CVEs from 2015
Total
7,261
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3720 | medium | — | 4.3 | 11y ago | The kernel in Apple OS X before 10.10.4 does not properly manage memory in kernel-extension APIs, which allows attackers to obtain sensitive memory-layout information via a crafted app. | |||
| CVE-2015-3711 | medium | — | 4.3 | 11y ago | The NTFS implementation in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. | |||
| CVE-2015-3710 | medium | — | 4.3 | 11y ago | Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote attackers to trigger a refresh operation, and consequently cause a visit to an arbitrary web site, via a crafted HTML e-mail message. | |||
| CVE-2015-3690 | medium | — | 4.3 | 11y ago | The DiskImages subsystem in Apple iOS before 8.4 and OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. | |||
| CVE-2015-3677 | medium | — | 4.3 | 11y ago | The LZVN compression feature in AppleFSCompression in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information for the kernel via a crafted app. | |||
| CVE-2015-3676 | medium | — | 4.3 | 11y ago | AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to obtain sensitive memory-layout information via a crafted app. | |||
| CVE-2015-3660 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script… | |||
| CVE-2015-5356 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter. | |||
| CVE-2015-5355 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to… | |||
| CVE-2015-4696 | medium | — | 4.3 | 11y ago | Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (crash) via a crafted WMF file to the (1) wmf2gd or (2) wmf2eps command. | |||
| CVE-2015-1967 | medium | — | 4.3 | 11y ago | MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-mode option, which allows remote attackers to obtain sensitive information by sniffing the network f… | |||
| CVE-2015-1919 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Security QRadar Incident Forensics before 7.2.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||
| CVE-2015-5151 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Slider Revolution (revslider) plugin 4.2.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the client_action parameter… | |||
| CVE-2015-0118 | medium | — | 4.3 | 11y ago | IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before 8005 IF1 and Integration Toolkit 9 before 9003 IF1 are distributed with MQ client JAR files that support only weak TLS ciphers, whi… | |||
| CVE-2015-1978 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before i… | |||
| CVE-2015-1972 | medium | — | 4.3 | 11y ago | IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote attackers to obtain sens… | |||
| CVE-2015-0173 | medium | — | 4.3 | 11y ago | The HTTP connection-management functionality in Internet Pass-Thru (IPT) before 2.1.0.2 in IBM WebSphere MQ, when HTTPS is disabled, does not properly generate MQIPT Session IDs, which makes it easie… | |||
| CVE-2015-4174 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the integrated web server on the Siemens Climatix BACnet/IP communication module with firmware before 10.34 allows remote attackers to inject arbitrary web… | |||
| CVE-2015-0989 | medium | — | 4.3 | 11y ago | PACTware 4.1 SP3 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers an internal error. | |||
| CVE-2015-1269 | medium | — | 4.3 | 11y ago | The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP … | |||
| CVE-2015-4217 | medium | — | 4.3 | 11y ago | The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the… | |||
| CVE-2015-1159 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2015-4220 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Unified Presence Server 9.1(1) allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCuq03773. | |||
| CVE-2015-5064 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite Administrator (mysql-lite-administrator) beta-1 allow remote attackers to inject arbitrary web script or HTML via the table_name para… | |||
| CVE-2015-5063 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe CMS & Framework 3.1.13 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_username or (2) admin_passwo… | |||
| CVE-2015-4413 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the new_fb_sign_button function in nextend-facebook-connect.php in Nextend Facebook Connect plugin before 1.5.6 for WordPress allows remote attackers to in… | |||
| CVE-2015-4725 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||
| CVE-2015-4210 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCur03806. | |||
| CVE-2015-3234 | medium | — | 4.3 | 11y ago | The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows remote attackers to log into other users' accounts by leveraging an OpenID identity from certain providers, as demonstrated by t… | |||
| CVE-2015-4714 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body. | |||
| CVE-2015-0526 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (… | |||
| CVE-2015-4198 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the web framework on Cisco Web Security Appliance (WSA) devices with software 8.5.0-497 allows remote attackers to inject arbitrary web script or HTML via … | |||
| CVE-2015-4679 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account… | |||
| CVE-2015-4661 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via the sort parameter to system/authors. | |||
| CVE-2015-4660 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal 5.0.7961 allows remote attackers to inject arbitrary web script or HTML via the id parameter to iframe.php. | |||
| CVE-2015-4657 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with a crafted URL. | |||
| CVE-2015-4656 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station before 6.3-2945 allow remote attackers to inject arbitrary web script or HTML via the (1) success parameter to login.php … | |||
| CVE-2015-4655 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Synology DiskStation Manager (DSM) before 5.2-5565 Update 1 allows remote attackers to inject arbitrary web script or HTML via the "compound" parameter to … | |||
| CVE-2015-4587 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom applicat… | |||
| CVE-2015-3422 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 allows remote attackers to inject arbitrary web script or HTML via the menu2 parameter to admin/main.jsp. | |||
| CVE-2015-3429 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in example.html in Genericons before 3.3.1, as used in WordPress before 4.2.2, allows remote attackers to inject arbitrary web script or HTML via a fragment i… | |||
| CVE-2015-2665 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4550 | medium | — | 4.3 | 11y ago | The Cavium cryptographic-module firmware on Cisco Adaptive Security Appliance (ASA) devices with software 9.3(3) and 9.4(1.1) does not verify the AES-GCM Integrity Check Value (ICV) octets, which mak… | |||
| CVE-2015-4190 | medium | — | 4.3 | 11y ago | Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on Cloud Portal appliances allows man-in-the-middle attackers to modify data via unspecified vectors, aka Bug ID CSCuh19683. | |||
| CVE-2015-2804 | medium | — | 4.3 | 11y ago | The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, 6850E, 9000E, 6400, and 6855 with firmware before 6.6.4.309.R01 and 6.6.5.x before 6.6.5.80.R02 generates weak session identifier… | |||
| CVE-2015-3226 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active Support in Ruby on Rails 3.x and 4.1.x before 4.1.11 and 4.2.x before 4.2.2 allows remote attackers to inject arbitrary web scri… | |||
| CVE-2015-4559 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the product deployment feature in the Java core web services in Intel McAfee ePolicy Orchestrator (ePO) before 5.1.2 allows remote attackers to inject arbi… | |||
| CVE-2015-4142 | medium | — | 4.3 | 11y ago | Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a de… | |||
| CVE-2015-4141 | medium | — | 4.3 | 11y ago | The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4 allows remote attackers to cause a denial of service (crash) via a n… | |||
| CVE-2015-4093 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4386 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in unspecified administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal allow remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2015-4375 | medium | — | 4.3 | 11y ago | The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal allows remote attackers to obtain sensitive node titles via (1) an autocomplete search on custom entities without an access quer… | |||
| CVE-2015-4347 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the inLinks Integration module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified path arguments. | |||
| CVE-2015-0344 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-0343 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query paramete… | |||
| CVE-2015-2957 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified ve… | |||
| CVE-2015-1788 | medium | — | 4.3 | 11y ago | The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b does not properly handle ECParameters structures in whi… | |||
| CVE-2015-0774 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID … | |||
| CVE-2015-0737 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST paramete… | |||
| CVE-2015-4471 | medium | — | 4.3 | 11y ago | Off-by-one error in the lzxd_decompress function in lzxd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer under-read and application crash) via a crafted CAB arc… | |||
| CVE-2015-4470 | medium | — | 4.3 | 11y ago | Off-by-one error in the inflate function in mszipd.c in libmspack before 0.5 allows remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CAB archive. | |||
| CVE-2015-4469 | medium | — | 4.3 | 11y ago | The chmd_read_headers function in chmd.c in libmspack before 0.5 does not validate name lengths, which allows remote attackers to cause a denial of service (buffer over-read and application crash) vi… | |||
| CVE-2015-4468 | medium | — | 4.3 | 11y ago | Multiple integer overflows in the search_chunk function in chmd.c in libmspack before 0.5 allow remote attackers to cause a denial of service (buffer over-read and application crash) via a crafted CH… | |||
| CVE-2015-4467 | medium | — | 4.3 | 11y ago | The chmd_init_decomp function in chmd.c in libmspack before 0.5 does not properly validate the reset interval, which allows remote attackers to cause a denial of service (divide-by-zero error and app… | |||
| CVE-2015-3935 | medium | — | 4.3 | 11y ago | Dolibarr ERP and CRM contain Cross-site Scripting Vulnerability | |||
| CVE-2015-3101 | medium | — | 4.3 | 11y ago | The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and befor… | |||
| CVE-2015-2359 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the web applications in Microsoft Exchange Server 2013 Cumulative Update 8 allows remote attackers to inject arbitrary web script or HTML via unspecified v… | |||
| CVE-2015-1765 | medium | — | 4.3 | 11y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site. | |||
| CVE-2015-1764 | medium | — | 4.3 | 11y ago | The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted requ… | |||
| CVE-2015-1757 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject a… | |||
| CVE-2015-2960 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer build 10250 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4020 | medium | — | 4.3 | 11y ago | RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests t… | |||
| CVE-2015-2963 | medium | — | 4.3 | 11y ago | paperclip Cross-site Scripting vulnerability | |||
| CVE-2015-0766 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject ar… | |||
| CVE-2015-0762 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script o… | |||
| CVE-2015-4050 | medium | — | 4.3 | 11y ago | FragmentListener in the HttpKernel component in Symfony 2.3.19 through 2.3.28, 2.4.9 through 2.4.10, 2.5.4 through 2.5.11, and 2.6.0 through 2.6.7, when ESI or SSI support enabled, does not check if … | |||
| CVE-2015-2944 | medium | — | 4.3 | 11y ago | Improper Neutralization of Input During Web Page Generation in Apache Sling | |||
| CVE-2015-3176 | medium | — | 4.3 | 11y ago | Moodle allows attackers obtain full-name information | |||
| CVE-2015-2270 | medium | — | 4.3 | 11y ago | Moodle allows attackers to obtain sensitive course information | |||
| CVE-2015-2949 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-2948 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in the image processor in Zenphoto before 1.4.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-4138 | medium | — | 4.3 | 11y ago | The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not include the HTTPOnly flag in a Set-Cookie header for the administ… | |||
| CVE-2015-2855 | medium | — | 4.3 | 11y ago | The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not set the secure flag for the administrator's cookie in an https se… | |||
| CVE-2015-2854 | medium | — | 4.3 | 11y ago | The WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 does not send a restrictive X-Frame-Options HTTP header, which allows remo… | |||
| CVE-2015-2852 | medium | — | 4.3 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers… | |||
| CVE-2015-0747 | medium | — | 4.3 | 11y ago | Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release allow remote attackers to inject arbitrary cookies via a crafted HTTP request, aka Bug ID CSCuh25408. | |||
| CVE-2015-0733 | medium | — | 4.3 | 11y ago | CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP… | |||
| CVE-2015-0752 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSC… | |||
| CVE-2015-3904 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php in the Roomcloud plugin before 1.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) pin, (2… | |||
| CVE-2015-4135 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | |||
| CVE-2015-3165 | medium | — | 4.3 | 11y ago | Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash… | |||
| CVE-2015-3903 | medium | — | 4.3 | 11y ago | libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x before 4.2.13.3, 4.3.x before 4.3.13.1, and 4.4.x before 4.4.6.1 disables X.509 certificate verification for GitHub API calls ov… | |||
| CVE-2015-0962 | medium | — | 4.3 | 11y ago | Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection is enabled, uses the same root Certification Authority certificate across different customers' installations, which makes it eas… | |||
| CVE-2015-0961 | medium | — | 4.3 | 11y ago | Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, does not verify X.509 certificates from upstream SSL servers, which allows man-in-the-middle attackers to spoof servers and obta… | |||
| CVE-2015-1915 | medium | — | 4.3 | 11y ago | The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Management 9.0.1 before IF6 and 9.1.0 before IF6 does not set the secure flag for the session cookie in … | |||
| CVE-2015-1911 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Selling and Fulfillment Foundation 9.0.0 before FP92, and Sterling Field Sales (SFS) 9.0 before HF7 in… | |||
| CVE-2015-0915 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted attachment filename. | |||
| CVE-2015-3647 | medium | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in wppa-ajax-front.php in the WP Photo Album Plus (aka WPPA) plugin before 6.1.3 for WordPress allow remote attackers to inject arbitrary web scrip… | |||
| CVE-2015-1264 | medium | — | 4.3 | 11y ago | Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted data that is improperly handled … | |||
| CVE-2015-1263 | medium | — | 4.3 | 11y ago | The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session for downloading a Hunspell dictionary, which allows man-in-the-middle attackers to deliver incorre… |