CVEs from 2015
Total
7,262
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3755 | medium | — | 4.3 | 11y ago | WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. | |||
| CVE-2015-3754 | medium | — | 4.3 | 11y ago | The private-browsing implementation in WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8 does not prevent caching of HTTP authentication credentials, which makes it easier f… | |||
| CVE-2015-3729 | medium | — | 4.3 | 11y ago | Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, does not indicate what web site originated an input prompt, which allows remote atta… | |||
| CVE-2015-4490 | medium | — | 4.3 | 11y ago | The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem U… | |||
| CVE-2015-4483 | medium | — | 4.3 | 11y ago | Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request. | |||
| CVE-2015-2475 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in the UDDI Services component in Microsoft Windows Server 2008 SP2 and BizTalk Server 2010, 2013 Gold, and 2013 R2 allows remote a… | |||
| CVE-2015-2472 | medium | — | 4.3 | 11y ago | Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) through 8.1 in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Serv… | |||
| CVE-2015-2471 | medium | — | 4.3 | 11y ago | Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decry… | |||
| CVE-2015-2440 | medium | — | 4.3 | 11y ago | Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "MSXML Information Disclosure Vulnerability." | |||
| CVE-2015-2434 | medium | — | 4.3 | 11y ago | Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption … | |||
| CVE-2015-2423 | medium | — | 4.3 | 11y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoin… | |||
| CVE-2015-2420 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Microsoft System Center 2012 Operations Manager Gold before Rollup 8, SP1 before Rollup 10, and R2 before Rollup 7 allows remote attackers to inject arbitr… | |||
| CVE-2015-5475 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker (RT) 4.x before 4.2.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) user and (2)… | |||
| CVE-2015-2449 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass." | |||
| CVE-2015-2445 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 10 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass." | |||
| CVE-2015-5535 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the qTranslate plugin 2.5.39 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the edit parameter in the qtransl… | |||
| CVE-2015-3908 | medium | — | 4.3 | 11y ago | Ansible before 1.9.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle … | |||
| CVE-2015-3282 | medium | — | 4.3 | 11y ago | vos in OpenAFS before 1.6.13, when updating VLDB entries, allows remote attackers to obtain stack data by sniffing the network. | |||
| CVE-2015-5523 | medium | — | 4.3 | 11y ago | The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which … | |||
| CVE-2015-5369 | medium | — | 4.3 | 11y ago | Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and… | |||
| CVE-2015-3626 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the Web User Interface (WebUI) in Fortinet FortiOS before 5.2.4 on FortiGate devices allows remote attackers to inject arbitrary w… | |||
| CVE-2015-3267 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the 404 error page in Red Hat JBoss Operations Network before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-4494 | medium | — | 4.3 | 11y ago | Mozilla Firefox OS before 2.2 does not require the wifi-manage privilege for reading a Wi-Fi system message, which allows attackers to obtain potentially sensitive information via a crafted app. | |||
| CVE-2015-2745 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS before 2.2 allow remote attackers to inject arbitrary HTML via the (1) name or (2) title field in c… | |||
| CVE-2015-2744 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Search app in Gaia in Mozilla Firefox OS before 2.2 allows remote attackers to inject arbitrary HTML via a crafted search link that is mishandled after… | |||
| CVE-2015-3439 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Ephox (formerly Moxiecode) plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, all… | |||
| CVE-2015-3438 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byt… | |||
| CVE-2015-3960 | medium | — | 4.3 | 11y ago | The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches uses hardcoded RSA private keys and certificates across different customers' installations, which makes it easi… | |||
| CVE-2015-3942 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web-server component in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and Magnum 10K switches allow remote attackers to inject arbitrary w… | |||
| CVE-2015-5537 | medium | — | 4.3 | 11y ago | The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext … | |||
| CVE-2015-5352 | medium | — | 4.3 | 11y ago | The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for re… | |||
| CVE-2015-4294 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco IM and Presence Service before 10.5 MR1 allows remote attackers to inject arbitrary web script or HTML by constructing a crafted URL that leverages i… | |||
| CVE-2015-4292 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Prime Central for Hosted Collaboration Solution (PC4HCS) 10.6(2) allows remote attackers to inject arbitrary web script o… | |||
| CVE-2015-2870 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and BF-660C fingerprint access-control devices allows remote attackers to inject arbitrary web script or HTML via a SCRIPT element. | |||
| CVE-2015-4288 | medium | — | 4.3 | 11y ago | The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 … | |||
| CVE-2015-0732 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web Security Appliance (WSA) 9.0.0-193; Email Security Appliance (ESA) 8.5.6-113, 9.1.0-032, 9.1.1-000, and 9.6.0-000; and Content Sec… | |||
| CVE-2015-2976 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Research Artisan Lite before 1.18 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted HTML document or (2) a crafted… | |||
| CVE-2015-2973 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Welcart plugin before 1.4.18 for WordPress allow remote attackers to inject arbitrary web script or HTML via the usces_referer parameter to … | |||
| CVE-2015-1287 | medium | — | 4.3 | 11y ago | Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the cases in which a Cascading Style Sheets (CSS) document is required to have the text/css content ty… | |||
| CVE-2015-1286 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote… | |||
| CVE-2015-1281 | medium | — | 4.3 | 11y ago | core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security… | |||
| CVE-2015-1278 | medium | — | 4.3 | 11y ago | content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensure that a PDF document's modal dialog is closed upon navigation to an interstitial page, which allo… | |||
| CVE-2015-1275 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google Chrome before 44.0.2403.89 on Android allows remote attackers to inject arbitrary web script or HTM… | |||
| CVE-2015-4652 | medium | — | 4.3 | 11y ago | epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in Wireshark 1.12.x before 1.12.6 does not properly validate digit characters, which allows remote attackers to cause a denial of service… | |||
| CVE-2015-3185 | medium | — | 4.3 | 11y ago | The ap_some_auth_required function in server/request.c in the Apache HTTP Server 2.4.x before 2.4.14 does not consider that a Require directive may be associated with an authorization setting rather … | |||
| CVE-2015-4458 | medium | — | 4.3 | 11y ago | The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance (ASA) Software 9.1(5.21) and other products, does not verify the MAC field, w… | |||
| CVE-2015-4278 | medium | — | 4.3 | 11y ago | Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 and 9.5.0-201 allow remote attackers to cause a denial of service (per-domain e-mail reception outage) by placing malformed DMARC … | |||
| CVE-2015-4266 | medium | — | 4.3 | 11y ago | The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to con… | |||
| CVE-2015-5528 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the save_order function in class-floating-social-bar.php in the Floating Social Bar plugin before 1.1.6 for WordPress allows remote attackers to inject arb… | |||
| CVE-2015-4637 | medium | — | 4.3 | 11y ago | The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 before HF2 and ADC 4.5.0 before HF2, when configured for LDAP remote authentication and the LDAP server allows anonymous BIND ope… | |||
| CVE-2015-4749 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect availability via vectors related to JNDI. | |||
| CVE-2015-2646 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 11.1.0.1; EM Plugin for DB: 12.1.0.5, 12.1.0.6, 12.1.0.7;… | |||
| CVE-2015-2644 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to affect confidentiality via unknown vectors related to Secu… | |||
| CVE-2015-2630 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Technology stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Applet … | |||
| CVE-2015-2623 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0… | |||
| CVE-2015-2622 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote attackers to affect integrity via unknown vectors related to Fluid Core. | |||
| CVE-2015-2620 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security… | |||
| CVE-2015-2612 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Siebel Core - Server OM Svcs component in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 allows remote attackers to affect confidentiality via vectors related to LDAP Secur… | |||
| CVE-2015-2610 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors … | |||
| CVE-2015-2596 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in Oracle Java SE 7u80 allows remote attackers to affect integrity via unknown vectors related to Hotspot. | |||
| CVE-2015-2588 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect integrity via vectors related to PIA Core Te… | |||
| CVE-2015-2587 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 allows remote attackers to affect integrity via vectors related to SWSE Server Infrastructur… | |||
| CVE-2015-2586 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect availability via unknown vectors. | |||
| CVE-2015-0467 | medium | — | 4.3 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vecto… | |||
| CVE-2015-5107 | medium | — | 4.3 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-2421 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass." | |||
| CVE-2015-2414 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to obtain sensitive browsing-history information via vectors related to image caching, aka "Internet Explorer Information Disclosure V… | |||
| CVE-2015-2413 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted module-resource request, aka "Internet Explorer Information Disclosure Vulnera… | |||
| CVE-2015-2412 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability." | |||
| CVE-2015-2410 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to determine the existence of local files via a crafted stylesheet, aka "Internet Explorer Information Disclosure Vulnerability." | |||
| CVE-2015-2402 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||
| CVE-2015-2398 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the XSS filter via a crafted attribute of an element in an HTML document, aka "Internet Explorer XSS Filter Bypass Vulnerabi… | |||
| CVE-2015-2375 | medium | — | 4.3 | 11y ago | Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel Viewer 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attacke… | |||
| CVE-2015-1729 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerab… | |||
| CVE-2015-5144 | medium | — | 4.3 | 11y ago | Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP … | |||
| CVE-2015-4270 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.5 and 6.0.0 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs C… | |||
| CVE-2015-4268 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin UI in Cisco Identity Services Engine (ISE) 1.2(1.198) and 1.3(0.876) allow remote attackers to inject arbitrary web script or HT… | |||
| CVE-2015-5519 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the applyConvolution demo in WideImage 11.02.19 allows remote attackers to inject arbitrary web script or HTML via the matrix parameter to demo/index.php. | |||
| CVE-2015-4272 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page in Cisco Unified Communications Manager (formerly CallManager) 10.5(2.10000.5) allow remote attackers to inject arbitrary web sc… | |||
| CVE-2015-1917 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 be… | |||
| CVE-2015-4236 | medium | — | 4.3 | 11y ago | Cisco AsyncOS on Email Security Appliance (ESA) devices with software 8.5.6-073, 8.5.6-074, and 9.0.0-461, when clustering is enabled, allows remote attackers to cause a denial of service (clustering… | |||
| CVE-2015-4259 | medium | — | 4.3 | 11y ago | The Integrated Management Controller on Cisco Unified Computing System (UCS) C servers with software 1.5(3) and 1.6(0.16) has a default SSL certificate, which makes it easier for man-in-the-middle at… | |||
| CVE-2015-2969 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote attackers to inject arbitrary web script or HTML via the oekakis parameter. | |||
| CVE-2015-2967 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in settings.php in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4260 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration Solution 10.6(1) allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu14… | |||
| CVE-2015-5460 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in app/views/events/_menu.html.erb in Snorby 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the title (cls.name variable) when creat… | |||
| CVE-2015-5456 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the form method in modules/formclass.php in PivotX before 2.3.11 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related … | |||
| CVE-2015-5455 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to install/. | |||
| CVE-2015-5454 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Nucleus CMS allows remote attackers to inject arbitrary web script or HTML via the title parameter when adding a new item. | |||
| CVE-2015-1796 | medium | — | 4.3 | 11y ago | Improper Certificate Validation in Shibboleth Identity Provider and OpenSAML | |||
| CVE-2015-2850 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers… | |||
| CVE-2015-3216 | medium | — | 4.3 | 11y ago | Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 an… | |||
| CVE-2015-2742 | medium | — | 4.3 | 11y ago | Mozilla Firefox before 39.0 on OS X includes native key press information during the logging of crashes, which allows remote attackers to obtain sensitive information by leveraging access to a crash-… | |||
| CVE-2015-2741 | medium | — | 4.3 | 11y ago | Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird before 38.1 do not enforce key pinning upon encountering an X.509 certificate problem that generates a user dialog, which al… | |||
| CVE-2015-2730 | medium | — | 4.3 | 11y ago | Mozilla Network Security Services (NSS) before 3.19.1, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and other products, does not properly perform Ellipti… | |||
| CVE-2015-2721 | medium | — | 4.3 | 11y ago | Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not p… | |||
| CVE-2015-1966 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before FP17, 6.2.1 before FP9, and 6.2.2 before FP15, as used in Security Access Manager for … | |||
| CVE-2015-3725 | medium | — | 4.3 | 11y ago | MobileInstallation in Apple iOS before 8.4 does not ensure the uniqueness of Watch bundle IDs, which allows attackers to cause a denial of service (ID collision and Watch launch outage) via a crafted… | |||
| CVE-2015-3722 | medium | — | 4.3 | 11y ago | Application Store in Apple iOS before 8.4 does not ensure the uniqueness of bundle IDs, which allows attackers to cause a denial of service (ID collision and launch outage) via a crafted universal pr… | |||
| CVE-2015-3721 | medium | — | 4.3 | 11y ago | The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not properly handle HFS parameters, which allows attackers to obtain sensitive memory-layout information via a crafted app. |