CVEs from 2015
Total
7,261
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6730 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2015-6729 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to inject arbitrary web script or HTML via th… | |||
| CVE-2015-2807 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in js/window.php in the Navis DocumentCloud plugin before 0.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase pa… | |||
| CVE-2015-6744 | medium | — | 4.3 | 11y ago | Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client to enforce (1) login verification, (2) audit trail creation, and (3) account locking, which allows remote attackers to "disrupt s… | |||
| CVE-2015-6265 | medium | — | 4.3 | 11y ago | The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and earlier allows local users to bypass intended access restrictions, and read or write to files, by entering an unspecified CLI command… | |||
| CVE-2015-6249 | medium | — | 4.3 | 11y ago | The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 … | |||
| CVE-2015-6248 | medium | — | 4.3 | 11y ago | The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attac… | |||
| CVE-2015-6247 | medium | — | 4.3 | 11y ago | The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows re… | |||
| CVE-2015-6246 | medium | — | 4.3 | 11y ago | The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause … | |||
| CVE-2015-6245 | medium | — | 4.3 | 11y ago | epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infin… | |||
| CVE-2015-6244 | medium | — | 4.3 | 11y ago | The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which… | |||
| CVE-2015-6243 | medium | — | 4.3 | 11y ago | The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (applicat… | |||
| CVE-2015-6242 | medium | — | 4.3 | 11y ago | The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain c… | |||
| CVE-2015-6241 | medium | — | 4.3 | 11y ago | The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a n… | |||
| CVE-2015-6665 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal 7.x before 7.39 and the Ctools module 6.x-1.x before 6.x-1.14 for Drupal allows remote attackers to inject arbitrary web script … | |||
| CVE-2015-6663 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Client form in the Device Inspector page in SAP Afaria 7 allows remote attackers to inject arbitrary web script or HTML via crafted client name data, a… | |||
| CVE-2015-6658 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Autocomplete system in Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, rel… | |||
| CVE-2015-0298 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message. | |||
| CVE-2015-2872 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat appliances with software before 3.5.1477, 3.6.x before 3.6.1217, 3.7.x befor… | |||
| CVE-2015-2015 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the Directory template) in the web server in IBM Domino before 9.0.0 allows remote attackers to inject arbitrary web script or HTML via a… | |||
| CVE-2015-2982 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote authenticated users to i… | |||
| CVE-2015-6530 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 before 2013 R3 P6 and 2014 before 2014 R2 P2 allows remote attackers to inject arbitrary web script or HTML via the querytext para… | |||
| CVE-2015-6529 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 allow remote attackers to inject arbitrary web script or HTML via the (1) section parameter to site/error.php or (2) ip paramete… | |||
| CVE-2015-6528 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in install_classic.php in Coppermine Photo Gallery (CPG) 1.5.36 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_use… | |||
| CVE-2015-3219 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Orchestration/Stack section in OpenStack Dashboard (Horizon) 2014.2 before 2014.2.4 and 2015.1.x before 2015.1.1 allows remote attackers to inject arbi… | |||
| CVE-2015-4310 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse 10.5(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request,… | |||
| CVE-2015-6255 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Web and E-Mail Interaction Manager 9.0(2) allows remote attackers to inject arbitrary web script or HTML via a crafted chat message, aka Bug … | |||
| CVE-2015-5507 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Inline Entity Form module 7.x-1.x before 7.x-1.6 for Drupal allows remote authenticated users with permission to create or edit fields to inject arbitr… | |||
| CVE-2015-5492 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Video Consultation module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5487 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Camtasia Relay module 6.x-2.x before 6.x-3.2 and 7.x-2.x before 7.x-1.3 for Drupal allows remote authenticated users with the "view meta information" p… | |||
| CVE-2015-5481 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the tab p… | |||
| CVE-2015-6515 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.2.x before 6.2.4, 6.1.x before 6.1.8, 6.0.x before 6.0.9, and 5.0.x before 5.0.13 and Splunk Light 6.2.x before 6.2.4 all… | |||
| CVE-2015-6514 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk Enterprise 6.2.x before 6.2.4 and Splunk Light 6.2.x before 6.2.4 allows remote authenticated users to inject arbitrary web script … | |||
| CVE-2015-6511 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the server[] parameter to services_ntpd.php. | |||
| CVE-2015-6510 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) srctrack, (2) use_mfs_tmp_size, or (3) use_mfs_va… | |||
| CVE-2015-6509 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in pfSense before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) proxypass parameter to system_advanced_misc.php; … | |||
| CVE-2015-6508 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the descr parameter in a "new" action to system_authservers.php. | |||
| CVE-2015-5485 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to i… | |||
| CVE-2015-4029 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the zone parameter in a del action to services_captiv… | |||
| CVE-2015-5782 | medium | — | 4.3 | 11y ago | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory… | |||
| CVE-2015-5781 | medium | — | 4.3 | 11y ago | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory… | |||
| CVE-2015-5768 | medium | — | 4.3 | 11y ago | AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-5749 | medium | — | 4.3 | 11y ago | The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||
| CVE-2015-3807 | medium | — | 4.3 | 11y ago | libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (memory corruption) via a crafted XM… | |||
| CVE-2015-3793 | medium | — | 4.3 | 11y ago | CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app. | |||
| CVE-2015-3786 | medium | — | 4.3 | 11y ago | The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly restrict Notification Center Service access, which allows attackers to read Notification Center notifications of certain paired … | |||
| CVE-2015-3782 | medium | — | 4.3 | 11y ago | CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app. | |||
| CVE-2015-3781 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X before 10.10.5 allows remote attackers to inject arbitrary web script or HTML via a previously visited web site that is rendered d… | |||
| CVE-2015-3780 | medium | — | 4.3 | 11y ago | The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. | |||
| CVE-2015-3766 | medium | — | 4.3 | 11y ago | The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly restrict the mach_port_space_info interface, which allows attackers to obtain sensitive memory-layout information via a … | |||
| CVE-2015-3764 | medium | — | 4.3 | 11y ago | Notification Center in Apple OS X before 10.10.5 does not properly remove dismissed notifications, which allows attackers to read arbitrary notifications via a crafted app. | |||
| CVE-2015-3763 | medium | — | 4.3 | 11y ago | Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript alert messages, which allows remote attackers to cause a denial of service (apparent browser locking) via a crafted web site. | |||
| CVE-2015-3758 | medium | — | 4.3 | 11y ago | UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an intended user-confirmation requirement and initiate arbitrary FaceTime calls via an app that provides a crafted URL. | |||
| CVE-2015-3755 | medium | — | 4.3 | 11y ago | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. | |||
| CVE-2015-3754 | medium | — | 4.3 | 11y ago | The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier f… | |||
| CVE-2015-3729 | medium | — | 4.3 | 11y ago | Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote atta… | |||
| CVE-2015-4490 | medium | — | 4.3 | 11y ago | The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem U… | |||
| CVE-2015-4483 | medium | — | 4.3 | 11y ago | Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. | |||
| CVE-2015-4481 | low | — | 4.3 | 11y ago | Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privi… | |||
| CVE-2015-2475 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote a… | |||
| CVE-2015-2472 | medium | — | 4.3 | 11y ago | Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Serv… | |||
| CVE-2015-2471 | medium | — | 4.3 | 11y ago | Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decry… | |||
| CVE-2015-2440 | medium | — | 4.3 | 11y ago | Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability." | |||
| CVE-2015-2434 | medium | — | 4.3 | 11y ago | Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption … | |||
| CVE-2015-2423 | medium | — | 4.3 | 11y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoin… | |||
| CVE-2015-2420 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitr… | |||
| CVE-2015-5475 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2)… | |||
| CVE-2015-2449 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass." | |||
| CVE-2015-2445 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 10 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass." | |||
| CVE-2015-5535 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the qTranslate plugin 2.5.39 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the qtransl… | |||
| CVE-2015-3908 | medium | — | 4.3 | 11y ago | Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle … | |||
| CVE-2015-3282 | medium | — | 4.3 | 11y ago | vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network. | |||
| CVE-2015-5523 | medium | — | 4.3 | 11y ago | The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which … | |||
| CVE-2015-5369 | medium | — | 4.3 | 11y ago | Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and… | |||
| CVE-2015-3626 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary w… | |||
| CVE-2015-3267 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-4494 | medium | — | 4.3 | 11y ago | Mozilla Firefox OS before 2.2 does not require the wifi-manage privilege for reading a Wi-Fi system message, which allows attackers to obtain potentially sensitive information via a crafted app. | |||
| CVE-2015-2745 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS before 2.2 allow remote attackers to inject arbitrary HTML via the (1) name or (2) title field in c… | |||
| CVE-2015-2744 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 allows remote attackers to inject arbitrary HTML via a crafted search link that is mishandled after… | |||
| CVE-2015-3439 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, all… | |||
| CVE-2015-3438 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byt… | |||
| CVE-2015-3960 | medium | — | 4.3 | 11y ago | The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easi… | |||
| CVE-2015-3942 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary w… | |||
| CVE-2015-5537 | medium | — | 4.3 | 11y ago | The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext … | |||
| CVE-2015-5352 | medium | — | 4.3 | 11y ago | The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for re… | |||
| CVE-2015-4294 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages i… | |||
| CVE-2015-4292 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script o… | |||
| CVE-2015-2870 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. | |||
| CVE-2015-4288 | medium | — | 4.3 | 11y ago | The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 … | |||
| CVE-2015-0732 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Sec… | |||
| CVE-2015-2976 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted… | |||
| CVE-2015-2973 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to … | |||
| CVE-2015-1287 | medium | — | 4.3 | 11y ago | Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content ty… | |||
| CVE-2015-1286 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote… | |||
| CVE-2015-1281 | medium | — | 4.3 | 11y ago | core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security… | |||
| CVE-2015-1278 | medium | — | 4.3 | 11y ago | content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allo… | |||
| CVE-2015-1275 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2015-4652 | medium | — | 4.3 | 11y ago | epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service… | |||
| CVE-2015-3185 | medium | — | 4.3 | 11y ago | The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather … | |||
| CVE-2015-4458 | medium | — | 4.3 | 11y ago | The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, w… |