CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3108 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X… | |||
| CVE-2015-3102 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X… | |||
| CVE-2015-3099 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X… | |||
| CVE-2015-3098 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X… | |||
| CVE-2015-3097 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160, Adobe AIR before 18.0.0.144, Adobe AIR SDK before 18.0.0.144, and Adobe AIR SDK & Compiler before 18.0.0.144 on 64-bit Wi… | |||
| CVE-2015-4024 | medium | — | 5.0 | 11y ago | Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a de… | |||
| CVE-2015-4021 | medium | — | 5.0 | 11y ago | The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 cha… | |||
| CVE-2015-4418 | medium | — | 5.0 | 11y ago | Zoho NetFlow Analyzer build 10250 and earlier does not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended… | |||
| CVE-2015-2125 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors. | |||
| CVE-2015-0770 | medium | — | 5.0 | 11y ago | CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP resp… | |||
| CVE-2015-2951 | medium | — | 5.0 | 11y ago | JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens. | |||
| CVE-2015-0765 | medium | — | 5.0 | 11y ago | Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug I… | |||
| CVE-2015-0764 | medium | — | 5.0 | 11y ago | Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. | |||
| CVE-2015-0763 | medium | — | 5.0 | 11y ago | Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. | |||
| CVE-2015-0264 | medium | — | 5.0 | 11y ago | Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object | |||
| CVE-2015-0263 | medium | — | 5.0 | 11y ago | Apache Camel XML External Entity vulnerability | |||
| CVE-2015-4158 | medium | — | 5.0 | 11y ago | SAP ABAP & Java Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2121661. | |||
| CVE-2015-4157 | medium | — | 5.0 | 11y ago | SAP Content Server allows remote attackers to cause a denial of service (service termination) via unspecified vectors, aka SAP Security Note 2127995. | |||
| CVE-2015-2278 | medium | — | 5.0 | 11y ago | The LZH decompression implementation (CsObjectInt::BuildHufTree function in vpa108csulzh.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Application Server Java, Netweaver… | |||
| CVE-2015-0745 | medium | — | 5.0 | 11y ago | Cisco Headend System Release allows remote attackers to read temporary script files or archive files, and consequently obtain sensitive information, via a crafted header in an HTTP request, aka Bug I… | |||
| CVE-2015-0743 | medium | — | 5.0 | 11y ago | Cisco Headend System Release allows remote attackers to cause a denial of service (DHCP and TFTP outage) via a flood of crafted UDP traffic, aka Bug ID CSCus04097. | |||
| CVE-2015-0757 | medium | — | 5.0 | 11y ago | The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by read… | |||
| CVE-2015-3906 | medium | — | 5.0 | 11y ago | The logcat_dump_text function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not properly handle a lack of \0 termination, which allows remote attackers … | |||
| CVE-2015-3815 | medium | — | 5.0 | 11y ago | The detect_version function in wiretap/logcat.c in the Android Logcat file parser in Wireshark 1.12.x before 1.12.5 does not check the length of the payload, which allows remote attackers to cause a … | |||
| CVE-2015-3814 | medium | — | 5.0 | 11y ago | The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 inter… | |||
| CVE-2015-3813 | medium | — | 5.0 | 11y ago | The fragment_add_work function in epan/reassemble.c in the packet-reassembly feature in Wireshark 1.12.x before 1.12.5 does not properly determine the defragmentation state in a case of an insufficie… | |||
| CVE-2015-3811 | medium | — | 5.0 | 11y ago | epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a… | |||
| CVE-2015-1909 | medium | — | 5.0 | 11y ago | The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attack… | |||
| CVE-2015-1895 | medium | — | 5.0 | 11y ago | IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authorization, which allows remote attackers to bypass intended access restrictions by modifying the clien… | |||
| CVE-2015-0746 | medium | — | 5.0 | 11y ago | The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows remote attackers to cause a denial of service (API outage) by sending many requests, aka Bug ID CSCut62022. | |||
| CVE-2015-3912 | medium | — | 5.0 | 11y ago | Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and WEBUI before 13.100.04.01.625 allows remote attackers to obtain sensitive configuration information by sniffing the network or sendi… | |||
| CVE-2015-0742 | medium | — | 5.0 | 11y ago | The Protocol Independent Multicast (PIM) application in Cisco Adaptive Security Appliance (ASA) Software 9.2(0.0), 9.2(0.104), 9.2(3.1), 9.2(3.4), 9.3(1.105), 9.3(2.100), 9.4(0.115), 100.13(0.21), 10… | |||
| CVE-2015-4016 | medium | — | 5.0 | 11y ago | The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet. | |||
| CVE-2015-1261 | medium | — | 5.0 | 11y ago | android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during constructio… | |||
| CVE-2015-1254 | medium | — | 5.0 | 11y ago | core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by le… | |||
| CVE-2015-3407 | medium | — | 5.0 | 11y ago | Module::Signature before 0.74 allows remote attackers to bypass signature verification for files via a signature file that does not list the files. | |||
| CVE-2015-2704 | medium | — | 5.0 | 11y ago | realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response. | |||
| CVE-2015-0730 | medium | — | 5.0 | 11y ago | The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) allows remote attackers to cause a denial of service (module reload) via an invalid field in a Negotiate Protocol request, aka Bug… | |||
| CVE-2015-3301 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to rea… | |||
| CVE-2015-0971 | medium | — | 5.0 | 11y ago | The DER parser in Suricata before 2.0.8 allows remote attackers to cause a denial of service (crash) via vectors related to SSL/TLS certificates. | |||
| CVE-2015-3326 | medium | — | 5.0 | 11y ago | Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predi… | |||
| CVE-2015-3900 | medium | — | 5.0 | 11y ago | RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t… | |||
| CVE-2015-3092 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Ad… | |||
| CVE-2015-3091 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Ad… | |||
| CVE-2015-3079 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Ad… | |||
| CVE-2015-3058 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors. | |||
| CVE-2015-3047 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||
| CVE-2015-1716 | medium | — | 5.0 | 11y ago | Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8… | |||
| CVE-2015-1672 | medium | — | 5.0 | 11y ago | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XM… | |||
| CVE-2015-3981 | medium | — | 5.0 | 11y ago | SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | |||
| CVE-2015-3451 | medium | — | 5.0 | 11y ago | The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to t… | |||
| CVE-2015-2668 | medium | — | 5.0 | 11y ago | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. | |||
| CVE-2015-2222 | medium | — | 5.0 | 11y ago | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. | |||
| CVE-2015-2221 | medium | — | 5.0 | 11y ago | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | |||
| CVE-2015-2170 | medium | — | 5.0 | 11y ago | The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2015-0531 | medium | — | 5.0 | 11y ago | EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||
| CVE-2015-3633 | medium | — | 5.0 | 11y ago | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. | |||
| CVE-2015-3153 | medium | — | 5.0 | 11y ago | The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information… | |||
| CVE-2015-0914 | medium | — | 5.0 | 11y ago | EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request. | |||
| CVE-2015-0712 | medium | — | 5.0 | 11y ago | The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malforme… | |||
| CVE-2015-3457 | medium | — | 5.0 | 11y ago | Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter. | |||
| CVE-2015-3026 | medium | — | 5.0 | 11y ago | Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without log… | |||
| CVE-2015-0711 | medium | — | 5.0 | 11y ago | The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processin… | |||
| CVE-2015-1151 | medium | — | 5.0 | 11y ago | Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. | |||
| CVE-2015-1150 | medium | — | 5.0 | 11y ago | The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for wh… | |||
| CVE-2015-0113 | medium | — | 5.0 | 11y ago | The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 an… | |||
| CVE-2015-3148 | medium | — | 5.0 | 11y ago | cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | |||
| CVE-2015-3143 | medium | — | 5.0 | 11y ago | cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0… | |||
| CVE-2015-0846 | medium | — | 5.0 | 11y ago | django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors. | |||
| CVE-2015-0911 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling. | |||
| CVE-2015-3391 | medium | — | 5.0 | 11y ago | The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page. | |||
| CVE-2015-3373 | medium | — | 5.0 | 11y ago | The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backu… | |||
| CVE-2015-1247 | medium | — | 5.0 | 11y ago | The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch d… | |||
| CVE-2015-1246 | medium | — | 5.0 | 11y ago | Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2015-1244 | medium | — | 5.0 | 11y ago | The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which… | |||
| CVE-2015-1240 | medium | — | 5.0 | 11y ago | gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL p… | |||
| CVE-2015-1235 | medium | — | 5.0 | 11y ago | The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origi… | |||
| CVE-2015-0969 | medium | — | 5.0 | 11y ago | SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. | |||
| CVE-2015-0938 | medium | — | 5.0 | 11y ago | search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents… | |||
| CVE-2015-3323 | medium | — | 5.0 | 11y ago | The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of serv… | |||
| CVE-2015-3322 | medium | — | 5.0 | 11y ago | Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwo… | |||
| CVE-2015-2568 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileg… | |||
| CVE-2015-0488 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. | |||
| CVE-2015-0486 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | |||
| CVE-2015-0464 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote attackers… | |||
| CVE-2015-0449 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related … | |||
| CVE-2015-0440 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Informa… | |||
| CVE-2015-3319 | medium | — | 5.0 | 11y ago | Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script a… | |||
| CVE-2015-0699 | medium | — | 5.0 | 11y ago | SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands … | |||
| CVE-2015-3044 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain se… | |||
| CVE-2015-3040 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allow… | |||
| CVE-2015-0357 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allow… | |||
| CVE-2015-0844 | medium | — | 5.0 | 11y ago | The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. | |||
| CVE-2015-1819 | medium | — | 5.0 | 11y ago | Nokogiri vulnerable to libxml XML Entity Expansion | |||
| CVE-2015-2935 | medium | — | 5.0 | 11y ago | MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style el… | |||
| CVE-2015-0694 | medium | — | 5.0 | 11y ago | Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restr… | |||
| CVE-2015-3027 | medium | — | 5.0 | 11y ago | Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers … | |||
| CVE-2015-2779 | medium | — | 5.0 | 11y ago | Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage. | |||
| CVE-2015-2778 | medium | — | 5.0 | 11y ago | Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte c… | |||
| CVE-2015-1148 | medium | — | 5.0 | 11y ago | Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. |