CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1010 | medium | — | 4.9 | 11y ago | Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decr… | |||
| CVE-2015-3332 | medium | — | 4.9 | 11y ago | A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) v… | |||
| CVE-2015-3378 | medium | — | 4.9 | 11y ago | Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated us… | |||
| CVE-2015-2575 | medium | — | 4.9 | 11y ago | Improper Access Control in MySQL Connectors Java | |||
| CVE-2015-0490 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 allows remote authenticated users to affect confidentiality and integ… | |||
| CVE-2015-1141 | medium | — | 4.9 | 11y ago | The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. | |||
| CVE-2015-1138 | medium | — | 4.9 | 11y ago | Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2015-2756 | medium | — | 4.9 | 11y ago | QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and … | |||
| CVE-2015-2752 | medium | — | 4.9 | 11y ago | The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host… | |||
| CVE-2015-0199 | medium | — | 4.9 | 11y ago | The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corrupt… | |||
| CVE-2015-2150 | medium | — | 4.9 | 11y ago | Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable… | |||
| CVE-2015-0268 | medium | — | 4.9 | 11y ago | The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (… | |||
| CVE-2015-0606 | medium | — | 4.9 | 12y ago | The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. | |||
| CVE-2015-1377 | medium | — | 4.9 | 12y ago | The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. | |||
| CVE-2015-1457 | medium | — | 4.9 | 12y ago | Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | |||
| CVE-2015-0428 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control. | |||
| CVE-2015-0371 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity and availability via u… | |||
| CVE-2015-2148 | medium | 4.8 | 4.8 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2015-2144 | medium | 4.8 | 4.8 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name paramet… | |||
| CVE-2015-9230 | medium | 4.8 | 4.8 | 9y ago | In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefi… | |||
| CVE-2015-9229 | medium | 4.8 | 4.8 | 9y ago | In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. | |||
| CVE-2015-3161 | medium | 4.8 | 4.8 | 9y ago | The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON. | |||
| CVE-2015-8140 | medium | 4.8 | 4.8 | 10y ago | The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. | |||
| CVE-2015-6295 | medium | — | 4.8 | 11y ago | Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic f… | |||
| CVE-2015-3774 | medium | — | 4.8 | 11y ago | The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modif… | |||
| CVE-2015-5521 | medium | 4.8 | 4.8 | 11y ago | Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php. | |||
| CVE-2015-3728 | medium | — | 4.8 | 11y ago | The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID with… | |||
| CVE-2015-0296 | medium | 4.7 | 4.7 | 9y ago | The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file… | |||
| CVE-2015-3248 | medium | 4.7 | 4.7 | 9y ago | openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hostin… | |||
| CVE-2015-7553 | medium | 4.7 | 4.7 | 9y ago | Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by… | |||
| CVE-2015-2687 | medium | 4.7 | 4.7 | 9y ago | OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. | |||
| CVE-2015-3142 | medium | 4.7 | 4.7 | 9y ago | The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensi… | |||
| CVE-2015-7493 | medium | 4.7 | 4.7 | 9y ago | IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. | |||
| CVE-2015-4170 | medium | 4.7 | 4.7 | 10y ago | Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_do… | |||
| CVE-2015-7328 | medium | 4.7 | 4.7 | 11y ago | Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during th… | |||
| CVE-2015-8508 | medium | 4.7 | 4.7 | 11y ago | Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot conf… | |||
| CVE-2015-7438 | medium | 4.7 | 4.7 | 11y ago | IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access. | |||
| CVE-2015-8340 | medium | — | 4.7 | 11y ago | The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host cr… | |||
| CVE-2015-8339 | medium | — | 4.7 | 11y ago | The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host … | |||
| CVE-2015-7814 | medium | — | 4.7 | 11y ago | Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vecto… | |||
| CVE-2015-5283 | medium | — | 4.7 | 11y ago | The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic… | |||
| CVE-2015-5914 | medium | — | 4.7 | 11y ago | The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted cod… | |||
| CVE-2015-2453 | medium | — | 4.7 | 11y ago | The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT… | |||
| CVE-2015-4167 | medium | — | 4.7 | 11y ago | The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data represen… | |||
| CVE-2015-0011 | medium | — | 4.7 | 12y ago | mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windo… | |||
| CVE-2015-6839 | medium | 4.6 | 4.6 | 9y ago | The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted R… | |||
| CVE-2015-7846 | medium | 4.6 | 4.6 | 9y ago | Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. | |||
| CVE-2015-8324 | medium | 4.6 | 4.6 | 10y ago | The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of servi… | |||
| CVE-2015-8512 | medium | 4.6 | 4.6 | 11y ago | The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by enterin… | |||
| CVE-2015-7062 | medium | — | 4.6 | 11y ago | Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors. | |||
| CVE-2015-7057 | medium | — | 4.6 | 11y ago | otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. | |||
| CVE-2015-7049 | medium | — | 4.6 | 11y ago | otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. | |||
| CVE-2015-1342 | medium | — | 4.6 | 11y ago | LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup. | |||
| CVE-2015-0856 | medium | — | 4.6 | 11y ago | daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated … | |||
| CVE-2015-8222 | medium | — | 4.6 | 11y ago | The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via un… | |||
| CVE-2015-4625 | medium | — | 4.6 | 11y ago | Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers… | |||
| CVE-2015-3256 | medium | — | 4.6 | 11y ago | PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "java… | |||
| CVE-2015-3255 | medium | — | 4.6 | 11y ago | The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in a… | |||
| CVE-2015-4907 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnera… | |||
| CVE-2015-4891 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to NSCD. | |||
| CVE-2015-4879 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors relat… | |||
| CVE-2015-5707 | medium | — | 4.6 | 11y ago | Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other … | |||
| CVE-2015-1810 | medium | — | 4.6 | 11y ago | Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation | |||
| CVE-2015-6333 | medium | — | 4.6 | 11y ago | Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. | |||
| CVE-2015-5897 | medium | — | 4.6 | 11y ago | The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. | |||
| CVE-2015-5442 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. | |||
| CVE-2015-5426 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. | |||
| CVE-2015-6745 | medium | — | 4.6 | 11y ago | Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NO… | |||
| CVE-2015-5706 | medium | — | 4.6 | 11y ago | Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other … | |||
| CVE-2015-3759 | medium | — | 4.6 | 11y ago | Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. | |||
| CVE-2015-4482 | medium | — | 4.6 | 11y ago | mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name o… | |||
| CVE-2015-3286 | medium | — | 4.6 | 11y ago | Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large grou… | |||
| CVE-2015-1334 | medium | — | 4.6 | 11y ago | attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1… | |||
| CVE-2015-3957 | medium | — | 4.6 | 11y ago | Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. | |||
| CVE-2015-4237 | medium | — | 4.6 | 11y ago | The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted cha… | |||
| CVE-2015-4232 | medium | — | 4.6 | 11y ago | Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856. | |||
| CVE-2015-3726 | medium | — | 4.6 | 11y ago | The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. | |||
| CVE-2015-1950 | medium | — | 4.6 | 11y ago | IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain Po… | |||
| CVE-2015-1959 | medium | — | 4.6 | 11y ago | IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted f… | |||
| CVE-2015-3318 | medium | — | 4.6 | 11y ago | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA U… | |||
| CVE-2015-3317 | medium | — | 4.6 | 11y ago | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA U… | |||
| CVE-2015-3316 | medium | — | 4.6 | 11y ago | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA U… | |||
| CVE-2015-4106 | medium | — | 4.6 | 11y ago | QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host c… | |||
| CVE-2015-1322 | medium | — | 4.6 | 11y ago | Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0u… | |||
| CVE-2015-2042 | medium | — | 4.6 | 11y ago | net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly hav… | |||
| CVE-2015-2041 | medium | — | 4.6 | 11y ago | net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or poss… | |||
| CVE-2015-1572 | medium | — | 4.6 | 11y ago | Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as d… | |||
| CVE-2015-0247 | medium | — | 4.6 | 11y ago | Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. | |||
| CVE-2015-0603 | medium | — | 4.6 | 12y ago | Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing… | |||
| CVE-2015-0601 | medium | — | 4.6 | 12y ago | Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790. | |||
| CVE-2015-0392 | medium | — | 4.6 | 12y ago | Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availa… | |||
| CVE-2015-7418 | medium | 4.4 | 4.4 | 9y ago | IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator pri… | |||
| CVE-2015-7462 | medium | 4.4 | 4.4 | 10y ago | IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcert… | |||
| CVE-2015-5208 | medium | 4.4 | 4.4 | 10y ago | Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. | |||
| CVE-2015-8552 | medium | 4.4 | 4.4 | 10y ago | The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messag… | |||
| CVE-2015-2008 | medium | 4.4 | 4.4 | 10y ago | IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive … | |||
| CVE-2015-7509 | medium | 4.4 | 4.4 | 11y ago | fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. | |||
| CVE-2015-7312 | medium | — | 4.4 | 11y ago | Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-aft… | |||
| CVE-2015-2642 | medium | — | 4.4 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. | |||
| CVE-2015-2132 | medium | — | 4.4 | 11y ago | Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors. |