CVEs from 2015
Total
7,261
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-4559 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbi… | |||
| CVE-2015-4142 | medium | — | 4.3 | 11y ago | Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a de… | |||
| CVE-2015-4141 | medium | — | 4.3 | 11y ago | The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a n… | |||
| CVE-2015-4093 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4386 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2015-4375 | medium | — | 4.3 | 11y ago | The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access quer… | |||
| CVE-2015-4347 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the inLinks Integration module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified path arguments. | |||
| CVE-2015-0344 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-0343 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query paramete… | |||
| CVE-2015-2957 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified ve… | |||
| CVE-2015-1788 | medium | — | 4.3 | 11y ago | The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in whi… | |||
| CVE-2015-0774 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID … | |||
| CVE-2015-0737 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST paramete… | |||
| CVE-2015-4471 | medium | — | 4.3 | 11y ago | Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB arc… | |||
| CVE-2015-4470 | medium | — | 4.3 | 11y ago | Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive. | |||
| CVE-2015-4469 | medium | — | 4.3 | 11y ago | The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) vi… | |||
| CVE-2015-4468 | medium | — | 4.3 | 11y ago | Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CH… | |||
| CVE-2015-4467 | medium | — | 4.3 | 11y ago | The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and app… | |||
| CVE-2015-3935 | medium | — | 4.3 | 11y ago | Dolibarr ERP and CRM contain Cross-site Scripting Vulnerability | |||
| CVE-2015-3101 | medium | — | 4.3 | 11y ago | The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and befor… | |||
| CVE-2015-2359 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified v… | |||
| CVE-2015-1765 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site. | |||
| CVE-2015-1764 | medium | — | 4.3 | 11y ago | The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted requ… | |||
| CVE-2015-1757 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject a… | |||
| CVE-2015-2960 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4020 | medium | — | 4.3 | 11y ago | RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t… | |||
| CVE-2015-2963 | medium | — | 4.3 | 11y ago | paperclip Cross-site Scripting vulnerability | |||
| CVE-2015-0766 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject ar… | |||
| CVE-2015-0762 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script o… | |||
| CVE-2015-4050 | medium | — | 4.3 | 11y ago | FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if … | |||
| CVE-2015-2944 | medium | — | 4.3 | 11y ago | Improper Neutralization of Input During Web Page Generation in Apache Sling | |||
| CVE-2015-3176 | medium | — | 4.3 | 11y ago | Moodle allows attackers obtain full-name information | |||
| CVE-2015-2270 | medium | — | 4.3 | 11y ago | Moodle allows attackers to obtain sensitive course information | |||
| CVE-2015-2949 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-2948 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4138 | medium | — | 4.3 | 11y ago | The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administ… | |||
| CVE-2015-2855 | medium | — | 4.3 | 11y ago | The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https se… | |||
| CVE-2015-2854 | medium | — | 4.3 | 11y ago | The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remo… | |||
| CVE-2015-2852 | medium | — | 4.3 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers… | |||
| CVE-2015-0747 | medium | — | 4.3 | 11y ago | Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408. | |||
| CVE-2015-0733 | medium | — | 4.3 | 11y ago | CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP… | |||
| CVE-2015-0752 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSC… | |||
| CVE-2015-3904 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) pin, (2… | |||
| CVE-2015-4135 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||
| CVE-2015-3165 | medium | — | 4.3 | 11y ago | Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash… | |||
| CVE-2015-3903 | medium | — | 4.3 | 11y ago | libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls ov… | |||
| CVE-2015-0962 | medium | — | 4.3 | 11y ago | Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it eas… | |||
| CVE-2015-0961 | medium | — | 4.3 | 11y ago | Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obta… | |||
| CVE-2015-1915 | medium | — | 4.3 | 11y ago | The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in … | |||
| CVE-2015-1911 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in… | |||
| CVE-2015-0915 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename. | |||
| CVE-2015-3647 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web scrip… | |||
| CVE-2015-1264 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled … | |||
| CVE-2015-1263 | medium | — | 4.3 | 11y ago | The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorre… | |||
| CVE-2015-3885 | medium | — | 4.3 | 11y ago | Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier allows remote attackers to cause a denial of service (crash) via a crafted image, which triggers a buffer overflow, related to t… | |||
| CVE-2015-0738 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Web Tracking Report page on Cisco Web Security Appliance (WSA) devices 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via an … | |||
| CVE-2015-0729 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Secure Access Control Server Solution Engine (ACSE) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a file-inclusion atta… | |||
| CVE-2015-3989 | medium | — | 4.3 | 11y ago | concrete5 vulnerable to Cross-site Scripting | |||
| CVE-2015-2250 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in concrete5 before 5.7.4 allow remote attackers to inject arbitrary web script or HTML via the (1) banned_word[] parameter to index.php/dashboard/… | |||
| CVE-2015-0734 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email Security Appliance (ESA) 8.5.6-106 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a… | |||
| CVE-2015-0728 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Access Control Server (ACS) 5.5(0.1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu11002. | |||
| CVE-2015-0727 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco Security Manager (CSM) 4.7(0)SP1(1) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID C… | |||
| CVE-2015-0724 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified p… | |||
| CVE-2015-0634 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the administrative interface in Cisco WebEx Meetings Server 2.5 and 2.5.0.997 allows remote attackers to inject arbitrary web script or HTML via a crafted … | |||
| CVE-2015-3983 | medium | — | 4.3 | 11y ago | The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via … | |||
| CVE-2015-2718 | medium | — | 4.3 | 11y ago | The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive webchannel-response data via a crafted web site containing an IF… | |||
| CVE-2015-2711 | medium | — | 4.3 | 11y ago | Mozilla Firefox before 38.0 does not recognize a referrer policy delivered by a referrer META element in cases of context-menu navigation and middle-click navigation, which allows remote attackers to… | |||
| CVE-2015-3397 | medium | — | 4.3 | 11y ago | Yii Framework Cross-site Scripting Vulnerability | |||
| CVE-2015-1692 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka "Internet Explorer Clipboard Information Disclosure Vulnerabi… | |||
| CVE-2015-1686 | medium | — | 4.3 | 11y ago | The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection … | |||
| CVE-2015-1685 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass." | |||
| CVE-2015-1684 | medium | — | 4.3 | 11y ago | VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 through 11 and other products, allows remote attackers to bypass the ASLR protection mechanism via a craf… | |||
| CVE-2015-1670 | medium | — | 4.3 | 11y ago | The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a c… | |||
| CVE-2015-3622 | medium | — | 4.3 | 11y ago | The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 before 4.5 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted certificate. | |||
| CVE-2015-3620 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the advanced dataset reports page in Fortinet FortiAnalyzer 5.0.0 through 5.0.10 and 5.2.0 through 5.2.1 and FortiManager 5.0.3 through 5.0.10 and 5.2.0 th… | |||
| CVE-2015-1880 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5.2.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-3012 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in WebODF before 0.5.5, as used in ownCloud, allow remote attackers to inject arbitrary web script or HTML via a (1) style or (2) font name or (3) … | |||
| CVE-2015-2347 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req par… | |||
| CVE-2015-1156 | medium | — | 4.3 | 11y ago | The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, does not properly handle the rel attribute in an A element, which allows remot… | |||
| CVE-2015-0714 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parame… | |||
| CVE-2015-3447 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in macIpSpoofView.html in Dell SonicWall SonicOS 7.5.0.12 and 6.x allow remote attackers to inject arbitrary web script or HTML via the (1) searchS… | |||
| CVE-2015-1908 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05,… | |||
| CVE-2015-0176 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener in WMQ Telemetry in IBM WebSphere MQ 8.0 before 8.0.0.2 allows remote attackers to inject arbitrary web script or HTML via a craf… | |||
| CVE-2015-3310 | medium | — | 4.3 | 11y ago | Buffer overflow in the rc_mksid function in plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6 and earlier, when the PID for pppd is greater than 65535, allows remote attackers to cause a denial… | |||
| CVE-2015-0910 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail 1.0.11 through 1.5.8 allows remote attackers to inject arbitrary web script or HTML via a crafted filename. | |||
| CVE-2015-3364 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Content Analysis module before 6.x-1.7 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not… | |||
| CVE-2015-0703 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vect… | |||
| CVE-2015-3336 | medium | — | 4.3 | 11y ago | Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote a… | |||
| CVE-2015-3334 | medium | — | 4.3 | 11y ago | browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permissio… | |||
| CVE-2015-1248 | medium | — | 4.3 | 11y ago | The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem … | |||
| CVE-2015-1241 | medium | — | 4.3 | 11y ago | Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintend… | |||
| CVE-2015-1236 | medium | — | 4.3 | 11y ago | The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allow… | |||
| CVE-2015-0967 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox before 8.2 allow remote attackers to inject arbitrary web script or HTML via (1) the search field in plugin/index.html or (2) the tit… | |||
| CVE-2015-1852 | medium | — | 4.3 | 11y ago | The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient before 1.4.0 disables certification verification when the "insecure" option is set in a paste configurat… | |||
| CVE-2015-0937 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in search.php on the Blue Coat Malware Analysis appliance with software before 4.2.4.20150312-RELEASE allows remote attackers to inject arbitrary web script o… | |||
| CVE-2015-3324 | medium | — | 4.3 | 11y ago | The ThinkServer System Manager (TSM) Baseboard Management Controller before firmware 1.27.73476 for ThinkServer RD350, RD450, RD550, RD650, and TD350 does not validate server certificates during an "… | |||
| CVE-2015-2565 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unkno… | |||
| CVE-2015-0510 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Commerce Platform component in Oracle Commerce Platform 9.4, 10.0, and 10.2 allows remote attackers to affect integrity via vectors related to Dynamo Applicati… | |||
| CVE-2015-0509 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to Reporting and Analys… | |||
| CVE-2015-0502 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1 and 8.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework. |