CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5283 | medium | — | 4.7 | 11y ago | The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic… | |||
| CVE-2015-5914 | medium | — | 4.7 | 11y ago | The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted cod… | |||
| CVE-2015-2453 | medium | — | 4.7 | 11y ago | The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT… | |||
| CVE-2015-4167 | medium | — | 4.7 | 11y ago | The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data represen… | |||
| CVE-2015-0011 | medium | — | 4.7 | 12y ago | mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windo… | |||
| CVE-2015-6839 | medium | 4.6 | 4.6 | 9y ago | The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted R… | |||
| CVE-2015-7846 | medium | 4.6 | 4.6 | 9y ago | Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. | |||
| CVE-2015-8324 | medium | 4.6 | 4.6 | 10y ago | The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of servi… | |||
| CVE-2015-8512 | medium | 4.6 | 4.6 | 11y ago | The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by enterin… | |||
| CVE-2015-7062 | medium | — | 4.6 | 11y ago | Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors. | |||
| CVE-2015-7057 | medium | — | 4.6 | 11y ago | otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. | |||
| CVE-2015-7049 | medium | — | 4.6 | 11y ago | otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. | |||
| CVE-2015-1342 | medium | — | 4.6 | 11y ago | LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup. | |||
| CVE-2015-0856 | medium | — | 4.6 | 11y ago | daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated … | |||
| CVE-2015-8222 | medium | — | 4.6 | 11y ago | The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via un… | |||
| CVE-2015-4625 | medium | — | 4.6 | 11y ago | Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers… | |||
| CVE-2015-3256 | medium | — | 4.6 | 11y ago | PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "java… | |||
| CVE-2015-3255 | medium | — | 4.6 | 11y ago | The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in a… | |||
| CVE-2015-4907 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnera… | |||
| CVE-2015-4891 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to NSCD. | |||
| CVE-2015-4879 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors relat… | |||
| CVE-2015-5707 | medium | — | 4.6 | 11y ago | Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other … | |||
| CVE-2015-1810 | medium | — | 4.6 | 11y ago | Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation | |||
| CVE-2015-6333 | medium | — | 4.6 | 11y ago | Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. | |||
| CVE-2015-5897 | medium | — | 4.6 | 11y ago | The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. | |||
| CVE-2015-5442 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. | |||
| CVE-2015-5426 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. | |||
| CVE-2015-6745 | medium | — | 4.6 | 11y ago | Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NO… | |||
| CVE-2015-5706 | medium | — | 4.6 | 11y ago | Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other … | |||
| CVE-2015-3759 | medium | — | 4.6 | 11y ago | Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. | |||
| CVE-2015-4482 | medium | — | 4.6 | 11y ago | mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name o… | |||
| CVE-2015-3286 | medium | — | 4.6 | 11y ago | Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large grou… | |||
| CVE-2015-1334 | medium | — | 4.6 | 11y ago | attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1… | |||
| CVE-2015-3957 | medium | — | 4.6 | 11y ago | Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. | |||
| CVE-2015-4237 | medium | — | 4.6 | 11y ago | The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted cha… | |||
| CVE-2015-4232 | medium | — | 4.6 | 11y ago | Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856. | |||
| CVE-2015-3726 | medium | — | 4.6 | 11y ago | The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. | |||
| CVE-2015-1950 | medium | — | 4.6 | 11y ago | IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain Po… | |||
| CVE-2015-1959 | medium | — | 4.6 | 11y ago | IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted f… | |||
| CVE-2015-3318 | medium | — | 4.6 | 11y ago | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA U… | |||
| CVE-2015-3317 | medium | — | 4.6 | 11y ago | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA U… | |||
| CVE-2015-3316 | medium | — | 4.6 | 11y ago | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA U… | |||
| CVE-2015-4106 | medium | — | 4.6 | 11y ago | QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host c… | |||
| CVE-2015-1322 | medium | — | 4.6 | 11y ago | Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0u… | |||
| CVE-2015-2042 | medium | — | 4.6 | 11y ago | net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly hav… | |||
| CVE-2015-2041 | medium | — | 4.6 | 11y ago | net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or poss… | |||
| CVE-2015-1572 | medium | — | 4.6 | 11y ago | Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as d… | |||
| CVE-2015-0247 | medium | — | 4.6 | 11y ago | Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. | |||
| CVE-2015-0603 | medium | — | 4.6 | 12y ago | Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing… | |||
| CVE-2015-0601 | medium | — | 4.6 | 12y ago | Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790. | |||
| CVE-2015-0392 | medium | — | 4.6 | 12y ago | Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availa… | |||
| CVE-2015-7418 | medium | 4.4 | 4.4 | 9y ago | IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator pri… | |||
| CVE-2015-7462 | medium | 4.4 | 4.4 | 10y ago | IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcert… | |||
| CVE-2015-5208 | medium | 4.4 | 4.4 | 10y ago | Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. | |||
| CVE-2015-8552 | medium | 4.4 | 4.4 | 10y ago | The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messag… | |||
| CVE-2015-2008 | medium | 4.4 | 4.4 | 10y ago | IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive … | |||
| CVE-2015-7509 | medium | 4.4 | 4.4 | 11y ago | fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. | |||
| CVE-2015-7312 | medium | — | 4.4 | 11y ago | Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-aft… | |||
| CVE-2015-2642 | medium | — | 4.4 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. | |||
| CVE-2015-2132 | medium | — | 4.4 | 11y ago | Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors. | |||
| CVE-2015-1946 | medium | — | 4.4 | 11y ago | IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user rol… | |||
| CVE-2015-3716 | medium | — | 4.4 | 11y ago | Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. | |||
| CVE-2015-2720 | medium | — | 4.4 | 11y ago | The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain p… | |||
| CVE-2015-0471 | medium | — | 4.4 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign. | |||
| CVE-2015-1115 | medium | — | 4.4 | 11y ago | The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. | |||
| CVE-2015-0990 | medium | — | 4.4 | 11y ago | Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. | |||
| CVE-2015-0239 | medium | — | 4.4 | 11y ago | The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a… | |||
| CVE-2015-1356 | medium | — | 4.4 | 11y ago | Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of project-file fields that lack integrity protection, which allows remote attackers to establish arbitra… | |||
| CVE-2015-0377 | medium | — | 4.4 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown v… | |||
| CVE-2015-2241 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in the contents function in admin/helpers.py in Django before 1.7.6 and 1.8 before 1.8b2 allows remote attackers to inject arbitrary web script or HTML via a … | |||
| CVE-2015-2317 | medium | — | 4.3 | 4y ago | The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to c… | |||
| CVE-2015-6938 | medium | — | 4.3 | 4y ago | Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbi… | |||
| CVE-2015-3400 | medium | 4.3 | 4.3 | 9y ago | sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obta… | |||
| CVE-2015-5069 | medium | 4.3 | 4.3 | 9y ago | The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attack… | |||
| CVE-2015-7880 | medium | 4.3 | 4.3 | 9y ago | The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to obtain sensitive event registration information by leveraging the "Register other accounts" permission and … | |||
| CVE-2015-3163 | medium | 4.3 | 4.3 | 9y ago | The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEA… | |||
| CVE-2015-3160 | medium | 4.3 | 4.3 | 9y ago | XML external entity (XXE) vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing e… | |||
| CVE-2015-0269 | medium | 4.3 | 4.3 | 9y ago | Contao Core directory traversal vulnerability | |||
| CVE-2015-7976 | medium | 4.3 | 4.3 | 10y ago | The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, 4.3.25, 4.3.70, and 4.3.77 does not properly filter special characters, which allows attackers to cause unspecified impact via a c… | |||
| CVE-2015-7776 | medium | 4.3 | 4.3 | 10y ago | Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, a different vul… | |||
| CVE-2015-5715 | medium | 4.3 | 4.3 | 10y ago | The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arra… | |||
| CVE-2015-6479 | medium | 4.3 | 4.3 | 10y ago | ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, GX400, GX440, GX450, and LS300 devices allows remote attackers to read the filteredlogs.txt file, and consequently discover pote… | |||
| CVE-2015-8336 | medium | 4.3 | 4.3 | 10y ago | Huawei FusionCompute with software before V100R005C10SPC700 allows remote authenticated users to obtain sensitive "role and permission" information via unspecified vectors. | |||
| CVE-2015-0861 | medium | 4.3 | 4.3 | 10y ago | model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before 3.4.8, 3.6.x before 3.6.5, and 3.8.x before 3.8.1 allows remote authenticated users to bypass intended access restrictions and write… | |||
| CVE-2015-8473 | medium | 4.3 | 4.3 | 10y ago | The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x before 3.1.2 allows remote authenticated users to obtain sensitive information in changeset messages by leveraging permission to … | |||
| CVE-2015-8021 | medium | 4.3 | 4.3 | 10y ago | Incomplete blacklist vulnerability in the Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, Link Controller, and PSM 11.x before 11.2.1 HF11, 11.3.x, 11.4.0 before HF8, and 11.4.1 bef… | |||
| CVE-2015-7454 | medium | 4.3 | 4.3 | 10y ago | Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5… | |||
| CVE-2015-5174 | medium | 4.3 | 4.3 | 10y ago | Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat | |||
| CVE-2015-5342 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to bypass intended access restrictions | |||
| CVE-2015-5341 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to read SCORM contents | |||
| CVE-2015-5340 | medium | 4.3 | 4.3 | 10y ago | Moodle sensitive information disclosure | |||
| CVE-2015-5339 | medium | 4.3 | 4.3 | 10y ago | Moodle does not properly implement group-based access restrictions | |||
| CVE-2015-5335 | medium | 4.3 | 4.3 | 10y ago | Moodle cross-site request forgery (CSRF) vulnerability | |||
| CVE-2015-5331 | medium | 4.3 | 4.3 | 10y ago | Moodle improper access control | |||
| CVE-2015-5272 | medium | 4.3 | 4.3 | 10y ago | The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants." | |||
| CVE-2015-5268 | medium | 4.3 | 4.3 | 10y ago | Moodle mishandles group-based authorization checks | |||
| CVE-2015-5265 | medium | 4.3 | 4.3 | 10y ago | Moodle allows attackers to delete files | |||
| CVE-2015-3273 | medium | 4.3 | 4.3 | 10y ago | mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the mod/forum:canposttomygroups capability before authorizing "Post a copy to all groups" actions, which allows remote authenticated … | |||
| CVE-2015-8488 | medium | 4.3 | 4.3 | 10y ago | Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487. | |||
| CVE-2015-8487 | medium | 4.3 | 4.3 | 10y ago | Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover CSRF tokens via unspecified vectors, a different vulnerability than CVE-2015-8488. |