CVEs from 2015
Total
7,313
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
17.9%
% with KEV
0.6%
% with exploit
0.8%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2015-0650 | high | — | 7.8 | 11y ago | The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 3.9.xS and 3.10.xS before 3.10.4S, 3.11.xS before 3.11.3S, 3.12.xS before 3.12.2S… | |
| CVE-2015-0649 | high | — | 7.8 | 11y ago | Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) TCP packets, aka Bug ID CSCun63514. | |
| CVE-2015-0648 | high | — | 7.8 | 11y ago | Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (memory consumption) via crafted Common Industrial Protocol (CIP) TCP packets, aka Bug I… | |
| CVE-2015-0647 | high | — | 7.8 | 11y ago | Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to cause a denial of service (device reload) via malformed Common Industrial Protocol (CIP) UDP packets, aka Bug ID CSCum98371. | |
| CVE-2015-0646 | high | — | 7.8 | 11y ago | Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.… | |
| CVE-2015-0645 | high | — | 7.8 | 11y ago | The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.2S, 3.13 before 3.13.1S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remot… | |
| CVE-2015-0644 | high | — | 7.8 | 11y ago | AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute … | |
| CVE-2015-0643 | high | — | 7.8 | 11y ago | Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2… | |
| CVE-2015-0642 | high | — | 7.8 | 11y ago | Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2… | |
| CVE-2015-0641 | high | — | 7.8 | 11y ago | Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to cau… | |
| CVE-2015-0640 | high | — | 7.8 | 11y ago | The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x before 3.10.4S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows rem… | |
| CVE-2015-0639 | high | — | 7.8 | 11y ago | The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before 3.7.1S, 3.8 before 3.8.0S, 3.9 before 3.9.0S, 3.10 before 3.10.0S, 3.11 before 3.11.0S, 3.12 before 3.12.0S, 3.13 before 3.13.0S… | |
| CVE-2015-0637 | high | — | 7.8 | 11y ago | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a d… | |
| CVE-2015-0636 | high | — | 7.8 | 11y ago | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to cause a d… | |
| CVE-2015-0132 | high | — | 7.8 | 11y ago | The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 iFix3 and 5.x before 5.0.2 and Rational Requirements Composer 2.x and 3.x before 3.0.1.6 iFix5 and 4.x before 4.0.7 iFix3 does no… | |
| CVE-2015-0652 | high | — | 7.8 | 11y ago | The Session Description Protocol (SDP) implementation in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X8.2 and Cisco TelePresence Conductor before XC2.4 allows remo… | |
| CVE-2015-1063 | high | — | 7.8 | 11y ago | CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a Class 0 SMS message. | |
| CVE-2015-0523 | high | — | 7.8 | 11y ago | EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA Registration Manager (RRM) before 6.9 build 558 allow remote attackers to cause an Administration Server denial of service via an invali… | |
| CVE-2015-0079 | high | — | 7.8 | 11y ago | The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to cause a denial of service (memory c… | |
| CVE-2015-2177 | high | — | 7.8 | 11y ago | Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a denial of service (defect-mode transition) via crafted packets on (1) TCP port 102 or (2) Profibus. | |
| CVE-2015-1414 | high | — | 7.8 | 11y ago | Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 allows remote attackers to cause a denial of service (crash) via a crafted IGMP packet, which trigg… | |
| CVE-2015-2055 | high | — | 7.8 | 11y ago | Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to cause a denial of service via a long string in the oldpassword parameter. | |
| CVE-2015-0621 | high | — | 7.8 | 11y ago | Cisco TelePresence MCU devices with software 4.5(1.45) allow remote attackers to cause a denial of service (device reload) via an unspecified series of TCP packets, aka Bug ID CSCur50347. | |
| CVE-2015-0592 | high | — | 7.8 | 11y ago | The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kern… | |
| CVE-2015-1348 | high | — | 7.8 | 12y ago | Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a … | |
| CVE-2015-1452 | high | — | 7.8 | 12y ago | The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch 7 build 4457 allows remote attackers to cause a denial of service (locked CAPWAP Access Controller… | |
| CVE-2015-0869 | high | — | 7.8 | 12y ago | I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. | |
| CVE-2015-0586 | high | — | 7.8 | 12y ago | The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote… | |
| CVE-2015-0924 | high | — | 7.8 | 12y ago | Ceragon FibeAir IP-10 bridges have a default password for the root account, which makes it easier for remote attackers to obtain access via a (1) HTTP, (2) SSH, (3) TELNET, or (4) CLI session. | |
| CVE-2015-0015 | high | — | 7.8 | 12y ago | Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and Server 2012 Gold and R2 allow remote attackers to cause a denial of service (system hang and RADIUS outage) via crafted username str… | |
| CVE-2015-0361 | high | — | 7.8 | 12y ago | Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows remote domains to cause a denial of service (system crash) via a crafted hypercall during HVM guest teardown. | |
| CVE-2015-8567 | high | 7.7 | 7.7 | 9y ago | Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause a denial of service (memory consumption). | |
| CVE-2015-7974 | high | 7.7 | 7.7 | 11y ago | NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer associations of symmetric keys when authenticating packets, which might allow remote attackers to conduct impersonation attacks via a… | |
| CVE-2015-7400 | high | 7.7 | 7.7 | 11y ago | The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote authenticated users to cause a denial of service (CPU consumption) via an XML external entity declaration in conjunction with an… | |
| CVE-2015-7865 | high | — | 7.7 | 11y ago | nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to … | |
| CVE-2015-3977 | high | — | 7.7 | 11y ago | Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol allows remote authenticated users to execute arbitrary code or cause a denial of service (memory c… | |
| CVE-2015-3456 | high | — | 7.7 | 11y ago | The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arb… | |
| CVE-2015-8947 | high | 7.6 | 7.6 | 10y ago | hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vul… | |
| CVE-2015-8799 | high | 7.6 | 7.6 | 10y ago | Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for … | |
| CVE-2015-5343 | high | 7.6 | 7.6 | 10y ago | Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, 1.8.x before 1.8.15, and 1.9.x before 1.9.3 allows remote authenticated users to cause a denial of service (subversion server cra… | |
| CVE-2015-7044 | high | — | 7.6 | 11y ago | The System Integrity Protection feature in Apple OS X before 10.11.2 mishandles union mounts, which allows attackers to execute arbitrary code in a privileged context via a crafted app with root priv… | |
| CVE-2015-7016 | high | — | 7.6 | 11y ago | The MCX Application Restrictions component in Apple OS X before 10.11.1, when Managed Configuration is enabled, mishandles provisioning profiles, which allows attackers to bypass intended entitlement… | |
| CVE-2015-4868 | high | — | 7.6 | 11y ago | Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | |
| CVE-2015-4748 | high | — | 7.6 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availa… | |
| CVE-2015-0458 | high | — | 7.6 | 11y ago | Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | |
| CVE-2015-2775 | high | — | 7.6 | 11y ago | Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name. | |
| CVE-2015-3220 | high | 7.5 | 7.5 | 4y ago | The tlslite library before 0.4.9 for Python allows remote attackers to trigger a denial of service (runtime exception and process crash). | |
| CVE-2015-8008 | high | 7.5 | 7.5 | 9y ago | The OAuth extension for MediaWiki improperly negotiates a new client token only over Special:OAuth/initiate, which allows attackers to bypass intended IP address access restrictions by making an API … | |
| CVE-2015-3302 | high | 7.5 | 7.5 | 9y ago | The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by … | |
| CVE-2015-0226 | high | 7.5 | 7.5 | 9y ago | Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J | |
| CVE-2015-0224 | high | 7.5 | 7.5 | 9y ago | qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted protocol sequence set. NOTE: this vulnerability exists because of an incomplet… | |
| CVE-2015-5177 | high | 7.5 | 7.5 | 9y ago | Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package. | |
| CVE-2015-6668 | high | 7.5 | 7.5 | 9y ago | The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object refe… | |
| CVE-2015-4421 | high | 7.5 | 7.5 | 9y ago | The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users to gain privileges or cause a denial of service (memory corruption) via an unspecified i… | |
| CVE-2015-2156 | high | 7.5 | 7.5 | 9y ago | Information Exposure in Netty | |
| CVE-2015-7503 | high | 7.5 | 7.5 | 9y ago | Zend Framework Information Disclosure | |
| CVE-2015-7384 | high | 7.5 | 7.5 | 9y ago | Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a denial of service. | |
| CVE-2015-2856 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in the template function in function.inc in Accellion File Transfer Appliance devices before FTA_9_11_210 allows remote attackers to read arbitrary files via a .. (d… | |
| CVE-2015-1429 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 32-bit and 64-bit allows remote attackers to download arbitrary files via a .. (dot dot) in an unspe… | |
| CVE-2015-2297 | high | 7.5 | 7.5 | 9y ago | nanohttp in libcsoap allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Authorization header. | |
| CVE-2015-3138 | high | 7.5 | 7.5 | 9y ago | print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a denial of service (segmentation fault and process crash). | |
| CVE-2015-5184 | high | 7.5 | 7.5 | 9y ago | Console: CORS headers set to allow all in Red Hat AMQ. | |
| CVE-2015-5183 | high | 7.5 | 7.5 | 9y ago | Console: HTTPOnly and Secure attributes not set on cookies in Red Hat AMQ. | |
| CVE-2015-7318 | high | 7.5 | 7.5 | 9y ago | Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses. | |
| CVE-2015-8559 | high | 7.5 | 7.5 | 9y ago | The knife bootstrap command in chef Infra client before version 15.4.45 leaks the validator.pem private RSA key to /var/log/messages. | |
| CVE-2015-9231 | high | 7.5 | 7.5 | 9y ago | iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.2015… | |
| CVE-2015-3890 | high | 7.5 | 7.5 | 9y ago | Use-after-free vulnerability in Open Litespeed before 1.3.10. | |
| CVE-2015-5179 | high | 7.5 | 7.5 | 9y ago | FreeIPA might display user data improperly via vectors involving non-printable characters. | |
| CVE-2015-4074 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download… | |
| CVE-2015-1854 | high | 7.5 | 7.5 | 9y ago | 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call. | |
| CVE-2015-0689 | high | 7.5 | 7.5 | 9y ago | Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to bypass intended filtering protection mechanisms by leveraging improper handling of HTTP methods, aka Bug ID CSCut69743. | |
| CVE-2015-4085 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in node/hooks/express/tests.js in Etherpad frontend tests before 1.6.1. | |
| CVE-2015-3250 | high | 7.5 | 7.5 | 9y ago | Exposure of Sensitive Information to an Unauthorized Actor in Apache Directory LDAP API | |
| CVE-2015-7294 | high | 7.5 | 7.5 | 9y ago | LDAP Injection in ldapauth | |
| CVE-2015-5705 | high | 7.5 | 7.5 | 9y ago | Argument injection vulnerability in devscripts before 2.15.7 allows remote attackers to write to arbitrary files via a crafted symlink and crafted filename. | |
| CVE-2015-3454 | high | 7.5 | 7.5 | 9y ago | TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket messages, which might allow remote attackers to obtain password hashes via a cross-site scripting attack. | |
| CVE-2015-7255 | high | 7.5 | 7.5 | 9y ago | ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, GAN9.8T101A-B, MF28G, ZXHN H108N use non-unique X.509 certificates and SSH host keys, which might allow remote attackers to obtain credentials… | |
| CVE-2015-5209 | high | 7.5 | 7.5 | 9y ago | Special top object can be used to access Struts' internals | |
| CVE-2015-0234 | high | 7.5 | 7.5 | 9y ago | Multiple temporary file creation vulnerabilities in pki-core 10.2.0. | |
| CVE-2015-1600 | high | 7.5 | 7.5 | 9y ago | Information disclosure vulnerability in Netatmo Indoor Module firmware 100 and earlier. | |
| CVE-2015-1554 | high | 7.5 | 7.5 | 9y ago | kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash). | |
| CVE-2015-1876 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in ES File Explorer 3.2.4.1. | |
| CVE-2015-1386 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in unshield 1.0-1. | |
| CVE-2015-1199 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in ppmd 10.1-5. | |
| CVE-2015-1198 | high | 7.5 | 7.5 | 9y ago | Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. | |
| CVE-2015-0928 | high | 7.5 | 7.5 | 9y ago | libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference). | |
| CVE-2015-4181 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of … | |
| CVE-2015-4180 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in get_file.php in phpMyBackupPro 2.1 through 2.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter. NOTE: the provenance of … | |
| CVE-2015-4017 | high | 7.5 | 7.5 | 9y ago | Salt before 2014.7.6 does not verify certificates when connecting via the aliyun, proxmox, and splunk modules. | |
| CVE-2015-1395 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a… | |
| CVE-2015-7516 | high | 7.5 | 7.5 | 9y ago | ONOS before 1.5.0 when using the ifwd app allows remote attackers to cause a denial of service (NULL pointer dereference and switch disconnect) by sending two Ethernet frames with ether_type Jumbo Fr… | |
| CVE-2015-7257 | high | 7.5 | 7.5 | 9y ago | ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and W300V2.1.0h_ER7_PE_O57 allow remote authenticated non-administrator users to change the admin password by intercepting an outgoing password chang… | |
| CVE-2015-1800 | high | 7.5 | 7.5 | 9y ago | The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. | |
| CVE-2015-2675 | high | 7.5 | 7.5 | 9y ago | The OAuth implementation in librest before 0.7.93 incorrectly truncates the pointer returned by the rest_proxy_call_get_url function, which allows remote attackers to cause a denial of service (appli… | |
| CVE-2015-7945 | high | 7.5 | 7.5 | 9y ago | The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.… | |
| CVE-2015-7944 | high | 7.5 | 7.5 | 9y ago | The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.… | |
| CVE-2015-3614 | high | 7.5 | 7.5 | 9y ago | Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to obtain arbitrary files via vectors involving another unspecified vulnerability. | |
| CVE-2015-1783 | high | 7.5 | 7.5 | 9y ago | The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c978f23ab859847cdd allows remote attackers to cause a denial of service (uninitialized memory access … | |
| CVE-2015-6498 | high | 7.5 | 7.5 | 9y ago | Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices. | |
| CVE-2015-3277 | high | 7.5 | 7.5 | 9y ago | The mod_nss module before 1.0.11 in Fedora allows remote attackers to obtain cipher lists due to incorrect parsing of multi-keyword cipherstring. |