CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0227 | medium | — | 5.0 | 12y ago | Improper Access Control in Apache WSS4J | |||
| CVE-2015-0619 | medium | — | 5.0 | 12y ago | Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL out… | |||
| CVE-2015-1548 | medium | — | 5.0 | 12y ago | mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calc… | |||
| CVE-2015-0602 | medium | — | 5.0 | 12y ago | The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. | |||
| CVE-2015-0600 | medium | — | 5.0 | 12y ago | The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. | |||
| CVE-2015-0604 | medium | — | 5.0 | 12y ago | The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, a… | |||
| CVE-2015-1210 | medium | — | 5.0 | 12y ago | The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and b… | |||
| CVE-2015-1480 | medium | — | 5.0 | 12y ago | ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a dire… | |||
| CVE-2015-1463 | medium | — | 5.0 | 12y ago | ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." | |||
| CVE-2015-1382 | medium | — | 5.0 | 12y ago | parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. | |||
| CVE-2015-1381 | medium | — | 5.0 | 12y ago | Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. | |||
| CVE-2015-1380 | medium | — | 5.0 | 12y ago | jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. | |||
| CVE-2015-1453 | medium | — | 5.0 | 12y ago | The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive da… | |||
| CVE-2015-0223 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. | |||
| CVE-2015-1357 | medium | — | 5.0 | 12y ago | Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with … | |||
| CVE-2015-0597 | medium | — | 5.0 | 12y ago | The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67… | |||
| CVE-2015-0595 | medium | — | 5.0 | 12y ago | The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. | |||
| CVE-2015-1419 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. | |||
| CVE-2015-1376 | medium | — | 5.0 | 12y ago | pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host… | |||
| CVE-2015-1309 | medium | — | 5.0 | 12y ago | XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML reques… | |||
| CVE-2015-1306 | medium | — | 5.0 | 12y ago | The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2015-0426 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.3 and 12.1.0.4 allows remote attackers to affect confidentiality via unkno… | |||
| CVE-2015-1193 | medium | — | 5.0 | 12y ago | Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. | |||
| CVE-2015-1192 | medium | — | 5.0 | 12y ago | Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive. | |||
| CVE-2015-1191 | medium | — | 5.0 | 12y ago | Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. | |||
| CVE-2015-0410 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows rem… | |||
| CVE-2015-0407 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. | |||
| CVE-2015-0400 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | |||
| CVE-2015-0375 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network. | |||
| CVE-2015-0372 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2015-0368 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affec… | |||
| CVE-2015-0367 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via vectors related… | |||
| CVE-2015-0366 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a … | |||
| CVE-2015-0362 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to … | |||
| CVE-2015-0867 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename. | |||
| CVE-2015-0516 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. | |||
| CVE-2015-1201 | medium | — | 5.0 | 12y ago | Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2015-1030 | medium | — | 5.0 | 12y ago | Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are… | |||
| CVE-2015-0590 | medium | — | 5.0 | 12y ago | Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action… | |||
| CVE-2015-0221 | medium | — | 5.0 | 12y ago | The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of servic… | |||
| CVE-2015-0591 | medium | — | 5.0 | 12y ago | Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. | |||
| CVE-2015-0583 | medium | — | 5.0 | 12y ago | Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. | |||
| CVE-2015-0579 | medium | — | 5.0 | 12y ago | Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, … | |||
| CVE-2015-0302 | medium | — | 5.0 | 12y ago | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27… | |||
| CVE-2015-0582 | medium | — | 5.0 | 12y ago | The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129. | |||
| CVE-2015-0564 | medium | — | 5.0 | 12y ago | Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of serv… | |||
| CVE-2015-0563 | medium | — | 5.0 | 12y ago | epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remot… | |||
| CVE-2015-0562 | medium | — | 5.0 | 12y ago | Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attack… | |||
| CVE-2015-0561 | medium | — | 5.0 | 12y ago | asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (… | |||
| CVE-2015-0560 | medium | — | 5.0 | 12y ago | The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data str… | |||
| CVE-2015-0559 | medium | — | 5.0 | 12y ago | Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of … | |||
| CVE-2015-0921 | medium | — | 5.0 | 12y ago | XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the… | |||
| CVE-2015-0206 | medium | — | 5.0 | 12y ago | Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending… | |||
| CVE-2015-0205 | medium | — | 5.0 | 12y ago | The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a Certific… | |||
| CVE-2015-8086 | medium | 4.9 | 4.9 | 10y ago | Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S530… | |||
| CVE-2015-8085 | medium | 4.9 | 4.9 | 10y ago | Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S530… | |||
| CVE-2015-3251 | medium | 4.9 | 4.9 | 11y ago | Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API ca… | |||
| CVE-2015-6394 | medium | — | 4.9 | 11y ago | The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408. | |||
| CVE-2015-6369 | medium | — | 4.9 | 11y ago | The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that tri… | |||
| CVE-2015-7812 | medium | — | 4.9 | 11y ago | The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multic… | |||
| CVE-2015-5307 | medium | — | 4.9 | 11y ago | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Chec… | |||
| CVE-2015-5257 | medium | — | 4.9 | 11y ago | drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified oth… | |||
| CVE-2015-6095 | medium | — | 4.9 | 11y ago | Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1… | |||
| CVE-2015-7970 | medium | — | 4.9 | 11y ago | The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU cons… | |||
| CVE-2015-7969 | medium | — | 4.9 | 11y ago | Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" … | |||
| CVE-2015-4894 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server 10.3.0.3, 11.3.0.2, and 12.1.0.0 allows remote authenticated users to affect integrity and availability … | |||
| CVE-2015-4869 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2015-4856 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.30, 4.1.38, 4.2.30, 4.3.26, and 5.0.0 allows local users to affect availability via unkn… | |||
| CVE-2015-4831 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4822. | |||
| CVE-2015-7833 | medium | — | 4.9 | 11y ago | The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of serv… | |||
| CVE-2015-7799 | medium | — | 4.9 | 11y ago | The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL po… | |||
| CVE-2015-6937 | medium | — | 4.9 | 11y ago | The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have u… | |||
| CVE-2015-0275 | medium | — | 4.9 | 11y ago | The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. | |||
| CVE-2015-4265 | medium | — | 4.9 | 11y ago | Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C… | |||
| CVE-2015-5902 | medium | — | 4.9 | 11y ago | The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2015-7306 | medium | — | 4.9 | 11y ago | The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access ad… | |||
| CVE-2015-5440 | medium | — | 4.9 | 11y ago | HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5189 | medium | — | 4.9 | 11y ago | Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for sec… | |||
| CVE-2015-6526 | medium | — | 4.9 | 11y ago | The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-… | |||
| CVE-2015-4700 | medium | — | 4.9 | 11y ago | The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then lo… | |||
| CVE-2015-3212 | medium | — | 4.9 | 11y ago | Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets,… | |||
| CVE-2015-1333 | medium | — | 4.9 | 11y ago | Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system cal… | |||
| CVE-2015-4277 | medium | — | 4.9 | 11y ago | The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial… | |||
| CVE-2015-5515 | medium | — | 4.9 | 11y ago | The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts an… | |||
| CVE-2015-5747 | medium | — | 4.9 | 11y ago | The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors. | |||
| CVE-2015-1331 | medium | — | 4.9 | 11y ago | lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | |||
| CVE-2015-3636 | medium | — | 4.9 | 11y ago | The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges … | |||
| CVE-2015-4290 | medium | — | 4.9 | 11y ago | The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID… | |||
| CVE-2015-4692 | medium | — | 4.9 | 11y ago | The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have… | |||
| CVE-2015-4770 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem. | |||
| CVE-2015-3244 | medium | — | 4.9 | 11y ago | The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted reso… | |||
| CVE-2015-2616 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 3.3 and 4.2 allows local users to affect availability via unknown vectors related to DevFS. | |||
| CVE-2015-2614 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver. | |||
| CVE-2015-2609 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performance counters drivers. | |||
| CVE-2015-2589 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone. | |||
| CVE-2015-4164 | medium | — | 4.9 | 11y ago | The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via … | |||
| CVE-2015-4163 | medium | — | 4.9 | 11y ago | GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hyperca… | |||
| CVE-2015-4351 | medium | — | 4.9 | 11y ago | The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL. | |||
| CVE-2015-4105 | medium | — | 4.9 | 11y ago | Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operation… | |||
| CVE-2015-4103 | medium | — | 4.9 | 11y ago | Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handli… |