CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0295 | medium | — | 5.0 | 11y ago | The BMP decoder in QtGui in QT before 5.5 does not properly calculate the masks used to extract the color components, which allows remote attackers to cause a denial of service (divide-by-zero and cr… | |||
| CVE-2015-2154 | medium | — | 5.0 | 11y ago | The osi_print_cksum function in print-isoclns.c in the ethernet printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) l… | |||
| CVE-2015-0282 | medium | — | 5.0 | 11y ago | GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature algorithm matches the signature algorithm in the certificate, which allows remote attackers to conduct downgrade attacks via unspeci… | |||
| CVE-2015-0671 | medium | — | 5.0 | 11y ago | The DNS implementation in Cisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) 3.2(1) allows remote attackers to cause a denial of service (CPU consumption and network-resource consump… | |||
| CVE-2015-0293 | medium | — | 5.0 | 11y ago | The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (s2_lib.c assertion failure … | |||
| CVE-2015-0291 | medium | — | 5.0 | 11y ago | The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) by using an invalid signature_al… | |||
| CVE-2015-0290 | medium | — | 5.0 | 11y ago | The multi-block feature in the ssl3_write_bytes function in s3_pkt.c in OpenSSL 1.0.2 before 1.0.2a on 64-bit x86 platforms with AES NI support does not properly handle certain non-blocking I/O cases… | |||
| CVE-2015-0289 | medium | — | 5.0 | 11y ago | The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly handle a lack of outer ContentInfo, which allows attackers to … | |||
| CVE-2015-0288 | medium | — | 5.0 | 11y ago | The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service… | |||
| CVE-2015-0287 | medium | — | 5.0 | 11y ago | The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not reinitialize CHOICE and ADB data structur… | |||
| CVE-2015-0286 | medium | — | 5.0 | 11y ago | The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a does not properly perform boolean-type comparisons, whi… | |||
| CVE-2015-0207 | medium | — | 5.0 | 11y ago | The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a does not properly isolate the state information of independent data streams, which allows remote attackers to cause a denial of se… | |||
| CVE-2015-0667 | medium | — | 5.0 | 11y ago | The Management Interface on Cisco Content Services Switch (CSS) 11500 devices 8.20.4.02 and earlier allows remote attackers to bypass intended restrictions on local-network device access via crafted … | |||
| CVE-2015-1084 | medium | — | 5.0 | 11y ago | The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, does not display URLs consistently, which makes it easier for remote attackers to conduct p… | |||
| CVE-2015-2335 | medium | — | 5.0 | 11y ago | A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows remote attackers to obtain the installation path via unknown vectors. | |||
| CVE-2015-1593 | medium | — | 5.0 | 11y ago | RHSA-2019:3517: kernel security, bug fix, and enhancement update (Important) | |||
| CVE-2015-0340 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions v… | |||
| CVE-2015-0337 | medium | — | 5.0 | 11y ago | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecif… | |||
| CVE-2015-2091 | medium | — | 5.0 | 11y ago | The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and earlier does not validate client certificates when "GnuTLSClientVerify require" is set, which allows remote attackers to spoof client… | |||
| CVE-2015-0133 | medium | — | 5.0 | 11y ago | IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote attackers to read arbitrary files and possibly obtain administrative privileges via an XML external entity declaration in conjunction… | |||
| CVE-2015-1062 | medium | — | 5.0 | 11y ago | MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-image folders, which allows attackers to create folders in arbitrary filesystem locations via a craft… | |||
| CVE-2015-1631 | medium | — | 5.0 | 11y ago | Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka "Exchange Forged Meeting Request Spoofing Vulnerability." | |||
| CVE-2015-0089 | medium | — | 5.0 | 11y ago | Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT G… | |||
| CVE-2015-0087 | medium | — | 5.0 | 11y ago | Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT G… | |||
| CVE-2015-0201 | medium | — | 5.0 | 11y ago | Moderate severity vulnerability that affects org.springframework:spring-core | |||
| CVE-2015-2206 | medium | — | 5.0 | 11y ago | libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid language values in unknown-language error responses that contain a… | |||
| CVE-2015-1165 | medium | — | 5.0 | 11y ago | RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to obtain sensitive RSS feed URLs and ticket data via unspecified vectors. | |||
| CVE-2015-1229 | medium | — | 5.0 | 11y ago | net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 (aka Proxy Authentication Required) HTTP status code accompanied by a Set-Cookie header, which allo… | |||
| CVE-2015-1226 | medium | — | 5.0 | 11y ago | The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger tar… | |||
| CVE-2015-1225 | medium | — | 5.0 | 11y ago | PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2015-1224 | medium | — | 5.0 | 11y ago | The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder implementation in Google Chrome before 41.0.2272.76 does not ensure that alpha-plane dimensions are ide… | |||
| CVE-2015-2192 | medium | — | 5.0 | 11y ago | Integer overflow in the dissect_osd2_cdb_continuation function in epan/dissectors/packet-scsi-osd.c in the SCSI OSD dissector in Wireshark 1.12.x before 1.12.4 allows remote attackers to cause a deni… | |||
| CVE-2015-2191 | medium | — | 5.0 | 11y ago | Integer overflow in the dissect_tnef function in epan/dissectors/packet-tnef.c in the TNEF dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a den… | |||
| CVE-2015-2190 | medium | — | 5.0 | 11y ago | epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure … | |||
| CVE-2015-2189 | medium | — | 5.0 | 11y ago | Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of ser… | |||
| CVE-2015-2188 | medium | — | 5.0 | 11y ago | epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a d… | |||
| CVE-2015-2187 | medium | — | 5.0 | 11y ago | The dissect_atn_cpdlc_heur function in asn1/atn-cpdlc/packet-atn-cpdlc-template.c in the ATN-CPDLC dissector in Wireshark 1.12.x before 1.12.4 does not properly follow the TRY/ENDTRY code requirement… | |||
| CVE-2015-0228 | medium | — | 5.0 | 11y ago | The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a… | |||
| CVE-2015-0659 | medium | — | 5.0 | 11y ago | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS allows remote attackers to trigger self-referential adjacencies via a crafted Autonomic Networking (AN) message, aka Bug ID C… | |||
| CVE-2015-0657 | medium | — | 5.0 | 11y ago | Cisco IOS XR allows remote attackers to cause a denial of service (RSVP process reload) via a malformed RSVP packet, aka Bug ID CSCur69192. | |||
| CVE-2015-2214 | medium | — | 5.0 | 11y ago | NetCat 5.01 and earlier allows remote attackers to obtain the installation path via the redirect_url parameter to netshop/post.php. | |||
| CVE-2015-2209 | medium | — | 5.0 | 11y ago | DLGuard 4.5 allows remote attackers to obtain the installation path via the c parameter to index.php. | |||
| CVE-2015-0890 | medium | — | 5.0 | 11y ago | The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for WordPress allows remote attackers to bypass the CAPTCHA protection mechanism and obtain administrative access via unspecified vec… | |||
| CVE-2015-0886 | medium | — | 5.0 | 11y ago | Integer Overflow or Wraparound in JBCrypt | |||
| CVE-2015-0885 | medium | — | 5.0 | 11y ago | checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username. | |||
| CVE-2015-2076 | medium | — | 5.0 | 11y ago | The Auditing service in SAP BusinessObjects Edge 4.0 allows remote attackers to obtain sensitive information by reading an audit event, aka SAP Note 2011395. | |||
| CVE-2015-2075 | medium | — | 5.0 | 11y ago | SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit events from the auditee queue via a clearData CORBA operation, aka SAP Note 2011396. | |||
| CVE-2015-0832 | medium | — | 5.0 | 11y ago | Mozilla Firefox before 36.0 does not properly recognize the equivalence of domain names with and without a trailing . (dot) character, which allows man-in-the-middle attackers to bypass the HPKP and … | |||
| CVE-2015-0830 | medium | — | 5.0 | 11y ago | The WebGL implementation in Mozilla Firefox before 36.0 does not properly allocate memory for copying an unspecified string to a shader's compilation log, which allows remote attackers to cause a den… | |||
| CVE-2015-0824 | medium | — | 5.0 | 11y ago | The mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 36.0 allows remote attackers to cause a denial of service (out-of-bounds write of zero values, and appl… | |||
| CVE-2015-2078 | medium | — | 5.0 | 11y ago | The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5… | |||
| CVE-2015-2077 | medium | — | 5.0 | 11y ago | The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft Ad-Aware Web Companion 1.1.885.1766 and Ad-Aware AdBlocker (alpha) 1.3.69.1, Qustodio for Windows, Atom Security, Inc. StaffCop 5… | |||
| CVE-2015-2071 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the fil… | |||
| CVE-2015-1589 | medium | — | 5.0 | 11y ago | Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary files via a .. (dot dot) in a CHM file. | |||
| CVE-2015-0628 | medium | — | 5.0 | 11y ago | The proxy engine on Cisco Web Security Appliance (WSA) devices allows remote attackers to bypass intended proxying restrictions via a malformed HTTP method, aka Bug ID CSCus79174. | |||
| CVE-2015-1358 | medium | — | 5.0 | 11y ago | The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functionality in Siemens SIMATIC WinCC (TIA Portal) before 13 SP1 and in the (4) panels and (5) runtime f… | |||
| CVE-2015-0617 | medium | — | 5.0 | 11y ago | Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices allow remote attackers to cause a denial of service (CPU consumption and SNMP outage) via malformed SNMP packets, aka Bug ID CSCur13… | |||
| CVE-2015-1574 | medium | — | 5.0 | 11y ago | The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of service (persistent application crash) via a "Content-Disposition: ;" header in an e-mail message. | |||
| CVE-2015-1546 | medium | — | 5.0 | 12y ago | Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matc… | |||
| CVE-2015-1545 | medium | — | 5.0 | 12y ago | The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty… | |||
| CVE-2015-0227 | medium | — | 5.0 | 12y ago | Improper Access Control in Apache WSS4J | |||
| CVE-2015-0619 | medium | — | 5.0 | 12y ago | Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and SSL out… | |||
| CVE-2015-1548 | medium | — | 5.0 | 12y ago | mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calc… | |||
| CVE-2015-0602 | medium | — | 5.0 | 12y ago | The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to obtain sensitive information by sniffing the network, aka Bug ID CSCuq12117. | |||
| CVE-2015-0600 | medium | — | 5.0 | 12y ago | The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139. | |||
| CVE-2015-0604 | medium | — | 5.0 | 12y ago | The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, a… | |||
| CVE-2015-1210 | medium | — | 5.0 | 12y ago | The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and b… | |||
| CVE-2015-1480 | medium | — | 5.0 | 12y ago | ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to obtain sensitive ticket information via a (1) getTicketData action to servlet/AJaxServlet or a dire… | |||
| CVE-2015-1463 | medium | — | 5.0 | 12y ago | ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." | |||
| CVE-2015-1382 | medium | — | 5.0 | 12y ago | parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid read and crash) via vectors related to an HTTP time header. | |||
| CVE-2015-1381 | medium | — | 5.0 | 12y ago | Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors. | |||
| CVE-2015-1380 | medium | — | 5.0 | 12y ago | jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. | |||
| CVE-2015-1453 | medium | — | 5.0 | 12y ago | The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive da… | |||
| CVE-2015-0223 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Apache Qpid 0.30 and earlier allows remote attackers to bypass access restrictions on qpidd via unknown vectors, related to 0-10 connection handling. | |||
| CVE-2015-1357 | medium | — | 5.0 | 12y ago | Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with … | |||
| CVE-2015-0597 | medium | — | 5.0 | 12y ago | The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to enumerate administrative accounts via crafted packets, aka Bug IDs CSCuj67166 and CSCuj67… | |||
| CVE-2015-0595 | medium | — | 5.0 | 12y ago | The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to obtain sensitive information by reading return messages from crafted GET requests, aka Bug ID CSCuj67079. | |||
| CVE-2015-1419 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing. | |||
| CVE-2015-1376 | medium | — | 5.0 | 12y ago | pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host… | |||
| CVE-2015-1309 | medium | — | 5.0 | 12y ago | XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML reques… | |||
| CVE-2015-1306 | medium | — | 5.0 | 12y ago | The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2015-0426 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.3 and 12.1.0.4 allows remote attackers to affect confidentiality via unkno… | |||
| CVE-2015-1193 | medium | — | 5.0 | 12y ago | Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. | |||
| CVE-2015-1192 | medium | — | 5.0 | 12y ago | Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive. | |||
| CVE-2015-1191 | medium | — | 5.0 | 12y ago | Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive. | |||
| CVE-2015-0410 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows rem… | |||
| CVE-2015-0407 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. | |||
| CVE-2015-0400 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | |||
| CVE-2015-0375 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network. | |||
| CVE-2015-0372 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2015-0368 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affec… | |||
| CVE-2015-0367 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via vectors related… | |||
| CVE-2015-0366 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a … | |||
| CVE-2015-0362 | medium | — | 5.0 | 12y ago | Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to … | |||
| CVE-2015-0867 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename. | |||
| CVE-2015-0516 | medium | — | 5.0 | 12y ago | Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. | |||
| CVE-2015-1201 | medium | — | 5.0 | 12y ago | Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2015-1030 | medium | — | 5.0 | 12y ago | Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are… | |||
| CVE-2015-0590 | medium | — | 5.0 | 12y ago | Cisco WebEx Meeting Center allows remote attackers to activate disabled meeting attributes, and consequently obtain sensitive information, by providing crafted parameters during a meeting-join action… | |||
| CVE-2015-0221 | medium | — | 5.0 | 12y ago | The django.views.static.serve view in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 reads files an entire line at a time, which allows remote attackers to cause a denial of servic… |