CVEs from 2015
Total
7,261
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8601 | medium | — | 5.0 | 11y ago | The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not properly check permissions when setting up a websocket for chat messages, which allows remote attackers to bypass intended access restr… | |||
| CVE-2015-8476 | medium | — | 5.0 | 11y ago | SMTP Injection in PHPMailer | |||
| CVE-2015-8000 | medium | — | 5.0 | 11y ago | db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before 9.10.3-P2 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a malformed class attrib… | |||
| CVE-2015-6425 | medium | — | 5.0 | 11y ago | The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session … | |||
| CVE-2015-7219 | medium | — | 5.0 | 11y ago | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a malformed PushPromise … | |||
| CVE-2015-7218 | medium | — | 5.0 | 11y ago | The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote attackers to cause a denial of service (integer underflow, assertion failure, and application exit) via a single-byte header fra… | |||
| CVE-2015-7215 | medium | — | 5.0 | 11y ago | The importScripts function in the Web Workers API implementation in Mozilla Firefox before 43.0 allows remote attackers to bypass the Same Origin Policy by triggering use of the no-cors mode in the f… | |||
| CVE-2015-7214 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to bypass the Same Origin Policy via data: and view-source: URIs. | |||
| CVE-2015-7211 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 43.0 mishandles the # (number sign) character in a data: URI, which allows remote attackers to spoof web sites via unspecified vectors. | |||
| CVE-2015-7208 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 43.0 stores cookies containing vertical tab characters, which allows remote attackers to obtain sensitive information by reading HTTP Cookie headers. | |||
| CVE-2015-7207 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 43.0 does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive inform… | |||
| CVE-2015-8317 | medium | — | 5.0 | 11y ago | The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to obtain sensitive information via an (1) unterminated encoding value or (2) incomplete XML declar… | |||
| CVE-2015-7500 | medium | — | 5.0 | 11y ago | The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via unspecified vectors related to incorrect en… | |||
| CVE-2015-7498 | medium | — | 5.0 | 11y ago | Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors related to extra… | |||
| CVE-2015-7497 | medium | — | 5.0 | 11y ago | Heap-based buffer overflow in the xmlDictComputeFastQKey function in dict.c in libxml2 before 2.9.3 allows context-dependent attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2015-6411 | medium | — | 5.0 | 11y ago | Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides verbose responses to requests for help files, which allows remote attackers to obtain potentially sensitive version information by… | |||
| CVE-2015-7081 | medium | — | 5.0 | 11y ago | iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote attackers to read arbitrary files via an iBooks file containing an XML external entity declaration in conjunction with an entity r… | |||
| CVE-2015-7056 | medium | — | 5.0 | 11y ago | IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, which allows remote attackers to obtain sensitive information in opportunistic circumstances by leveraging the presence of a fil… | |||
| CVE-2015-7045 | medium | — | 5.0 | 11y ago | Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors. | |||
| CVE-2015-7037 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in Mobile Backup in Photos in Apple iOS before 9.2 allows attackers to read arbitrary files via a crafted pathname. | |||
| CVE-2015-6135 | medium | — | 5.0 | 11y ago | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from p… | |||
| CVE-2015-6632 | medium | — | 5.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unkno… | |||
| CVE-2015-6631 | medium | — | 5.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unkno… | |||
| CVE-2015-6629 | medium | — | 5.0 | 11y ago | Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug… | |||
| CVE-2015-6628 | medium | — | 5.0 | 11y ago | Media Framework in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vec… | |||
| CVE-2015-6626 | medium | — | 5.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unkno… | |||
| CVE-2015-6622 | medium | — | 5.0 | 11y ago | The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, v… | |||
| CVE-2015-4334 | medium | — | 5.0 | 11y ago | The default configuration of SGOS in Blue Coat ProxySG before 6.2.16.5, 6.5 before 6.5.7.1, and 6.6 before 6.6.2.1 forwards authentication challenges from upstream origin content servers (OCS) when u… | |||
| CVE-2015-5302 | medium | — | 5.0 | 11y ago | libreport 2.0.7 before 2.6.3 only saves changes to the first file when editing a crash report, which allows remote attackers to obtain sensitive information via unspecified vectors related to the (1)… | |||
| CVE-2015-1794 | medium | — | 5.0 | 11y ago | The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote servers to cause a denial of service (segmentation fault) via a zero p value in an anonymous Diffie-He… | |||
| CVE-2015-6388 | medium | — | 5.0 | 11y ago | Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCux33575. | |||
| CVE-2015-6386 | medium | — | 5.0 | 11y ago | The passthrough FTP feature on Cisco Web Security Appliance (WSA) devices with software 8.0.7-142 and 8.5.1-021 allows remote attackers to cause a denial of service (CPU consumption) via FTP sessions… | |||
| CVE-2015-6382 | medium | — | 5.0 | 11y ago | Cisco ASR 5000 devices with software 16.0(900) allow remote attackers to cause a denial of service (telnetd process restart) via a TELNET connection, aka Bug ID CSCuv25815. | |||
| CVE-2015-5324 | medium | — | 5.0 | 11y ago | Jenkins allows Unauthorized Viewing of Queue API Information | |||
| CVE-2015-5322 | medium | — | 5.0 | 11y ago | Jenkins has Local File Inclusion Vulnerability | |||
| CVE-2015-5321 | medium | — | 5.0 | 11y ago | Jenkins has Information Disclosure via Sidepanel Widget | |||
| CVE-2015-5320 | medium | — | 5.0 | 11y ago | Jenkins allows Exposure of Sensitive Information to an Unauthorized Actor | |||
| CVE-2015-5319 | medium | — | 5.0 | 11y ago | Jenkins has XML External Entity (XXE) Vulnerability in Job Configuration via CLI | |||
| CVE-2015-8329 | medium | — | 5.0 | 11y ago | SAP Manufacturing Integration and Intelligence (aka MII, formerly xMII) uses weak encryption (Base64 and DES), which allows attackers to conduct downgrade attacks and decrypt passwords via unspecifie… | |||
| CVE-2015-7981 | medium | — | 5.0 | 11y ago | The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x before 1.4.17 allows remote attackers to obtain sensitive process memory information via cra… | |||
| CVE-2015-8320 | medium | — | 5.0 | 11y ago | Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value. | |||
| CVE-2015-8087 | medium | — | 5.0 | 11y ago | Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before V800R007C10SPC100 and NE40E and NE80E routers with software before V800R007C00SPC100 allows remote attackers to send packets to othe… | |||
| CVE-2015-7845 | medium | — | 5.0 | 11y ago | The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cau… | |||
| CVE-2015-6368 | medium | — | 5.0 | 11y ago | Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608. | |||
| CVE-2015-8023 | medium | — | 5.0 | 11y ago | The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers t… | |||
| CVE-2015-7998 | medium | — | 5.0 | 11y ago | The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler … | |||
| CVE-2015-7996 | medium | — | 5.0 | 11y ago | The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service … | |||
| CVE-2015-7995 | medium | — | 5.0 | 11y ago | The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does not check if the parent node is an element, which allows attackers to cause a denial of service via a crafted XML file, related to… | |||
| CVE-2015-5311 | medium | — | 5.0 | 11y ago | PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets. | |||
| CVE-2015-5276 | medium | — | 5.0 | 11y ago | The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent… | |||
| CVE-2015-0272 | medium | — | 5.0 | 11y ago | GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability tha… | |||
| CVE-2015-8215 | medium | — | 5.0 | 11y ago | net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packe… | |||
| CVE-2015-7427 | medium | — | 5.0 | 11y ago | IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspe… | |||
| CVE-2015-6364 | medium | — | 5.0 | 11y ago | Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka … | |||
| CVE-2015-6366 | medium | — | 5.0 | 11y ago | Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circums… | |||
| CVE-2015-7819 | medium | — | 5.0 | 11y ago | The DB service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain sensitive administrator-account information via a… | |||
| CVE-2015-7991 | medium | — | 5.0 | 11y ago | The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vector… | |||
| CVE-2015-8005 | medium | — | 5.0 | 11y ago | MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading… | |||
| CVE-2015-8095 | medium | — | 5.0 | 11y ago | The recycle bin feature in the Monster Menus module 7.x-1.21 before 7.x-1.24 for Drupal does not properly remove nodes from view, which allows remote attackers to obtain sensitive information via an … | |||
| CVE-2015-8041 | medium | — | 5.0 | 11y ago | Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a lar… | |||
| CVE-2015-7940 | medium | — | 5.0 | 11y ago | Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15 | |||
| CVE-2015-7295 | medium | — | 5.0 | 11y ago | hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support in QEMU, when big or mergeable receive buffers are not supported, allows remote attackers to cause a denial of service (guest net… | |||
| CVE-2015-5730 | medium | — | 5.0 | 11y ago | The sanitize_widget_instance function in wp-includes/class-wp-customize-widgets.php in WordPress before 4.2.4 does not use a constant-time comparison for widgets, which allows remote attackers to con… | |||
| CVE-2015-2695 | medium | — | 5.0 | 11y ago | lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before 1.14 relies on an inappropriate context handle, which allows remote attackers to cause a denial of service (incorrect pointer read … | |||
| CVE-2015-5015 | medium | — | 5.0 | 11y ago | IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack 8 allows remote attackers to obtain sensitive information via a crafted REST URL. | |||
| CVE-2015-1999 | medium | — | 5.0 | 11y ago | IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs… | |||
| CVE-2015-1994 | medium | — | 5.0 | 11y ago | IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtai… | |||
| CVE-2015-1993 | medium | — | 5.0 | 11y ago | IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these… | |||
| CVE-2015-8081 | medium | — | 5.0 | 11y ago | The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might allow remote attackers to obtain sensitive field information by reading a cached block. | |||
| CVE-2015-7763 | medium | — | 5.0 | 11y ago | rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and 1.7.x before 1.7.33 does not properly initialize padding at the end of an Rx acknowledgement (ACK) packet, which allows remote attac… | |||
| CVE-2015-7762 | medium | — | 5.0 | 11y ago | rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not properly initialize the padding of a data structure when constructing an Rx acknowledgement (ACK) packet, which allows remote attacke… | |||
| CVE-2015-7770 | medium | — | 5.0 | 11y ago | Dell SonicWall TotalSecure TZ 100 devices with firmware before 5.9.1.0-22o allow remote attackers to cause a denial of service via a crafted packet. | |||
| CVE-2015-7197 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly control the ability of a web worker to create a WebSocket object, which allows remote attackers to bypass intended mixed-conten… | |||
| CVE-2015-7195 | medium | — | 5.0 | 11y ago | The URL parsing implementation in Mozilla Firefox before 42.0 improperly recognizes escaped characters in hostnames within Location headers, which allows remote attackers to obtain sensitive informat… | |||
| CVE-2015-7190 | medium | — | 5.0 | 11y ago | The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with … | |||
| CVE-2015-6355 | medium | — | 5.0 | 11y ago | The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on blade servers allows remote attackers to obtain potentially sensitive version information by visiting an unspecified URL, aka Bug… | |||
| CVE-2015-6029 | medium | — | 5.0 | 11y ago | HP ArcSight Logger before 6.0 P2 does not limit attempts to authenticate to the SOAP interface, which makes it easier for remote attackers to obtain access via a brute-force approach. | |||
| CVE-2015-8074 | medium | — | 5.0 | 11y ago | mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs… | |||
| CVE-2015-6611 | medium | — | 5.0 | 11y ago | mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown … | |||
| CVE-2015-6343 | medium | — | 5.0 | 11y ago | The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border Element (CUBE) devices allows remote attackers to cause a denial of service via crafted SIP messages, aka Bug ID CSCuv79202. | |||
| CVE-2015-6351 | medium | — | 5.0 | 11y ago | Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices with software 19.1.0.61559 and 19.2.0 allow remote attackers to cause a denial of service (BGP process restart) via a crafted header… | |||
| CVE-2015-7899 | medium | — | 5.0 | 11y ago | The com_content component in Joomla! 3.x before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-7859 | medium | — | 5.0 | 11y ago | The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not properly check ACLs, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5955 | medium | — | 5.0 | 11y ago | ownCloud iOS app before 3.4.4 does not properly switch state between multiple instances, which might allow remote instance administrators to obtain sensitive credential and cookie information by read… | |||
| CVE-2015-5671 | medium | — | 5.0 | 11y ago | Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to bypass intended access restrictions and read arbitrary uploaded files via unspecified vectors. | |||
| CVE-2015-7873 | medium | — | 5.0 | 11y ago | The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. | |||
| CVE-2015-5713 | medium | — | 5.0 | 11y ago | Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform befor… | |||
| CVE-2015-3973 | medium | — | 5.0 | 11y ago | Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate session tokens, which makes it easier for remote attackers to determine a PIN value via unspecified computations on session-token v… | |||
| CVE-2015-3969 | medium | — | 5.0 | 11y ago | Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to obtain sensitive network-connection information via a request to UDP port (1) 1234 or (2) 1235. | |||
| CVE-2015-5220 | medium | — | 5.0 | 11y ago | The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption)… | |||
| CVE-2015-6340 | medium | — | 5.0 | 11y ago | The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on Cisco ASR 5000 devices with software 19.0.M0.60737 allows remote attackers to cause a denial of service (hamgr process restart) … | |||
| CVE-2015-5223 | medium | — | 5.0 | 11y ago | OpenStack Object Storage (Swift) before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container. | |||
| CVE-2015-6484 | medium | — | 5.0 | 11y ago | 3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted (1) GET or (2) POST request. | |||
| CVE-2015-6341 | medium | — | 5.0 | 11y ago | The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(140.0) and 8.0(120.0) allows remote attackers to cause a denial of service (client disconnection) via unspecifi… | |||
| CVE-2015-1003 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows remote attackers to read arbitrary files via a crafted pathname. | |||
| CVE-2015-7031 | medium | — | 5.0 | 11y ago | The Web Service component in Apple OS X Server before 5.0.15 omits an unspecified HTTP header configuration, which allows remote attackers to bypass intended access restrictions via unknown vectors. | |||
| CVE-2015-6999 | medium | — | 5.0 | 11y ago | The OCSP client in Apple iOS before 9.1 does not check for certificate expiry, which allows remote attackers to spoof a valid certificate by leveraging access to a revoked certificate. | |||
| CVE-2015-4916 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-490… | |||
| CVE-2015-4911 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to affect availability via vectors related to JAXP, a different v… | |||
| CVE-2015-4909 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect integrity via vectors related to ADF … |