CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3326 | medium | — | 5.0 | 11y ago | Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix Build 3318 and 11.0 before Hot Fix Build 4180 creates session IDs for the web console using a random number generator with predi… | |||
| CVE-2015-3900 | medium | — | 5.0 | 11y ago | RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t… | |||
| CVE-2015-3092 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Ad… | |||
| CVE-2015-3091 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Ad… | |||
| CVE-2015-3079 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Ad… | |||
| CVE-2015-3058 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors. | |||
| CVE-2015-3047 | medium | — | 5.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||
| CVE-2015-1716 | medium | — | 5.0 | 11y ago | Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8… | |||
| CVE-2015-1672 | medium | — | 5.0 | 11y ago | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XM… | |||
| CVE-2015-3981 | medium | — | 5.0 | 11y ago | SAP NetWeaver RFC SDK allows attackers to obtain sensitive information via unspecified vectors, aka SAP Security Note 2084037. | |||
| CVE-2015-3451 | medium | — | 5.0 | 11y ago | The _clone function in XML::LibXML before 2.0119 does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to t… | |||
| CVE-2015-2668 | medium | — | 5.0 | 11y ago | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. | |||
| CVE-2015-2222 | medium | — | 5.0 | 11y ago | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. | |||
| CVE-2015-2221 | medium | — | 5.0 | 11y ago | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | |||
| CVE-2015-2170 | medium | — | 5.0 | 11y ago | The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2015-0531 | medium | — | 5.0 | 11y ago | EMC SourceOne Email Management before 7.2 does not have a lockout mechanism for invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-force attack. | |||
| CVE-2015-3633 | medium | — | 5.0 | 11y ago | Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via vectors related to digital signatures. | |||
| CVE-2015-3153 | medium | — | 5.0 | 11y ago | The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information… | |||
| CVE-2015-0914 | medium | — | 5.0 | 11y ago | EasyCTF before 1.4 does not validate the session ID, which allows remote attackers to obtain access via a crafted HTTP request. | |||
| CVE-2015-0712 | medium | — | 5.0 | 11y ago | The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and 14.0(600) on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and packet loss) via malforme… | |||
| CVE-2015-3457 | medium | — | 5.0 | 11y ago | Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allow remote attackers to bypass authentication via the forwarded parameter. | |||
| CVE-2015-3026 | medium | — | 5.0 | 11y ago | Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without log… | |||
| CVE-2015-0711 | medium | — | 5.0 | 11y ago | The hamgr service in the IPv6 Proxy Mobile (PM) implementation in Cisco StarOS 18.1.0.59776 on ASR 5000 devices allows remote attackers to cause a denial of service (service reload and call-processin… | |||
| CVE-2015-1151 | medium | — | 5.0 | 11y ago | Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions on Activity and People pages by connecting from an iPad client. | |||
| CVE-2015-1150 | medium | — | 5.0 | 11y ago | The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration files, which allows remote attackers to bypass network-access restrictions by sending packets for wh… | |||
| CVE-2015-0113 | medium | — | 5.0 | 11y ago | The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 an… | |||
| CVE-2015-3148 | medium | — | 5.0 | 11y ago | cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request. | |||
| CVE-2015-3143 | medium | — | 5.0 | 11y ago | cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0… | |||
| CVE-2015-0846 | medium | — | 5.0 | 11y ago | django-markupfield before 1.3.2 uses the default docutils RESTRUCTUREDTEXT_FILTER_SETTINGS settings, which allows remote attackers to include and read arbitrary files via unspecified vectors. | |||
| CVE-2015-0911 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to read arbitrary files via vectors related to attachment handling. | |||
| CVE-2015-3391 | medium | — | 5.0 | 11y ago | The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote attackers to bypass intended access restrictions and obtain sensitive node titles by reading a 403 Not Found page. | |||
| CVE-2015-3373 | medium | — | 5.0 | 11y ago | The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and AWS access key to generate the access token, which makes it easier for remote attackers to guess the token value and create backu… | |||
| CVE-2015-1247 | medium | — | 5.0 | 11y ago | The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch d… | |||
| CVE-2015-1246 | medium | — | 5.0 | 11y ago | Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2015-1244 | medium | — | 5.0 | 11y ago | The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.2311.90 does not replace the ws scheme with the wss scheme whenever an HSTS Policy is active, which… | |||
| CVE-2015-1240 | medium | — | 5.0 | 11y ago | gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted WebGL p… | |||
| CVE-2015-1235 | medium | — | 5.0 | 11y ago | The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origi… | |||
| CVE-2015-0969 | medium | — | 5.0 | 11y ago | SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI. | |||
| CVE-2015-0938 | medium | — | 5.0 | 11y ago | search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to bypass intended access restrictions, and list or read arbitrary documents… | |||
| CVE-2015-3323 | medium | — | 5.0 | 11y ago | The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 allows remote attackers to cause a denial of serv… | |||
| CVE-2015-3322 | medium | — | 5.0 | 11y ago | Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers before 1.26.0 use weak encryption to store (1) user and (2) administrator BIOS passwords, which allows attackers to decrypt the passwo… | |||
| CVE-2015-2568 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileg… | |||
| CVE-2015-0488 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40, and JRockit R28.3.5, allows remote attackers to affect availability via vectors related to JSSE. | |||
| CVE-2015-0486 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 8u40 allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | |||
| CVE-2015-0464 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote attackers… | |||
| CVE-2015-0449 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect integrity via unknown vectors related … | |||
| CVE-2015-0440 | medium | — | 5.0 | 11y ago | Unspecified vulnerability in the Oracle Knowledge component in Oracle Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers to affect integrity via unknown vectors related to Informa… | |||
| CVE-2015-3319 | medium | — | 5.0 | 11y ago | Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script a… | |||
| CVE-2015-0699 | medium | — | 5.0 | 11y ago | SQL injection vulnerability in the Interactive Voice Response (IVR) component in Cisco Unified Communications Manager (UCM) 10.5(1.98991.13) allows remote attackers to execute arbitrary SQL commands … | |||
| CVE-2015-3044 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain se… | |||
| CVE-2015-3040 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allow… | |||
| CVE-2015-0357 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allow… | |||
| CVE-2015-0844 | medium | — | 5.0 | 11y ago | The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. | |||
| CVE-2015-1819 | medium | — | 5.0 | 11y ago | Nokogiri vulnerable to libxml XML Entity Expansion | |||
| CVE-2015-2935 | medium | — | 5.0 | 11y ago | MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to bypass the SVG filtering and obtain sensitive user information via a mixed case @import in a style el… | |||
| CVE-2015-0694 | medium | — | 5.0 | 11y ago | Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that certain ACL entries have a single-host constraint, which allows remote attackers to bypass intended network-resource access restr… | |||
| CVE-2015-3027 | medium | — | 5.0 | 11y ago | Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect register allocation in a way that triggers stack storage for stack cookie pointers, which might allow context-dependent attackers … | |||
| CVE-2015-2779 | medium | — | 5.0 | 11y ago | Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage. | |||
| CVE-2015-2778 | medium | — | 5.0 | 11y ago | Quassel before 0.12-rc1 uses an incorrect data-type size when splitting a message, which allows remote attackers to cause a denial of service (crash) via a long CTCP query containing only multibyte c… | |||
| CVE-2015-1148 | medium | — | 5.0 | 11y ago | Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. | |||
| CVE-2015-1147 | medium | — | 5.0 | 11y ago | Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in certain circumstances involving missing certificates, which allows remote attackers to obtain sensitiv… | |||
| CVE-2015-1128 | medium | — | 5.0 | 11y ago | The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 allows attackers to obtain sensitive browsing-history information via vectors involving push-n… | |||
| CVE-2015-1118 | medium | — | 5.0 | 11y ago | libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service (memory corruption and application crash) via a crafted configurat… | |||
| CVE-2015-1112 | medium | — | 5.0 | 11y ago | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and other platforms, does not properly delete browsing-history data from the history.plist file, which all… | |||
| CVE-2015-1111 | medium | — | 5.0 | 11y ago | Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file. | |||
| CVE-2015-1110 | medium | — | 5.0 | 11y ago | The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to discover unique identifiers by reading asset-download request data. | |||
| CVE-2015-1105 | medium | — | 5.0 | 11y ago | The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly implement the Urgent (aka out-of-band data) mechanism, which allows … | |||
| CVE-2015-1104 | medium | — | 5.0 | 11y ago | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly determine whether an IPv6 packet had a local origin, which allows remote attackers to bypass a… | |||
| CVE-2015-1092 | medium | — | 5.0 | 11y ago | NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, r… | |||
| CVE-2015-1090 | medium | — | 5.0 | 11y ago | CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state information in response to a Safari history-clearing action, which allows attackers to obtain sensitive i… | |||
| CVE-2015-1089 | medium | — | 5.0 | 11y ago | CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies during processing of redirects in HTTP responses, which allows remote attackers to bypass the Same Ori… | |||
| CVE-2015-0248 | medium | — | 5.0 | 11y ago | The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted … | |||
| CVE-2015-0798 | medium | — | 5.0 | 11y ago | The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute a… | |||
| CVE-2015-0529 | medium | — | 5.0 | 11y ago | EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default passwords for the (1) emcupdate and (2) svcuser accounts, which makes it easier for remote attackers to obtain potentially sensitive … | |||
| CVE-2015-0995 | medium | — | 5.0 | 11y ago | Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which makes it easier for context-dependent attackers to obtain access via a brute-force attack. | |||
| CVE-2015-0991 | medium | — | 5.0 | 11y ago | Inductive Automation Ignition 7.7.2 allows remote attackers to obtain sensitive information by reading an error message about an unhandled exception, as demonstrated by pathname information. | |||
| CVE-2015-0902 | medium | — | 5.0 | 11y ago | The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress does not consider the presence of password protection during generation of the Meta Description field, which allows remote attacker… | |||
| CVE-2015-2820 | medium | — | 5.0 | 11y ago | Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote attackers to cause a denial of service (process termination) via a crafted request, aka SAP Security Note 2132584. | |||
| CVE-2015-2819 | medium | — | 5.0 | 11y ago | SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a denial of service (crash) via a crafted request, aka SAP Security Note 2108161. | |||
| CVE-2015-2818 | medium | — | 5.0 | 11y ago | XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125513. | |||
| CVE-2015-2817 | medium | — | 5.0 | 11y ago | The SAP Management Console in SAP NetWeaver 7.40 allows remote attackers to obtain sensitive information via the ReadProfile parameters, aka SAP Security Note 2091768. | |||
| CVE-2015-2813 | medium | — | 5.0 | 11y ago | XML external entity (XXE) vulnerability in SAP Mobile Platform allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Note 2125358. | |||
| CVE-2015-2812 | medium | — | 5.0 | 11y ago | XML external entity (XXE) vulnerability in XMLValidationComponent in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Secur… | |||
| CVE-2015-2811 | medium | — | 5.0 | 11y ago | XML external entity (XXE) vulnerability in ReportXmlViewer in SAP NetWeaver Portal 7.31.201109172004 allows remote attackers to send requests to intranet servers via crafted XML, aka SAP Security Not… | |||
| CVE-2015-0808 | medium | — | 5.0 | 11y ago | The webrtc::VPMContentAnalysis::Release function in the WebRTC implementation in Mozilla Firefox before 37.0 uses incompatible approaches to the deallocation of memory for simple-type arrays, which m… | |||
| CVE-2015-0800 | medium | — | 5.0 | 11y ago | The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it e… | |||
| CVE-2015-2809 | medium | — | 5.0 | 11y ago | The Multicast DNS (mDNS) responder in Synology DiskStation Manager (DSM) before 3.1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attack… | |||
| CVE-2015-1892 | medium | — | 5.0 | 11y ago | The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not l… | |||
| CVE-2015-1827 | medium | — | 5.0 | 11y ago | The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly reallocate memory when processing user accounts, which allows remote attackers to cause a denial of ser… | |||
| CVE-2015-1609 | medium | — | 5.0 | 11y ago | MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | |||
| CVE-2015-2348 | medium | — | 5.0 | 11y ago | The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, whic… | |||
| CVE-2015-1352 | medium | — | 5.0 | 11y ago | The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7 does not validate token extraction for table names, which allows remote attackers to cause a denia… | |||
| CVE-2015-0997 | medium | — | 5.0 | 11y ago | Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 provide an HMI user interface that lists all valid usernames, which makes… | |||
| CVE-2015-2773 | medium | — | 5.0 | 11y ago | SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2015-2771 | medium | — | 5.0 | 11y ago | The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances before 8.0.0 uses plaintext credentials, which allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-2766 | medium | — | 5.0 | 11y ago | The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0 allows attackers to have unspecified impact via a brute force attack. | |||
| CVE-2015-2762 | medium | — | 5.0 | 11y ago | Websense TRITON AP-WEB before 8.0.0 allows remote attackers to enumerate Windows domain user accounts via vectors related to HTTP authentication. | |||
| CVE-2015-2748 | medium | — | 5.0 | 11y ago | Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Securi… | |||
| CVE-2015-0672 | medium | — | 5.0 | 11y ago | The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows remote attackers to cause a denial of service (service outage) via a flood of crafted DHCP packets, aka Bug ID CSCup67822. | |||
| CVE-2015-2316 | medium | — | 5.0 | 11y ago | The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of servi… |