CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-4065 | low | — | 4.5 | 11y ago | Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web s… | |||
| CVE-2015-4063 | low | — | 4.5 | 11y ago | Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via … | |||
| CVE-2015-1028 | low | — | 4.5 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmware GE_1.01 allow remote authenticated users to inject arbitrary web script or HTML via the (1) domai… | |||
| CVE-2015-1054 | low | — | 4.5 | 12y ago | Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game. | |||
| CVE-2015-7418 | medium | 4.4 | 4.4 | 9y ago | IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator pri… | |||
| CVE-2015-7462 | medium | 4.4 | 4.4 | 10y ago | IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcert… | |||
| CVE-2015-5208 | medium | 4.4 | 4.4 | 10y ago | Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. | |||
| CVE-2015-8552 | medium | 4.4 | 4.4 | 10y ago | The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messag… | |||
| CVE-2015-2008 | medium | 4.4 | 4.4 | 10y ago | IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive … | |||
| CVE-2015-7509 | medium | 4.4 | 4.4 | 11y ago | fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. | |||
| CVE-2015-7312 | medium | — | 4.4 | 11y ago | Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-aft… | |||
| CVE-2015-2642 | medium | — | 4.4 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. | |||
| CVE-2015-2132 | medium | — | 4.4 | 11y ago | Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors. | |||
| CVE-2015-1946 | medium | — | 4.4 | 11y ago | IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user rol… | |||
| CVE-2015-3716 | medium | — | 4.4 | 11y ago | Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. | |||
| CVE-2015-2720 | medium | — | 4.4 | 11y ago | The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain p… | |||
| CVE-2015-0471 | medium | — | 4.4 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign. | |||
| CVE-2015-1115 | medium | — | 4.4 | 11y ago | The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. | |||
| CVE-2015-0990 | medium | — | 4.4 | 11y ago | Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. | |||
| CVE-2015-0239 | medium | — | 4.4 | 11y ago | The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a… | |||
| CVE-2015-1356 | medium | — | 4.4 | 11y ago | Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitra… | |||
| CVE-2015-0377 | medium | — | 4.4 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown v… | |||
| CVE-2015-2241 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a … | |||
| CVE-2015-2317 | medium | — | 4.3 | 4y ago | The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to c… | |||
| CVE-2015-6938 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbi… | |||
| CVE-2015-3400 | medium | 4.3 | 4.3 | 9y ago | sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obta… | |||
| CVE-2015-5069 | medium | 4.3 | 4.3 | 9y ago | The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attack… | |||
| CVE-2015-7880 | medium | 4.3 | 4.3 | 9y ago | The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and … | |||
| CVE-2015-3163 | medium | 4.3 | 4.3 | 9y ago | The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEA… | |||
| CVE-2015-3160 | medium | 4.3 | 4.3 | 9y ago | XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing e… | |||
| CVE-2015-0269 | medium | 4.3 | 4.3 | 9y ago | Contao Core directory traversal vulnerability | |||
| CVE-2015-7976 | medium | 4.3 | 4.3 | 10y ago | The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a c… | |||
| CVE-2015-7776 | medium | 4.3 | 4.3 | 10y ago | Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vul… | |||
| CVE-2015-5715 | medium | 4.3 | 4.3 | 10y ago | The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arra… | |||
| CVE-2015-6479 | medium | 4.3 | 4.3 | 10y ago | ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover pote… | |||
| CVE-2015-8336 | medium | 4.3 | 4.3 | 10y ago | Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. | |||
| CVE-2015-0861 | medium | 4.3 | 4.3 | 10y ago | model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write… | |||
| CVE-2015-8473 | medium | 4.3 | 4.3 | 10y ago | The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to … | |||
| CVE-2015-8021 | medium | 4.3 | 4.3 | 10y ago | Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 bef… | |||
| CVE-2015-7454 | medium | 4.3 | 4.3 | 10y ago | Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5… | |||
| CVE-2015-5174 | medium | 4.3 | 4.3 | 10y ago | Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | |||
| CVE-2015-5342 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to bypass intended access restrictions | |||
| CVE-2015-5341 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to read SCORM contents | |||
| CVE-2015-5340 | medium | 4.3 | 4.3 | 10y ago | Moodle sensitive information disclosure | |||
| CVE-2015-5339 | medium | 4.3 | 4.3 | 10y ago | Moodle does not properly implement group-based access restrictions | |||
| CVE-2015-5335 | medium | 4.3 | 4.3 | 10y ago | Moodle cross-site request forgery (CSRF) vulnerability | |||
| CVE-2015-5331 | medium | 4.3 | 4.3 | 10y ago | Moodle improper access control | |||
| CVE-2015-5272 | medium | 4.3 | 4.3 | 10y ago | The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants." | |||
| CVE-2015-5268 | medium | 4.3 | 4.3 | 10y ago | Moodle mishandles group-based authorization checks | |||
| CVE-2015-5265 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to delete files | |||
| CVE-2015-3273 | medium | 4.3 | 4.3 | 10y ago | mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated … | |||
| CVE-2015-8488 | medium | 4.3 | 4.3 | 10y ago | Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487. | |||
| CVE-2015-8487 | medium | 4.3 | 4.3 | 10y ago | Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. | |||
| CVE-2015-7677 | medium | 4.3 | 4.3 | 10y ago | The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides different error messages depending on whether a FileID exists, which allows remote authenticated users to enumerate FileIDs via the … | |||
| CVE-2015-8791 | medium | 4.3 | 4.3 | 11y ago | The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML … | |||
| CVE-2015-8790 | medium | 4.3 | 4.3 | 11y ago | The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted UTF-8 string, which tr… | |||
| CVE-2015-4885 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 allows remote attackers to affect confidentiality via vectors related to… | |||
| CVE-2015-7469 | medium | 4.3 | 4.3 | 11y ago | Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended read-only restr… | |||
| CVE-2015-7468 | medium | 4.3 | 4.3 | 11y ago | Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to bypass intended restrictions on… | |||
| CVE-2015-6423 | medium | 4.3 | 4.3 | 11y ago | The DCERPC Inspection implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 through 9.5.1 allows remote authenticated users to bypass an intended DCERPC-only ACL by sending arbitra… | |||
| CVE-2015-7116 | medium | 4.3 | 4.3 | 11y ago | libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML do… | |||
| CVE-2015-7115 | medium | 4.3 | 4.3 | 11y ago | libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted XML do… | |||
| CVE-2015-5310 | medium | 4.3 | 4.3 | 11y ago | The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers … | |||
| CVE-2015-5051 | medium | 4.3 | 4.3 | 11y ago | IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before 7.6.0.2 IF1 and Maximo Asset Management 7.5 before 7.5.0.8 IF6, 7.5.1, and 7.6 before 7.6.0.2 IF1 for SmartCloud Control Desk allow r… | |||
| CVE-2015-1971 | medium | 4.3 | 4.3 | 11y ago | Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Mana… | |||
| CVE-2015-7452 | medium | 4.3 | 4.3 | 11y ago | IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 FP9, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allow r… | |||
| CVE-2015-5020 | medium | 4.3 | 4.3 | 11y ago | The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecifi… | |||
| CVE-2015-7445 | medium | 4.3 | 4.3 | 11y ago | IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B Advanced Communications 1.x before 1.0.0.4, when guest access is configured, allow remote authenticated users to obtain sensitive … | |||
| CVE-2015-7789 | medium | 4.3 | 4.3 | 11y ago | ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors. | |||
| CVE-2015-7787 | medium | 4.3 | 4.3 | 11y ago | ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors. | |||
| CVE-2015-7784 | medium | 4.3 | 4.3 | 11y ago | SQL injection vulnerability in the BOKUBLOCK (1) BbAdminViewsControl213 plugin before 1.1 and (2) BbAdminViewsControl plugin before 2.1 for EC-CUBE allows remote authenticated users to execute arbitr… | |||
| CVE-2015-6852 | medium | 4.3 | 4.3 | 11y ago | Directory traversal vulnerability in the API in EMC Secure Remote Services Virtual Edition 3.x before 3.10 allows remote authenticated users to read log files via a crafted parameter. | |||
| CVE-2015-7929 | medium | 4.3 | 4.3 | 11y ago | eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Re… | |||
| CVE-2015-7413 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF19 and 8.5.0 through CF08 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-5001 | medium | 4.3 | 4.3 | 11y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF19, and 8.5.0 before CF08 allows remote authenticated users to cause a … | |||
| CVE-2015-7518 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in information popups in Foreman before 1.10.0 allow remote attackers to inject arbitrary web script or HTML via (1) global parameters, (2) smart c… | |||
| CVE-2015-5204 | medium | — | 4.3 | 11y ago | CRLF injection vulnerability in the Apache Cordova File Transfer Plugin (cordova-plugin-file-transfer) for Android before 1.3.0 allows remote attackers to inject arbitrary headers via CRLF sequences … | |||
| CVE-2015-7217 | medium | — | 4.3 | 11y ago | The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux GNOME platforms incorrectly enables the TGA decoder, which allows remote attackers to cause a denial of service (heap-based buffer… | |||
| CVE-2015-8247 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo Internet Management Software (IMS) 2015 allows remote attackers to inject arbitrary web script or HTML via the plan_name parameter… | |||
| CVE-2015-4206 | medium | — | 4.3 | 11y ago | Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to bypass an XSS protection mechanism via a crafted parameter, aka Bug ID CSCuu15266. | |||
| CVE-2015-6790 | medium | — | 4.3 | 11y ago | The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, whi… | |||
| CVE-2015-6416 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Email Interaction Manager and Unified Web Interaction Manager 11.0(1) allows remote attackers to inject arbitrary web script or HTML a crafte… | |||
| CVE-2015-6418 | medium | — | 4.3 | 11y ago | The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS… | |||
| CVE-2015-6400 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 10.5(1a) allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug ID CSCuv25547. | |||
| CVE-2015-7093 | medium | — | 4.3 | 11y ago | Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL in the user interface via a crafted web site. | |||
| CVE-2015-7058 | medium | — | 4.3 | 11y ago | Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 improperly validate keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | |||
| CVE-2015-7050 | medium | — | 4.3 | 11y ago | WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses content extensions, which allows remote attackers to obtain sensitive browsing-history information via a crafted web site. | |||
| CVE-2015-7043 | medium | — | 4.3 | 11y ago | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-20… | |||
| CVE-2015-7042 | medium | — | 4.3 | 11y ago | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-20… | |||
| CVE-2015-7041 | medium | — | 4.3 | 11y ago | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-20… | |||
| CVE-2015-7040 | medium | — | 4.3 | 11y ago | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to cause a denial of service via a crafted app, a different vulnerability than CVE-20… | |||
| CVE-2015-8453 | medium | — | 4.3 | 11y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-6169 | medium | — | 4.3 | 11y ago | Microsoft Edge misparses HTTP responses, which allows remote attackers to redirect users to arbitrary web sites via unspecified vectors, aka "Microsoft Edge Spoofing Vulnerability." | |||
| CVE-2015-6165 | medium | — | 4.3 | 11y ago | Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a… | |||
| CVE-2015-6161 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass." | |||
| CVE-2015-6157 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||
| CVE-2015-6144 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 8 through 11 and Microsoft Edge mishandle HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via … | |||
| CVE-2015-6138 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 8 through 11 mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vector… | |||
| CVE-2015-6114 | medium | — | 4.3 | 11y ago | Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a… | |||
| CVE-2015-6630 | medium | — | 4.3 | 11y ago | SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to read screenshots and consequently gain privileges via a crafted application, aka internal bug 19121797. |