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||
| CVE-2015-5827 | medium | — | 5.0 | 11y ago | WebKit in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain an object reference via vectors involving a (1) custom event, (2) message event, or (3) pop state even… | |||
| CVE-2015-3801 | medium | — | 5.0 | 11y ago | The document.cookie API implementation in the CFNetwork Cookies subsystem in WebKit in Apple iOS before 9 allows remote attackers to bypass an intended single-cookie restriction via unspecified vecto… | |||
| CVE-2015-7231 | medium | — | 5.0 | 11y ago | The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for Drupal does not properly validate payments, which allows remote attackers to make a failed payment appear valid via a crafted URL, re… | |||
| CVE-2015-7228 | medium | — | 5.0 | 11y ago | The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly cache pages of authenticated users when using non-cookie authentication providers, which allows remote attackers to obtain sensi… | |||
| CVE-2015-7226 | medium | — | 5.0 | 11y ago | The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal checks access permissions based on the router path from the view instead of the display property, which allows remote attackers to ob… | |||
| CVE-2015-4040 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the… | |||
| CVE-2015-6288 | medium | — | 5.0 | 11y ago | Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not properly validate credentials, which allows remote attackers to cause a denial of service (rapid log-file rollover and application… | |||
| CVE-2015-6287 | medium | — | 5.0 | 11y ago | Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows remote attackers to cause a denial of service (service outage) via a flood of TCP traffic that leads to DNS resolution delays, aka Bu… | |||
| CVE-2015-2013 | medium | — | 5.0 | 11y ago | IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to cause a denial of service (channel-agent abend and process outage) via a crafted selection string in an MQI call. | |||
| CVE-2015-2526 | medium | — | 5.0 | 11y ago | Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to cause a denial of service to an ASP.NET web site via crafted requests, aka "MVC Denial of Service Vulnerability." | |||
| CVE-2015-2505 | medium | — | 5.0 | 11y ago | Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to obtain sensitive stacktrace information via a crafted request, aka "Exchange In… | |||
| CVE-2015-2483 | medium | — | 5.0 | 11y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Information Disclosure Vulnerability." | |||
| CVE-2015-6276 | medium | — | 5.0 | 11y ago | Cisco TelePresence IX5000 8.0.3 stores a private key associated with an X.509 certificate under the web root with insufficient access control, which allows remote attackers to obtain cleartext versio… | |||
| CVE-2015-5688 | medium | — | 5.0 | 11y ago | Directory Traversal in geddy | |||
| CVE-2015-1300 | medium | — | 5.0 | 11y ago | The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availab… | |||
| CVE-2015-1296 | medium | — | 5.0 | 11y ago | The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier … | |||
| CVE-2015-1292 | medium | — | 5.0 | 11y ago | The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the S… | |||
| CVE-2015-6274 | medium | — | 5.0 | 11y ago | The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassemb… | |||
| CVE-2015-6736 | medium | — | 5.0 | 11y ago | The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. | |||
| CVE-2015-6735 | medium | — | 5.0 | 11y ago | The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting … | |||
| CVE-2015-6733 | medium | — | 5.0 | 11y ago | GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource cons… | |||
| CVE-2015-6727 | medium | — | 5.0 | 11y ago | The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" t… | |||
| CVE-2015-6747 | medium | — | 5.0 | 11y ago | Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this ident… | |||
| CVE-2015-5366 | medium | — | 5.0 | 11y ago | The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET e… | |||
| CVE-2015-6266 | medium | — | 5.0 | 11y ago | The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from custom… | |||
| CVE-2015-5430 | medium | — | 5.0 | 11y ago | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-3221 | medium | — | 5.0 | 11y ago | OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) … | |||
| CVE-2015-3269 | medium | — | 5.0 | 11y ago | Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354… | |||
| CVE-2015-6661 | medium | — | 5.0 | 11y ago | Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu. | |||
| CVE-2015-6524 | medium | — | 5.0 | 11y ago | Improper Input Validation in Apache ActiveMQ | |||
| CVE-2015-6496 | medium | — | 5.0 | 11y ago | conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a… | |||
| CVE-2015-6251 | medium | — | 5.0 | 11y ago | Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. | |||
| CVE-2015-5964 | medium | — | 5.0 | 11y ago | The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty ses… | |||
| CVE-2015-5963 | medium | — | 5.0 | 11y ago | contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service … | |||
| CVE-2015-4938 | medium | — | 5.0 | 11y ago | IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vector… | |||
| CVE-2015-1932 | medium | — | 5.0 | 11y ago | IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sens… | |||
| CVE-2015-2984 | medium | — | 5.0 | 11y ago | I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | |||
| CVE-2015-6258 | medium | — | 5.0 | 11y ago | The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted I… | |||
| CVE-2015-6256 | medium | — | 5.0 | 11y ago | Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv628… | |||
| CVE-2015-4318 | medium | — | 5.0 | 11y ago | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528. | |||
| CVE-2015-4321 | medium | — | 5.0 | 11y ago | The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to… | |||
| CVE-2015-4317 | medium | — | 5.0 | 11y ago | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469. | |||
| CVE-2015-4296 | medium | — | 5.0 | 11y ago | Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java applicati… | |||
| CVE-2015-5512 | medium | — | 5.0 | 11y ago | The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in … | |||
| CVE-2015-5511 | medium | — | 5.0 | 11y ago | The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social lo… | |||
| CVE-2015-5506 | medium | — | 5.0 | 11y ago | The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content … | |||
| CVE-2015-5498 | medium | — | 5.0 | 11y ago | The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive … | |||
| CVE-2015-5496 | medium | — | 5.0 | 11y ago | The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors. | |||
| CVE-2015-5493 | medium | — | 5.0 | 11y ago | The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityform… | |||
| CVE-2015-5490 | medium | — | 5.0 | 11y ago | The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attack… | |||
| CVE-2015-5766 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. | |||
| CVE-2015-5759 | medium | — | 5.0 | 11y ago | WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | |||
| CVE-2015-5752 | medium | — | 5.0 | 11y ago | Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. | |||
| CVE-2015-5746 | medium | — | 5.0 | 11y ago | AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | |||
| CVE-2015-3784 | medium | — | 5.0 | 11y ago | Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an en… | |||
| CVE-2015-3762 | medium | — | 5.0 | 11y ago | The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunct… | |||
| CVE-2015-3753 | medium | — | 5.0 | 11y ago | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows… | |||
| CVE-2015-3752 | medium | — | 5.0 | 11y ago | The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict c… | |||
| CVE-2015-3751 | medium | — | 5.0 | 11y ago | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mec… | |||
| CVE-2015-4484 | medium | — | 5.0 | 11y ago | The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of servi… | |||
| CVE-2015-4478 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin P… | |||
| CVE-2015-3155 | medium | — | 5.0 | 11y ago | Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission wi… | |||
| CVE-2015-1816 | medium | — | 5.0 | 11y ago | Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate. | |||
| CVE-2015-3184 | medium | — | 5.0 | 11y ago | mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read… | |||
| CVE-2015-0851 | medium | — | 5.0 | 11y ago | XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of servi… | |||
| CVE-2015-5965 | medium | — | 5.0 | 11y ago | The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a craft… | |||
| CVE-2015-5962 | medium | — | 5.0 | 11y ago | Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management implementation in the graphics layer in Mozilla Firefox OS before 2.2 might allo… | |||
| CVE-2015-4936 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2015-4293 | medium | — | 5.0 | 11y ago | The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packet… | |||
| CVE-2015-4286 | medium | — | 5.0 | 11y ago | The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. | |||
| CVE-2015-2978 | medium | — | 5.0 | 11y ago | Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation." | |||
| CVE-2015-4287 | medium | — | 5.0 | 11y ago | Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an u… | |||
| CVE-2015-2974 | medium | — | 5.0 | 11y ago | LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file. |