CVEs from 2015
Total
7,261
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5688 | medium | — | 5.0 | 11y ago | Directory Traversal in geddy | |||
| CVE-2015-1300 | medium | — | 5.0 | 11y ago | The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availab… | |||
| CVE-2015-1296 | medium | — | 5.0 | 11y ago | The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0.2454.85 does not prevent display of Unicode LOCK characters in the omnibox, which makes it easier … | |||
| CVE-2015-1292 | medium | — | 5.0 | 11y ago | The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the S… | |||
| CVE-2015-6274 | medium | — | 5.0 | 11y ago | The IPv4 implementation on Cisco ASR 1000 devices with software 15.5(3)S allows remote attackers to cause a denial of service (ESP QFP CPU consumption) by triggering packet fragmentation and reassemb… | |||
| CVE-2015-6736 | medium | — | 5.0 | 11y ago | The Quiz extension for MediaWiki allows remote attackers to cause a denial of service via regex metacharacters in a regular expression. | |||
| CVE-2015-6735 | medium | — | 5.0 | 11y ago | The reset functionality in the TimedMediaHandler extension for MediaWiki does not create a new transcode, which allows remote attackers to cause a denial of service (transcode deletion) by resetting … | |||
| CVE-2015-6733 | medium | — | 5.0 | 11y ago | GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2, allows remote attackers to cause a denial of service (resource cons… | |||
| CVE-2015-6727 | medium | — | 5.0 | 11y ago | The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" t… | |||
| CVE-2015-6747 | medium | — | 5.0 | 11y ago | Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent access to private keys, which allows remote attackers to spoof communications with banks via unspecified vectors. NOTE: this ident… | |||
| CVE-2015-5366 | medium | — | 5.0 | 11y ago | The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET e… | |||
| CVE-2015-6266 | medium | — | 5.0 | 11y ago | The guest portal in Cisco Identity Services Engine (ISE) 3300 1.2(0.899) does not restrict access to uploaded HTML documents, which allows remote attackers to obtain sensitive information from custom… | |||
| CVE-2015-5430 | medium | — | 5.0 | 11y ago | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-3221 | medium | — | 5.0 | 11y ago | OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 (kilo), when using the IPTables firewall driver, allows remote authenticated users to cause a denial of service (L2 agent crash) … | |||
| CVE-2015-3269 | medium | — | 5.0 | 11y ago | Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe LiveCycle Data Services (LCDS) 3.0.x before 3.0.0.354170, 4.5 before 4.5.1.354169, 4.6.2 before 4.6.2.354169, and 4.7 before 4.7.0.354… | |||
| CVE-2015-6661 | medium | — | 5.0 | 11y ago | Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to obtain sensitive node titles by reading the menu. | |||
| CVE-2015-6524 | medium | — | 5.0 | 11y ago | Improper Input Validation in Apache ActiveMQ | |||
| CVE-2015-6496 | medium | — | 5.0 | 11y ago | conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that the optional kernel modules are loaded before using them, which allows remote attackers to cause a denial of service (crash) via a… | |||
| CVE-2015-6251 | medium | — | 5.0 | 11y ago | Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service via a long DistinguishedName (DN) entry in a certificate. | |||
| CVE-2015-5964 | medium | — | 5.0 | 11y ago | The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty ses… | |||
| CVE-2015-5963 | medium | — | 5.0 | 11y ago | contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service … | |||
| CVE-2015-4938 | medium | — | 5.0 | 11y ago | IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 allows remote attackers to spoof servlets and obtain sensitive information via unspecified vector… | |||
| CVE-2015-1932 | medium | — | 5.0 | 11y ago | IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.7 and WebSphere Virtual Enterprise before 7.0.0.7 allow remote attackers to obtain potentially sens… | |||
| CVE-2015-2984 | medium | — | 5.0 | 11y ago | I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | |||
| CVE-2015-6258 | medium | — | 5.0 | 11y ago | The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN Controller (WLC) devices with software 8.1(104.37) allows remote attackers to trigger incorrect traffic forwarding via crafted I… | |||
| CVE-2015-6256 | medium | — | 5.0 | 11y ago | Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote attackers to cause a denial of service (OSPF process restart) via crafted length fields in headers of OSPF packets, aka Bug ID CSCuv628… | |||
| CVE-2015-4318 | medium | — | 5.0 | 11y ago | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in a GET request, aka Bug ID CSCuv40528. | |||
| CVE-2015-4321 | medium | — | 5.0 | 11y ago | The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco Adaptive Security Appliance (ASA) Software 9.3(1.50), 9.3(2.100), 9.3(3), and 9.4(1) mishandles cases where an IP address belongs to… | |||
| CVE-2015-4317 | medium | — | 5.0 | 11y ago | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote attackers to cause a denial of service via invalid variables in an authentication packet, aka Bug ID CSCuv40469. | |||
| CVE-2015-4296 | medium | — | 5.0 | 11y ago | Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software 6.0(2)A6(1) allows remote attackers to cause a denial of service (Java process restart) via crafted connections to the Java applicati… | |||
| CVE-2015-5512 | medium | — | 5.0 | 11y ago | The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to access Views using the "me" user argument handler by substituting "me" for a user id in … | |||
| CVE-2015-5511 | medium | — | 5.0 | 11y ago | The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal allows remote attackers to bypass the user registration by administrator only configuration and create an account via a social lo… | |||
| CVE-2015-5506 | medium | — | 5.0 | 11y ago | The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal does not check the status of an entity when indexing, which allows remote attackers to obtain information about unpublished content … | |||
| CVE-2015-5498 | medium | — | 5.0 | 11y ago | The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not check the view permission for the shipments overview (admin/shipwire/shipments), which allows remote attackers to obtain sensitive … | |||
| CVE-2015-5496 | medium | — | 5.0 | 11y ago | The pass2pdf module for Drupal does not restrict access to generated PDF files, which allows remote attackers to obtain user passwords via unspecified vectors. | |||
| CVE-2015-5493 | medium | — | 5.0 | 11y ago | The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not properly check permissions when a form is locked to a role, which allows remote attackers to obtain access to certain entityform… | |||
| CVE-2015-5490 | medium | — | 5.0 | 11y ago | The _views_fetch_data method in includes/cache.inc in the Views module 7.x-3.5 through 7.x-3.10 for Drupal does not rebuild the full cache if the static cache is not empty, which allows remote attack… | |||
| CVE-2015-5766 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling. | |||
| CVE-2015-5759 | medium | — | 5.0 | 11y ago | WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof clicks via a crafted web site that leverages tap events. | |||
| CVE-2015-5752 | medium | — | 5.0 | 11y ago | Backup in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via a crafted app that creates a symlink. | |||
| CVE-2015-5746 | medium | — | 5.0 | 11y ago | AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on filesystem access via an afc command that leverages symlink mishandling. | |||
| CVE-2015-3784 | medium | — | 5.0 | 11y ago | Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an en… | |||
| CVE-2015-3762 | medium | — | 5.0 | 11y ago | The Text Formats component in Apple OS X before 10.10.5, as used in TextEdit, allows remote attackers to read arbitrary files via a text file containing an XML external entity declaration in conjunct… | |||
| CVE-2015-3753 | medium | — | 5.0 | 11y ago | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly perform taint checking for CANVAS elements, which allows… | |||
| CVE-2015-3752 | medium | — | 5.0 | 11y ago | The Content Security Policy implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not properly restrict c… | |||
| CVE-2015-3751 | medium | — | 5.0 | 11y ago | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to bypass a Content Security Policy protection mec… | |||
| CVE-2015-4484 | medium | — | 5.0 | 11y ago | The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of servi… | |||
| CVE-2015-4478 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not impose certain ECMAScript 6 requirements on JavaScript object properties, which allows remote attackers to bypass the Same Origin P… | |||
| CVE-2015-3155 | medium | — | 5.0 | 11y ago | Foreman before 1.8.1 does not set the secure flag for the _session_id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission wi… | |||
| CVE-2015-1816 | medium | — | 5.0 | 11y ago | Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-middle attackers to spoof LDAP servers via a crafted certificate. | |||
| CVE-2015-3184 | medium | — | 5.0 | 11y ago | mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read… | |||
| CVE-2015-0851 | medium | — | 5.0 | 11y ago | XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of servi… | |||
| CVE-2015-5965 | medium | — | 5.0 | 11y ago | The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a craft… | |||
| CVE-2015-5962 | medium | — | 5.0 | 11y ago | Integer signedness error in the SharedBufferManagerParent::RecvAllocateGrallocBuffer function in the buffer-management implementation in the graphics layer in Mozilla Firefox OS before 2.2 might allo… | |||
| CVE-2015-4936 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through 8.6.0.8 allows remote attackers to cause a denial of service via unknown vectors. | |||
| CVE-2015-4293 | medium | — | 5.0 | 11y ago | The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packet… | |||
| CVE-2015-4286 | medium | — | 5.0 | 11y ago | The web framework in Cisco UCS Central Software 1.3(0.99) allows remote attackers to read arbitrary files via a crafted HTTP request, aka Bug ID CSCuu41377. | |||
| CVE-2015-2978 | medium | — | 5.0 | 11y ago | Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation." | |||
| CVE-2015-4287 | medium | — | 5.0 | 11y ago | Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower 9000 devices allows remote attackers to bypass intended access restrictions and obtain sensitive device information by visiting an u… | |||
| CVE-2015-2974 | medium | — | 5.0 | 11y ago | LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to upload arbitrary HTML documents via vectors involving a crafted image file. | |||
| CVE-2015-2847 | medium | — | 5.0 | 11y ago | Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side authentication involving JavaScript, which allows remote attackers to bypass intended access restrictions by removing USERACCT requests… | |||
| CVE-2015-4945 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 through 7.5.1.2 for Android allows attackers to bypass a passcode protection mechanism and obtain sensitive information via a cr… | |||
| CVE-2015-2975 | medium | — | 5.0 | 11y ago | Research Artisan Lite before 1.18 does not ensure that a user has authenticated, which allows remote attackers to perform unspecified actions via unknown vectors. | |||
| CVE-2015-4285 | medium | — | 5.0 | 11y ago | The Local Packet Transport Services (LPTS) implementation in Cisco IOS XR 5.1.2, 5.1.3, 5.2.1, and 5.2.2 on ASR9k devices makes incorrect decisions about the opening of TCP and UDP ports during the p… | |||
| CVE-2015-5605 | medium | — | 5.0 | 11y ago | The regular-expression implementation in Google V8, as used in Google Chrome before 44.0.2403.89, mishandles interrupts, which allows remote attackers to cause a denial of service (application crash)… | |||
| CVE-2015-1285 | medium | — | 5.0 | 11y ago | The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which … | |||
| CVE-2015-4284 | medium | — | 5.0 | 11y ago | The Concurrent Data Management Replication process in Cisco IOS XR 5.3.0 on ASR 9000 devices allows remote attackers to cause a denial of service (BGP process reload) via malformed BGPv4 packets, aka… | |||
| CVE-2015-4651 | medium | — | 5.0 | 11y ago | The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available… | |||
| CVE-2015-2869 | medium | — | 5.0 | 11y ago | The FileInfo plugin before 2.22 for Ghisler Total Commander allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via (1) a large Size value in the Archive M… | |||
| CVE-2015-3183 | medium | — | 5.0 | 11y ago | The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a… | |||
| CVE-2015-2862 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote authenticated users … | |||
| CVE-2015-0253 | medium | — | 5.0 | 11y ago | The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NUL… | |||
| CVE-2015-4280 | medium | — | 5.0 | 11y ago | Cisco Prime Collaboration Assurance 10.0 allows remote attackers to cause a denial of service (HTTP service outage) via a crafted HTTP request, aka Bug ID CSCum38844. | |||
| CVE-2015-4275 | medium | — | 5.0 | 11y ago | The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 devices with software 18.0.0.59167 and 18.0.0.59211 allows remote attackers to cause a denial of service via a malformed header i… | |||
| CVE-2015-5363 | medium | — | 5.0 | 11y ago | The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48… | |||
| CVE-2015-5360 | medium | — | 5.0 | 11y ago | IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before 12.1X46-D36, 12.1X46 before 12.1X46-D40, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D20, 13.2 befor… | |||
| CVE-2015-5357 | medium | — | 5.0 | 11y ago | The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a de… | |||
| CVE-2015-4755 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2015-4751 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect availability via unknown vectors related to Authen… | |||
| CVE-2015-4750 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle VM Server for SPARC component in Oracle Sun Systems Products Suite 3.2 allows remote attackers to affect availability via vectors related to LDOM Manager. | |||
| CVE-2015-4742 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect availability via vectors … | |||
| CVE-2015-4735 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1, and EM DB Control 11.2.0.3 and 11.2.0.4, allows … | |||
| CVE-2015-2659 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security. | |||
| CVE-2015-2658 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Support. | |||
| CVE-2015-2652 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via un… | |||
| CVE-2015-2637 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||
| CVE-2015-2632 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||
| CVE-2015-2621 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33, allows remote attackers to affect confidentiality via vectors related to JMX. | |||
| CVE-2015-2619 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX 2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via unknown vectors related to 2D. | |||
| CVE-2015-2615 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6, 12.1.3, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors re… | |||
| CVE-2015-2613 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. | |||
| CVE-2015-2607 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.0.2, 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers t… | |||
| CVE-2015-2601 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, JRockit R28.3.6, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JCE. | |||
| CVE-2015-5092 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-5089 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-5088 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-4450 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-4449 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-4444 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-4443 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… |