CVEs from 2015
Total
7,261
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6384 | medium | — | 4.3 | 11y ago | The Cisco WebEx Meetings application before 8.5.1 for Android improperly initializes custom application permissions, which allows attackers to bypass intended access restrictions via a crafted applic… | |||
| CVE-2015-5245 | medium | — | 4.3 | 11y ago | CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks… | |||
| CVE-2015-6390 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unity Connection 9.1(1.10) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, a… | |||
| CVE-2015-5326 | medium | — | 4.3 | 11y ago | Jenkins allows Cross-Site Scripting (XSS) | |||
| CVE-2015-7288 | medium | — | 4.3 | 11y ago | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 allow remote attackers to modify the configuration via a command in an SMS message, as demonstrated by a "4 2" command. | |||
| CVE-2015-5256 | medium | — | 4.3 | 11y ago | Apache Cordova-Android before 4.1.0, when an application relies on a remote server, improperly implements a JavaScript whitelist protection mechanism, which allows attackers to bypass intended access… | |||
| CVE-2015-5859 | medium | — | 4.3 | 11y ago | The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X before 10.11 does not properly recognize the HSTS preload list during a Safari private-browsing session, which makes it easier for … | |||
| CVE-2015-5787 | medium | — | 4.3 | 11y ago | The kernel in Apple iOS before 8.4.1 does not properly restrict debugging features, which allows attackers to bypass background-execution limitations via a crafted app. | |||
| CVE-2015-7777 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in index.php in JosephErnest Void before 2015-10-02 allows remote attackers to inject arbitrary web script or HTML via a crafted URI. | |||
| CVE-2015-7290 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web management interface on Arris DG860A, TG862A, and TG862G devices with firmware TS0703128_100611 through TS0705125D_031115 allows rem… | |||
| CVE-2015-7772 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2015-7771 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via… | |||
| CVE-2015-7385 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is not… | |||
| CVE-2015-4112 | medium | — | 4.3 | 11y ago | The Management Console in BlackBerry Enterprise Server (BES) 12 before 12.2 does not properly restrict use of FRAME elements, which makes it easier for remote attackers to conduct clickjacking attack… | |||
| CVE-2015-6374 | medium | — | 4.3 | 11y ago | The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to … | |||
| CVE-2015-8053 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a diffe… | |||
| CVE-2015-8052 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a diffe… | |||
| CVE-2015-5255 | medium | — | 4.3 | 11y ago | Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x be… | |||
| CVE-2015-7941 | medium | — | 4.3 | 11y ago | libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1… | |||
| CVE-2015-6372 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject ar… | |||
| CVE-2015-8232 | medium | — | 4.3 | 11y ago | The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from th… | |||
| CVE-2015-7997 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, … | |||
| CVE-2015-7830 | medium | — | 4.3 | 11y ago | The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause … | |||
| CVE-2015-5441 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2015-6123 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mis… | |||
| CVE-2015-6115 | medium | — | 4.3 | 11y ago | Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass." | |||
| CVE-2015-6099 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka "… | |||
| CVE-2015-6096 | medium | — | 4.3 | 11y ago | The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction wit… | |||
| CVE-2015-6088 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass." | |||
| CVE-2015-6061 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script … | |||
| CVE-2015-4551 | medium | — | 4.3 | 11y ago | LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow … | |||
| CVE-2015-8006 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in the PageTriage extension for MediWiki allows remote attackers to inject arbitrary web script or HTML via the page title. | |||
| CVE-2015-3240 | medium | — | 4.3 | 11y ago | The pluto IKE daemon in libreswan before 3.15 and Openswan before 2.6.45, when built with NSS, allows remote attackers to cause a denial of service (assertion failure and daemon restart) via a zero D… | |||
| CVE-2015-5734 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the legacy theme preview implementation in wp-includes/theme.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML v… | |||
| CVE-2015-5733 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script… | |||
| CVE-2015-5732 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the form function in the WP_Nav_Menu_Widget class in wp-includes/default-widgets.php in WordPress before 4.2.4 allows remote attackers to inject arbitrary … | |||
| CVE-2015-4928 | medium | — | 4.3 | 11y ago | Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, includes cleartext passwords on a Configs screen, which allows physically proximate attackers to obtain sensitive infor… | |||
| CVE-2015-2017 | medium | — | 4.3 | 11y ago | CRLF injection vulnerability in IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.8 allows remote attackers to inject arbitra… | |||
| CVE-2015-1995 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted UR… | |||
| CVE-2015-7697 | medium | — | 4.3 | 11y ago | Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive. | |||
| CVE-2015-7191 | medium | — | 4.3 | 11y ago | Mozilla Firefox before 42.0 on Android improperly restricts URL strings in intents, which allows attackers to conduct cross-site scripting (XSS) attacks via vectors involving an intent: URL and fallb… | |||
| CVE-2015-7187 | medium | — | 4.3 | 11y ago | The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a "script: false" panel setting, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via inline JavaSc… | |||
| CVE-2015-7186 | medium | — | 4.3 | 11y ago | Mozilla Firefox before 42.0 on Android allows user-assisted remote attackers to bypass the Same Origin Policy and trigger (1) a download or (2) cached profile-data reading via a file: URL in a saved … | |||
| CVE-2015-7185 | medium | — | 4.3 | 11y ago | Mozilla Firefox before 42.0 on Android does not ensure that the address bar is restored upon fullscreen-mode exit, which allows remote attackers to spoof the address bar via crafted JavaScript code. | |||
| CVE-2015-4518 | medium | — | 4.3 | 11y ago | The Reader View implementation in Mozilla Firefox before 42.0 has an improper whitelist, which makes it easier for remote attackers to bypass the Content Security Policy (CSP) protection mechanism an… | |||
| CVE-2015-4515 | medium | — | 4.3 | 11y ago | Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP authentication, allows remote attackers to obtain sensitive hostname information by constructing a crafted web site that sends an NTLM re… | |||
| CVE-2015-6356 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco Social Miner 10.0(1) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuw60212. | |||
| CVE-2015-6352 | medium | — | 4.3 | 11y ago | Cisco Unified Communications Domain Manager before 10.6(1) provides different error messages for pathname access attempts depending on whether the pathname exists, which allows remote attackers to ma… | |||
| CVE-2015-6349 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HT… | |||
| CVE-2015-6346 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-5670 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-6488 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the web server on Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allows remote attackers to inject arbitrar… | |||
| CVE-2015-3970 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web interface on Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers to inject arbitrary web script or HTML via unspecifi… | |||
| CVE-2015-5262 | medium | — | 4.3 | 11y ago | Denial of service vulnerability in org.apache.httpcomponents:httpclient | |||
| CVE-2015-5178 | medium | — | 4.3 | 11y ago | The Management Console in Red Hat Enterprise Application Platform before 6.4.4 and WildFly (formerly JBoss Application Server) does not send an X-Frame-Options HTTP header, which makes it easier for … | |||
| CVE-2015-3996 | medium | — | 4.3 | 11y ago | The default AFSecurityPolicy.validatesDomainName configuration for AFSSLPinningModeNone in the AFNetworking framework before 2.5.3, as used in the ownCloud iOS Library, disables verification of a ser… | |||
| CVE-2015-5943 | medium | — | 4.3 | 11y ago | SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic clicks from reaching keychain windows, which allows attackers to bypass intended access restrictions via a crafted app. | |||
| CVE-2015-7022 | medium | — | 4.3 | 11y ago | The Telephony subsystem in Apple iOS before 9.1 allows attackers to obtain sensitive call-status information via a crafted app. | |||
| CVE-2015-6997 | medium | — | 4.3 | 11y ago | The X.509 certificate-trust implementation in Apple iOS before 9.1 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it eas… | |||
| CVE-2015-4912 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 and 11.1.2.3 allows remote attackers to affect confidentiality via vectors related to SSO Engine. | |||
| CVE-2015-4899 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality via unknown vectors related to Securit… | |||
| CVE-2015-4880 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a… | |||
| CVE-2015-4867 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server, a… | |||
| CVE-2015-4854 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vect… | |||
| CVE-2015-4847 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related… | |||
| CVE-2015-4845 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality… | |||
| CVE-2015-4841 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM IP2014 and IP2015 allows remote attackers to affect confidentiality via unknown vectors related to Servi… | |||
| CVE-2015-4832 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.2, and 11.1.2.3 allows remote attackers to affect integrity via vectors related to OIM … | |||
| CVE-2015-4799 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.1, and 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related… | |||
| CVE-2015-4793 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Communications Convergence component in Oracle Communications Applications 2.0 and 3.0.1 allows remote attackers to affect confidentiality via unknown vectors … | |||
| CVE-2015-7032 | medium | — | 4.3 | 11y ago | The Apple iWork application before 2.6 for iOS, Apple Keynote before 6.6, Apple Pages before 5.6, and Apple Numbers before 3.6 allow remote attackers to obtain sensitive information via a crafted doc… | |||
| CVE-2015-6477 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm Portal application in Nordex Control 2 (NC2) SCADA 16 and earlier allow remote attackers to inject arbitrary web script or HTML vi… | |||
| CVE-2015-5661 | medium | — | 4.3 | 11y ago | The SAND STUDIO AirDroid application 1.1.0 and earlier for Android mishandles implicit intents, which allows attackers to obtain sensitive information via a crafted application. | |||
| CVE-2015-6844 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne Email Supervisor before 7.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5444 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in HP Smart Profile Server Data Analytics Layer (SPS DAL) 2.3 before 2.3.5 allow remote attackers to inject arbitrary web script or HTML via unspec… | |||
| CVE-2015-7377 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in pie-register/pie-register.php in the Pie Register plugin before 2.0.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the… | |||
| CVE-2015-1813 | medium | — | 4.3 | 11y ago | Jenkins allows Cross-Site Scripting (XSS) | |||
| CVE-2015-1812 | medium | — | 4.3 | 11y ago | Jenkins Cross-site Scripting vulnerability | |||
| CVE-2015-6704 | medium | — | 4.3 | 11y ago | The animations property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Re… | |||
| CVE-2015-6703 | medium | — | 4.3 | 11y ago | The loadFlashMovie function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Con… | |||
| CVE-2015-6702 | medium | — | 4.3 | 11y ago | The createSquareMesh function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC C… | |||
| CVE-2015-6701 | medium | — | 4.3 | 11y ago | The ambientIlluminationColor property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat … | |||
| CVE-2015-6699 | medium | — | 4.3 | 11y ago | The addForegroundSprite function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader D… | |||
| CVE-2015-5583 | medium | — | 4.3 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 o… | |||
| CVE-2015-7373 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the "magic-macros" feature in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via a GET parameter, which is not… | |||
| CVE-2015-7370 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in open-flash-chart.swf in Open Flash Chart 2, as used in the VideoAds plugin in Revive Adserver before 3.2.2 and CA Release Automation (formerly L… | |||
| CVE-2015-7365 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the plugin upgrade form in Revive Adserver before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via the filename of an uploaded file… | |||
| CVE-2015-6059 | medium | — | 4.3 | 11y ago | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from p… | |||
| CVE-2015-6058 | medium | — | 4.3 | 11y ago | Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS… | |||
| CVE-2015-6052 | medium | — | 4.3 | 11y ago | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanis… | |||
| CVE-2015-6051 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer… | |||
| CVE-2015-6046 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerabilit… | |||
| CVE-2015-2556 | medium | — | 4.3 | 11y ago | The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an exte… | |||
| CVE-2015-5654 | medium | — | 4.3 | 11y ago | Cross-Site Scripting in dojo | |||
| CVE-2015-5235 | medium | — | 4.3 | 11y ago | IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving … | |||
| CVE-2015-5894 | medium | — | 4.3 | 11y ago | The X.509 certificate-trust implementation in Apple OS X before 10.11 does not recognize that the kSecRevocationRequirePositiveResponse flag implies a revocation-checking requirement, which makes it … | |||
| CVE-2015-5865 | medium | — | 4.3 | 11y ago | IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-5836 | medium | — | 4.3 | 11y ago | Apple Online Store Kit in Apple OS X before 10.11 improperly validates iCloud keychain item ACLs, which allows attackers to obtain access to keychain items via a crafted app. | |||
| CVE-2015-5828 | medium | — | 4.3 | 11y ago | The API in the WebKit Plug-ins component in Apple Safari before 9 does not provide notification of an HTTP Redirection (aka 3xx) status code to a plugin, which allows remote attackers to bypass inten… | |||
| CVE-2015-3878 | medium | — | 4.3 | 11y ago | Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to bypass an intended screen-recording warning feature and obtain sensitive screen-snapshot information … |