CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1147 | medium | — | 5.0 | 11y ago | Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitiv… | |||
| CVE-2015-1128 | medium | — | 5.0 | 11y ago | The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-n… | |||
| CVE-2015-1118 | medium | — | 5.0 | 11y ago | libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configurat… | |||
| CVE-2015-1112 | medium | — | 5.0 | 11y ago | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which all… | |||
| CVE-2015-1111 | medium | — | 5.0 | 11y ago | Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | |||
| CVE-2015-1110 | medium | — | 5.0 | 11y ago | The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data. | |||
| CVE-2015-1105 | medium | — | 5.0 | 11y ago | The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows … | |||
| CVE-2015-1104 | medium | — | 5.0 | 11y ago | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass a… | |||
| CVE-2015-1092 | medium | — | 5.0 | 11y ago | NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, r… | |||
| CVE-2015-1090 | medium | — | 5.0 | 11y ago | CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive i… | |||
| CVE-2015-1089 | medium | — | 5.0 | 11y ago | CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Ori… | |||
| CVE-2015-0248 | medium | — | 5.0 | 11y ago | The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted … | |||
| CVE-2015-0798 | medium | — | 5.0 | 11y ago | The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute a… | |||
| CVE-2015-0529 | medium | — | 5.0 | 11y ago | EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive … | |||
| CVE-2015-0995 | medium | — | 5.0 | 11y ago | Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. | |||
| CVE-2015-0991 | medium | — | 5.0 | 11y ago | Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. | |||
| CVE-2015-0902 | medium | — | 5.0 | 11y ago | The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attacker… | |||
| CVE-2015-2820 | medium | — | 5.0 | 11y ago | Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584. | |||
| CVE-2015-2819 | medium | — | 5.0 | 11y ago | SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. | |||
| CVE-2015-2818 | medium | — | 5.0 | 11y ago | XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. | |||
| CVE-2015-2817 | medium | — | 5.0 | 11y ago | The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | |||
| CVE-2015-2813 | medium | — | 5.0 | 11y ago | XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. | |||
| CVE-2015-2812 | medium | — | 5.0 | 11y ago | XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Secur… | |||
| CVE-2015-2811 | medium | — | 5.0 | 11y ago | XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Not… | |||
| CVE-2015-0808 | medium | — | 5.0 | 11y ago | The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which m… | |||
| CVE-2015-0800 | medium | — | 5.0 | 11y ago | The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it e… | |||
| CVE-2015-2809 | medium | — | 5.0 | 11y ago | The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attack… | |||
| CVE-2015-1892 | medium | — | 5.0 | 11y ago | The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not l… | |||
| CVE-2015-1827 | medium | — | 5.0 | 11y ago | The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of ser… | |||
| CVE-2015-1609 | medium | — | 5.0 | 11y ago | MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | |||
| CVE-2015-2348 | medium | — | 5.0 | 11y ago | The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, whic… | |||
| CVE-2015-1352 | medium | — | 5.0 | 11y ago | The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denia… | |||
| CVE-2015-0997 | medium | — | 5.0 | 11y ago | Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes… | |||
| CVE-2015-2773 | medium | — | 5.0 | 11y ago | SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2015-2771 | medium | — | 5.0 | 11y ago | The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-2766 | medium | — | 5.0 | 11y ago | The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack. | |||
| CVE-2015-2762 | medium | — | 5.0 | 11y ago | Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. | |||
| CVE-2015-2748 | medium | — | 5.0 | 11y ago | Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Securi… | |||
| CVE-2015-0672 | medium | — | 5.0 | 11y ago | The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822. | |||
| CVE-2015-2316 | medium | — | 5.0 | 11y ago | The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of servi… | |||
| CVE-2015-0295 | medium | — | 5.0 | 11y ago | The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and cr… | |||
| CVE-2015-2154 | medium | — | 5.0 | 11y ago | The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) l… | |||
| CVE-2015-0282 | medium | — | 5.0 | 11y ago | GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspeci… | |||
| CVE-2015-0671 | medium | — | 5.0 | 11y ago | The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consump… | |||
| CVE-2015-0293 | medium | — | 5.0 | 11y ago | The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure … | |||
| CVE-2015-0291 | medium | — | 5.0 | 11y ago | The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_al… | |||
| CVE-2015-0290 | medium | — | 5.0 | 11y ago | The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases… | |||
| CVE-2015-0289 | medium | — | 5.0 | 11y ago | The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to … | |||
| CVE-2015-0288 | medium | — | 5.0 | 11y ago | The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service… | |||
| CVE-2015-0287 | medium | — | 5.0 | 11y ago | The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structur… | |||
| CVE-2015-0286 | medium | — | 5.0 | 11y ago | The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, whi… | |||
| CVE-2015-0207 | medium | — | 5.0 | 11y ago | The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of se… | |||
| CVE-2015-0667 | medium | — | 5.0 | 11y ago | The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted … | |||
| CVE-2015-1084 | medium | — | 5.0 | 11y ago | The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct p… | |||
| CVE-2015-2335 | medium | — | 5.0 | 11y ago | A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors. | |||
| CVE-2015-1593 | medium | — | 5.0 | 11y ago | RHSA-2019:3517: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2015-0340 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions v… | |||
| CVE-2015-0337 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecif… | |||
| CVE-2015-2091 | medium | — | 5.0 | 11y ago | The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof client… | |||
| CVE-2015-0133 | medium | — | 5.0 | 11y ago | IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction… | |||
| CVE-2015-1062 | medium | — | 5.0 | 11y ago | MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a craft… | |||
| CVE-2015-1631 | medium | — | 5.0 | 11y ago | Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability." | |||
| CVE-2015-0089 | medium | — | 5.0 | 11y ago | Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT G… | |||
| CVE-2015-0087 | medium | — | 5.0 | 11y ago | Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT G… | |||
| CVE-2015-0201 | medium | — | 5.0 | 11y ago | Moderate severity vulnerability that affects org.springframework:spring-core | |||
| CVE-2015-2206 | medium | — | 5.0 | 11y ago | libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a… | |||
| CVE-2015-1165 | medium | — | 5.0 | 11y ago | RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. | |||
| CVE-2015-1229 | medium | — | 5.0 | 11y ago | net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allo… | |||
| CVE-2015-1226 | medium | — | 5.0 | 11y ago | The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger tar… | |||
| CVE-2015-1225 | medium | — | 5.0 | 11y ago | PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2015-1224 | medium | — | 5.0 | 11y ago | The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are ide… | |||
| CVE-2015-2192 | medium | — | 5.0 | 11y ago | Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a deni… | |||
| CVE-2015-2191 | medium | — | 5.0 | 11y ago | Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a den… | |||
| CVE-2015-2190 | medium | — | 5.0 | 11y ago | epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure … | |||
| CVE-2015-2189 | medium | — | 5.0 | 11y ago | Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of ser… | |||
| CVE-2015-2188 | medium | — | 5.0 | 11y ago | epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a d… | |||
| CVE-2015-2187 | medium | — | 5.0 | 11y ago | The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirement… | |||
| CVE-2015-0228 | medium | — | 5.0 | 11y ago | The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a… | |||
| CVE-2015-0659 | medium | — | 5.0 | 11y ago | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID C… | |||
| CVE-2015-0657 | medium | — | 5.0 | 11y ago | Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. | |||
| CVE-2015-2214 | medium | — | 5.0 | 11y ago | NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php. | |||
| CVE-2015-2209 | medium | — | 5.0 | 11y ago | DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php. | |||
| CVE-2015-0890 | medium | — | 5.0 | 11y ago | The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vec… | |||
| CVE-2015-0886 | medium | — | 5.0 | 11y ago | Integer Overflow or Wraparound in JBCrypt | |||
| CVE-2015-0885 | medium | — | 5.0 | 11y ago | checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username. | |||
| CVE-2015-2076 | medium | — | 5.0 | 11y ago | The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. | |||
| CVE-2015-2075 | medium | — | 5.0 | 11y ago | SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. | |||
| CVE-2015-0832 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and … | |||
| CVE-2015-0830 | medium | — | 5.0 | 11y ago | The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a den… | |||
| CVE-2015-0824 | medium | — | 5.0 | 11y ago | The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and appl… | |||
| CVE-2015-2078 | medium | — | 5.0 | 11y ago | The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5… | |||
| CVE-2015-2077 | medium | — | 5.0 | 11y ago | The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5… | |||
| CVE-2015-2071 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fil… | |||
| CVE-2015-1589 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. (dot dot) in a CHM file. | |||
| CVE-2015-0628 | medium | — | 5.0 | 11y ago | The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174. | |||
| CVE-2015-1358 | medium | — | 5.0 | 11y ago | The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime f… | |||
| CVE-2015-0617 | medium | — | 5.0 | 11y ago | Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13… | |||
| CVE-2015-1574 | medium | — | 5.0 | 11y ago | The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a "Content-Disposition: ;" header in an e-mail message. | |||
| CVE-2015-1546 | medium | — | 5.0 | 12y ago | Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matc… | |||
| CVE-2015-1545 | medium | — | 5.0 | 12y ago | The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty… |