CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0591 | medium | — | 5.0 | 12y ago | Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to cause a denial of service (daemon hang and GUI outage) via a flood of malformed TCP packets, aka Bug ID CSCur44177. | |||
| CVE-2015-0583 | medium | — | 5.0 | 12y ago | Cisco WebEx Meeting Center does not properly restrict the content of URLs, which allows remote attackers to obtain sensitive information via vectors related to file: URIs, aka Bug ID CSCus18281. | |||
| CVE-2015-0579 | medium | — | 5.0 | 12y ago | Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway allow remote attackers to cause a denial of service (memory and CPU consumption, and partial outage) via crafted SIP packets, … | |||
| CVE-2015-0302 | medium | — | 5.0 | 12y ago | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27… | |||
| CVE-2015-0582 | medium | — | 5.0 | 12y ago | The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 devices allows remote attackers to cause a denial of service via crafted traffic, aka Bug ID CSCuo09129. | |||
| CVE-2015-0564 | medium | — | 5.0 | 12y ago | Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of serv… | |||
| CVE-2015-0563 | medium | — | 5.0 | 12y ago | epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remot… | |||
| CVE-2015-0562 | medium | — | 5.0 | 12y ago | Multiple use-after-free vulnerabilities in epan/dissectors/packet-dec-dnart.c in the DEC DNA Routing Protocol dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attack… | |||
| CVE-2015-0561 | medium | — | 5.0 | 12y ago | asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (… | |||
| CVE-2015-0560 | medium | — | 5.0 | 12y ago | The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data str… | |||
| CVE-2015-0559 | medium | — | 5.0 | 12y ago | Multiple use-after-free vulnerabilities in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allow remote attackers to cause a denial of … | |||
| CVE-2015-0921 | medium | — | 5.0 | 12y ago | XML external entity (XXE) vulnerability in the Server Task Log in McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 allows remote authenticated users to read arbitrary files via the… | |||
| CVE-2015-0206 | medium | — | 5.0 | 12y ago | Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending… | |||
| CVE-2015-0205 | medium | — | 5.0 | 12y ago | The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman (DH) certificate without requiring a Certific… | |||
| CVE-2015-8086 | medium | 4.9 | 4.9 | 10y ago | Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S530… | |||
| CVE-2015-8085 | medium | 4.9 | 4.9 | 10y ago | Huawei AR routers with software before V200R007C00SPC100; Quidway S9300 routers with software before V200R009C00; S12700 routers with software before V200R008C00SPC500; S9300, Quidway S5300, and S530… | |||
| CVE-2015-3251 | medium | 4.9 | 4.9 | 11y ago | Apache CloudStack before 4.5.2 might allow remote authenticated administrators to obtain sensitive password information for root accounts of virtual machines via unspecified vectors related to API ca… | |||
| CVE-2015-6394 | medium | — | 4.9 | 11y ago | The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows local users to cause a denial of service (device crash) via crafted USB parameters, aka Bug ID CSCus89408. | |||
| CVE-2015-6369 | medium | — | 4.9 | 11y ago | The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that tri… | |||
| CVE-2015-7812 | medium | — | 4.9 | 11y ago | The hypercall_create_continuation function in arch/arm/domain.c in Xen 4.4.x through 4.6.x allows local guest users to cause a denial of service (host crash) via a preemptible hypercall to the multic… | |||
| CVE-2015-5307 | medium | — | 4.9 | 11y ago | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Chec… | |||
| CVE-2015-5257 | medium | — | 4.9 | 11y ago | drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified oth… | |||
| CVE-2015-6095 | medium | — | 4.9 | 11y ago | Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1… | |||
| CVE-2015-7970 | medium | — | 4.9 | 11y ago | The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen 3.4.x, 3.5.x, and 3.6.x is not preemptible, which allows local x86 HVM guest administrators to cause a denial of service (CPU cons… | |||
| CVE-2015-7969 | medium | — | 4.9 | 11y ago | Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest administrators or domains with certain permission to cause a denial of service (memory consumption) via a large number of "teardowns" … | |||
| CVE-2015-4894 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server 10.3.0.3, 11.3.0.2, and 12.1.0.0 allows remote authenticated users to affect integrity and availability … | |||
| CVE-2015-4869 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via unknown vectors related to Kernel. | |||
| CVE-2015-4856 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.0.30, 4.1.38, 4.2.30, 4.3.26, and 5.0.0 allows local users to affect availability via unkn… | |||
| CVE-2015-4831 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4822. | |||
| CVE-2015-7833 | medium | — | 4.9 | 11y ago | The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of serv… | |||
| CVE-2015-7799 | medium | — | 4.9 | 11y ago | The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid, which allows local users to cause a denial of service (NULL po… | |||
| CVE-2015-6937 | medium | — | 4.9 | 11y ago | The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have u… | |||
| CVE-2015-0275 | medium | — | 4.9 | 11y ago | The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel before 4.1 allows local users to cause a denial of service (BUG) via a crafted fallocate zero-range request. | |||
| CVE-2015-4265 | medium | — | 4.9 | 11y ago | Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C… | |||
| CVE-2015-5902 | medium | — | 4.9 | 11y ago | The debugging feature in the kernel in Apple OS X before 10.11 mismanages state, which allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2015-7306 | medium | — | 4.9 | 11y ago | The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not properly check access permissions, which allows remote authenticated users to access and change settings by leveraging the "access ad… | |||
| CVE-2015-5440 | medium | — | 4.9 | 11y ago | HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before 10.11CUP6, and 10.2x before 10.21 allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-5189 | medium | — | 4.9 | 11y ago | Race condition in pcsd in PCS 0.9.139 and earlier uses a global variable to validate usernames, which allows remote authenticated users to gain privileges by sending a command that is checked for sec… | |||
| CVE-2015-6526 | medium | — | 4.9 | 11y ago | The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c in the Linux kernel before 4.0.2 on ppc64 platforms allows local users to cause a denial of service (infinite loop) via a deep 64-… | |||
| CVE-2015-4700 | medium | — | 4.9 | 11y ago | The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then lo… | |||
| CVE-2015-3212 | medium | — | 4.9 | 11y ago | Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 allows local users to cause a denial of service (list corruption and panic) via a rapid series of system calls related to sockets,… | |||
| CVE-2015-1333 | medium | — | 4.9 | 11y ago | Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system cal… | |||
| CVE-2015-4277 | medium | — | 4.9 | 11y ago | The global-configuration implementation on Cisco ASR 9000 devices with software 5.1.3 and 5.3.0 improperly closes vty sessions after a commit/end operation, which allows local users to cause a denial… | |||
| CVE-2015-5515 | medium | — | 4.9 | 11y ago | The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before 7.x-3.3 for Drupal, when the bulk operation for changing Roles is enabled, allows remote authenticated users to edit user accounts an… | |||
| CVE-2015-5747 | medium | — | 4.9 | 11y ago | The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows local users to cause a denial of service (resource consumption) via unspecified vectors. | |||
| CVE-2015-1331 | medium | — | 4.9 | 11y ago | lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack on /run/lock/lxc/*. | |||
| CVE-2015-3636 | medium | — | 4.9 | 11y ago | The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges … | |||
| CVE-2015-4290 | medium | — | 4.9 | 11y ago | The kernel extension in Cisco AnyConnect Secure Mobility Client 4.0(2049) on OS X allows local users to cause a denial of service (panic) via vectors involving contiguous memory locations, aka Bug ID… | |||
| CVE-2015-4692 | medium | — | 4.9 | 11y ago | The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux kernel through 4.1.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have… | |||
| CVE-2015-4770 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to UNIX filesystem. | |||
| CVE-2015-3244 | medium | — | 4.9 | 11y ago | The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted reso… | |||
| CVE-2015-2616 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 3.3 and 4.2 allows local users to affect availability via unknown vectors related to DevFS. | |||
| CVE-2015-2614 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to NVM Express SSD driver. | |||
| CVE-2015-2609 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via vectors related to CPU performance counters drivers. | |||
| CVE-2015-2589 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone. | |||
| CVE-2015-4164 | medium | — | 4.9 | 11y ago | The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way through a loop, which allows local 32-bit PV guest administrators to cause a denial of service (large loop and system hang) via … | |||
| CVE-2015-4163 | medium | — | 4.9 | 11y ago | GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the grant table operation version, which allows local guest domains to cause a denial of service (NULL pointer dereference) via a hyperca… | |||
| CVE-2015-4351 | medium | — | 4.9 | 11y ago | The Spider Video Player module for Drupal allows remote authenticated users with the "access Spider Video Player administration" permission to delete arbitrary files via a crafted URL. | |||
| CVE-2015-4105 | medium | — | 4.9 | 11y ago | Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through error messages, which allows local x86 HVM guests to cause a denial of service (host disk consumption) via certain invalid operation… | |||
| CVE-2015-4103 | medium | — | 4.9 | 11y ago | Xen 3.3.x through 4.5.x does not properly restrict write access to the host MSI message data field, which allows local x86 HVM guest administrators to cause a denial of service (host interrupt handli… | |||
| CVE-2015-1010 | medium | — | 4.9 | 11y ago | Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credentials, which allows local users to obtain sensitive information by reading a file and conducting a decr… | |||
| CVE-2015-3332 | medium | — | 4.9 | 11y ago | A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) v… | |||
| CVE-2015-3378 | medium | — | 4.9 | 11y ago | Open redirect vulnerability in the Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal, when the Views UI submodule is enabled, allows remote authenticated us… | |||
| CVE-2015-2575 | medium | — | 4.9 | 11y ago | Improper Access Control in MySQL Connectors Java | |||
| CVE-2015-0490 | medium | — | 4.9 | 11y ago | Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 allows remote authenticated users to affect confidentiality and integ… | |||
| CVE-2015-1141 | medium | — | 4.9 | 11y ago | The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to cause a denial of service (system crash) via unspecified vectors. | |||
| CVE-2015-1138 | medium | — | 4.9 | 11y ago | Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2015-2756 | medium | — | 4.9 | 11y ago | QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and … | |||
| CVE-2015-2752 | medium | — | 4.9 | 11y ago | The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host… | |||
| CVE-2015-0199 | medium | — | 4.9 | 11y ago | The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corrupt… | |||
| CVE-2015-2150 | medium | — | 4.9 | 11y ago | Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable… | |||
| CVE-2015-0268 | medium | — | 4.9 | 11y ago | The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (… | |||
| CVE-2015-0606 | medium | — | 4.9 | 12y ago | The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. | |||
| CVE-2015-1377 | medium | — | 4.9 | 12y ago | The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. | |||
| CVE-2015-1457 | medium | — | 4.9 | 12y ago | Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | |||
| CVE-2015-0428 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control. | |||
| CVE-2015-0371 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity and availability via u… | |||
| CVE-2015-2148 | medium | 4.8 | 4.8 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2015-2144 | medium | 4.8 | 4.8 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name paramet… | |||
| CVE-2015-9230 | medium | 4.8 | 4.8 | 9y ago | In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefi… | |||
| CVE-2015-9229 | medium | 4.8 | 4.8 | 9y ago | In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. | |||
| CVE-2015-3161 | medium | 4.8 | 4.8 | 9y ago | The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON. | |||
| CVE-2015-8140 | medium | 4.8 | 4.8 | 10y ago | The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. | |||
| CVE-2015-6295 | medium | — | 4.8 | 11y ago | Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic f… | |||
| CVE-2015-3774 | medium | — | 4.8 | 11y ago | The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modif… | |||
| CVE-2015-5521 | medium | 4.8 | 4.8 | 11y ago | Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php. | |||
| CVE-2015-3728 | medium | — | 4.8 | 11y ago | The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID with… | |||
| CVE-2015-0296 | medium | 4.7 | 4.7 | 9y ago | The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file… | |||
| CVE-2015-3248 | medium | 4.7 | 4.7 | 9y ago | openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hostin… | |||
| CVE-2015-7553 | medium | 4.7 | 4.7 | 9y ago | Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by… | |||
| CVE-2015-2687 | medium | 4.7 | 4.7 | 9y ago | OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. | |||
| CVE-2015-3142 | medium | 4.7 | 4.7 | 9y ago | The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensi… | |||
| CVE-2015-7493 | medium | 4.7 | 4.7 | 9y ago | IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. | |||
| CVE-2015-4170 | medium | 4.7 | 4.7 | 10y ago | Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_do… | |||
| CVE-2015-7328 | medium | 4.7 | 4.7 | 11y ago | Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during th… | |||
| CVE-2015-8508 | medium | 4.7 | 4.7 | 11y ago | Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot conf… | |||
| CVE-2015-7438 | medium | 4.7 | 4.7 | 11y ago | IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access. | |||
| CVE-2015-8340 | medium | — | 4.7 | 11y ago | The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host cr… | |||
| CVE-2015-8339 | medium | — | 4.7 | 11y ago | The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host … | |||
| CVE-2015-7814 | medium | — | 4.7 | 11y ago | Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vecto… |