CVEs from 2015
Total
7,261
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1444 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary… | |||
| CVE-2015-1475 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to … | |||
| CVE-2015-1437 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.70 allow remote attackers to inject arbitrary web script or HTML via the flag parameter to (1) resu… | |||
| CVE-2015-0599 | medium | — | 4.3 | 12y ago | The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier f… | |||
| CVE-2015-1459 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. | |||
| CVE-2015-1433 | medium | — | 4.3 | 12y ago | program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the style attribute … | |||
| CVE-2015-1404 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-1402 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-1384 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via the banner_effect_divid param… | |||
| CVE-2015-1385 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the cat parameter in… | |||
| CVE-2015-1383 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.8.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search key. | |||
| CVE-2015-0866 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustom… | |||
| CVE-2015-0870 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory Fumy News Clipper 2.x before 2.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-1370 | medium | — | 4.3 | 12y ago | Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link. | |||
| CVE-2015-1363 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/. | |||
| CVE-2015-1308 | medium | — | 4.3 | 12y ago | kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input events, and consequently obtain passwords, by leveraging access to the X server when the screen is locke… | |||
| CVE-2015-1307 | medium | — | 4.3 | 12y ago | plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look and Feel package. | |||
| CVE-2015-1179 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dpid, (2… | |||
| CVE-2015-1178 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) product_id or (2) category_id par… | |||
| CVE-2015-1347 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | |||
| CVE-2015-1180 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet. | |||
| CVE-2015-1176 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action. | |||
| CVE-2015-1175 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the l… | |||
| CVE-2015-0436 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Login. | |||
| CVE-2015-0434 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect confidentiality via vectors r… | |||
| CVE-2015-0431 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0 6.3.1, 6.3.2, 6.3.4, and 6.3.5 allows remote attackers to affect inte… | |||
| CVE-2015-0425 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Enterprise Asset Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Sie… | |||
| CVE-2015-0420 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Forms component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Forms Servic… | |||
| CVE-2015-0419 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, … | |||
| CVE-2015-1196 | medium | — | 4.3 | 12y ago | GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | |||
| CVE-2015-1194 | medium | — | 4.3 | 12y ago | pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||
| CVE-2015-0404 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity v… | |||
| CVE-2015-0402 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - C… | |||
| CVE-2015-0386 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related… | |||
| CVE-2015-0382 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a differ… | |||
| CVE-2015-0381 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a differ… | |||
| CVE-2015-0380 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle Telecommunications Billing Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.… | |||
| CVE-2015-0379 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote attackers to affect integrity via vectors related to PIA Core Technology. | |||
| CVE-2015-0376 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Content Server. | |||
| CVE-2015-0369 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to AX/HI Web UI. | |||
| CVE-2015-0365 | medium | — | 4.3 | 12y ago | Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Se… | |||
| CVE-2015-1048 | medium | — | 4.3 | 12y ago | Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct p… | |||
| CVE-2015-1204 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the … | |||
| CVE-2015-1164 | medium | — | 4.3 | 12y ago | Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attack… | |||
| CVE-2015-1032 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to /search. | |||
| CVE-2015-0553 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter. | |||
| CVE-2015-0220 | medium | — | 4.3 | 12y ago | The django.util.http.is_safe_url function in Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 does not properly handle leading whitespaces, which allows remote attackers to conduct c… | |||
| CVE-2015-1056 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW printer with firmware before L allows remote attackers to inject arbitrary web script or HTML via the url parameter to general/status.h… | |||
| CVE-2015-1053 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to admin/file_manag… | |||
| CVE-2015-1052 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows remote attackers to inject arbitrary web script or HTML via the result parameter to upload_files/pk/… | |||
| CVE-2015-1050 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when cr… | |||
| CVE-2015-1041 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING. | |||
| CVE-2015-1039 | medium | — | 4.3 | 12y ago | ZF-Commons ZfcUser Vulnerable to XSS in Login Redirect | |||
| CVE-2015-0577 | medium | — | 4.3 | 12y ago | Multiple cross-site scripting (XSS) vulnerabilities in the IronPort Spam Quarantine (ISQ) page in Cisco AsyncOS, as used on the Cisco Email Security Appliance (ESA) and Content Security Management Ap… | |||
| CVE-2015-0204 | medium | — | 4.3 | 12y ago | The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL servers to conduct RSA-to-EXPORT_RSA downgrade attacks and fa… | |||
| CVE-2015-0918 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/… | |||
| CVE-2015-0917 | medium | — | 4.3 | 12y ago | Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. | |||
| CVE-2015-7269 | medium | 4.2 | 4.2 | 9y ago | Seagate ST500LT015 hard disk drives, when operating in eDrive mode on Lenovo ThinkPad W541 laptops with BIOS 2.21, allow physically proximate attackers to bypass self-encrypting drive (SED) protectio… | |||
| CVE-2015-7268 | medium | 4.2 | 4.2 | 9y ago | Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or… | |||
| CVE-2015-7267 | medium | 4.2 | 4.2 | 9y ago | Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS… | |||
| CVE-2015-0233 | medium | 4.2 | 4.2 | 9y ago | Multiple insecure Temporary File vulnerabilities in 389 Administration Server before 1.1.38. | |||
| CVE-2015-5233 | medium | 4.2 | 4.2 | 10y ago | Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply view_hosts permissions, which allows (1) remote authenticated users with the view_reports permission to read reports from arbitrary h… | |||
| CVE-2015-7487 | medium | 4.1 | 4.1 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 IFIX002, and 7.6.0 before 7.6.0.3 IFIX001; Maximo Asset Management 7.5.0 before 7.5.0.9 IFIX002, 7.5.1, and 7.6.0 before 7.6.0.3… | |||
| CVE-2015-4960 | medium | 4.1 | 4.1 | 11y ago | IBM InfoSphere Master Data Management - Collaborative Edition 9.1, 10.1, 11.0 before 11.0.0.0 IF11, 11.3 before 11.3.0.0 IF7, and 11.4 before 11.4.0.4 IF1 allows remote authenticated users to conduct… | |||
| CVE-2015-4874 | medium | — | 4.1 | 11y ago | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows local users to affect confidentiality, integrity, an… | |||
| CVE-2015-5217 | medium | — | 4.0 | 4y ago | providers/saml2/admin.py in the Identity Provider (IdP) server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider (SP) owner, which allows remote a… | |||
| CVE-2015-1881 | medium | — | 4.0 | 4y ago | OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service (disk consumption)… | |||
| CVE-2015-4991 | medium | 4.0 | 4.0 | 10y ago | IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 through FP2 IF012, 17 through FP1 IF018, and 17.1 through IF008 includes unspecified cleartext data in memory dumps, which allows loc… | |||
| CVE-2015-2012 | medium | 4.0 | 4.0 | 11y ago | The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before 7.1.0.7, 7.5 through 7.5.0.5, and 8.0 before 8.0.0.4 uses world-readable permissions for a cleartext file containing the SSL keystore … | |||
| CVE-2015-8575 | medium | 4.0 | 4.0 | 11y ago | The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local users to obtain sensitive information from kernel memory and b… | |||
| CVE-2015-4923 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect availability via unknown ve… | |||
| CVE-2015-4921 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors. | |||
| CVE-2015-8303 | medium | 4.0 | 4.0 | 11y ago | Huawei Document Security Management (DSM) with software before V100R002C05SPC661 does not clear the clipboard when closing a secure file, which allows local users to obtain sensitive information by p… | |||
| CVE-2015-7416 | medium | 4.0 | 4.0 | 11y ago | AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file. | |||
| CVE-2015-7403 | medium | 4.0 | 4.0 | 11y ago | IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File System (GPFS) 3.5.x before 3.5.0.29 and 4.1.x through 4.1.0.8 on AIX allow local users to cause a denial of service (incorrect poin… | |||
| CVE-2015-4990 | medium | 4.0 | 4.0 | 11y ago | The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.… | |||
| CVE-2015-8374 | medium | 4.0 | 4.0 | 11y ago | fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles compressed inline extents, which allows local users to obtain sensitive pre-truncation information from a file via a clone action. | |||
| CVE-2015-7223 | medium | — | 4.0 | 11y ago | The WebExtension APIs in Mozilla Firefox before 43.0 allow remote attackers to gain privileges, and possibly obtain sensitive information or conduct cross-site scripting (XSS) attacks, via a crafted … | |||
| CVE-2015-6404 | medium | — | 4.0 | 11y ago | Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use RBAC, which allows remote authenticated users to obtain sensitive credential information by leveraging admin access and making SO… | |||
| CVE-2015-5004 | medium | — | 4.0 | 11y ago | The Edge Component Caching Proxy in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.12 and 8.5 before 8.5.5.8 does not properly encrypt data, which allows remote authenticated users to obtain… | |||
| CVE-2015-6422 | medium | — | 4.0 | 11y ago | The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed reques… | |||
| CVE-2015-6410 | medium | — | 4.0 | 11y ago | The Mobile and Remote Access (MRA) services implementation in Cisco Unified Communications Manager mishandles edge-device identity validation, which allows remote attackers to bypass intended call-re… | |||
| CVE-2015-6413 | medium | — | 4.0 | 11y ago | Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 allows remote authenticated users to bypass intended read-only restrictions and upload Tandberg Linux Package (TLP) files by visiti… | |||
| CVE-2015-6407 | medium | — | 4.0 | 11y ago | Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to upload files to arbitrary locations via a crafted parameter, aka Bug ID CSCuv25501. | |||
| CVE-2015-6406 | medium | — | 4.0 | 11y ago | Directory traversal vulnerability in the Tools menu in Cisco Emergency Responder 10.5(1.10000.5) allows remote authenticated users to write to arbitrary files via a crafted filename, aka Bug ID CSCuv… | |||
| CVE-2015-8229 | medium | — | 4.0 | 11y ago | Huawei eSpace U2980 unified gateway with software before V100R001C10 and U2990 with software before V200R001C10 allow remote authenticated users to cause a denial of service via crafted signaling pac… | |||
| CVE-2015-8228 | medium | — | 4.0 | 11y ago | Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to … | |||
| CVE-2015-6371 | medium | — | 4.0 | 11y ago | Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CS… | |||
| CVE-2015-8090 | medium | — | 4.0 | 11y ago | The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows remote authenticated users to gain privileges, and consequently obtain sensitive information, via an HTTP request. | |||
| CVE-2015-5253 | medium | — | 4.0 | 11y ago | Improper Access Control in Apache CXF | |||
| CVE-2015-6365 | medium | — | 4.0 | 11y ago | Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportu… | |||
| CVE-2015-7992 | medium | — | 4.0 | 11y ago | SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RUL… | |||
| CVE-2015-6362 | medium | — | 4.0 | 11y ago | The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by… | |||
| CVE-2015-8007 | medium | — | 4.0 | 11y ago | The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demon… | |||
| CVE-2015-8004 | medium | — | 4.0 | 11y ago | MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to … | |||
| CVE-2015-2697 | medium | — | 4.0 | 11y ago | The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) … | |||
| CVE-2015-7395 | medium | — | 4.0 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 F… | |||
| CVE-2015-6348 | medium | — | 4.0 | 11y ago | The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read repor… | |||
| CVE-2015-6347 | medium | — | 4.0 | 11y ago | The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an uns… | |||
| CVE-2015-6344 | medium | — | 4.0 | 11y ago | The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user i… |