CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8228 | medium | — | 4.0 | 11y ago | Directory traversal vulnerability in the SFTP server in Huawei AR 120, 150, 160, 200, 500, 1200, 2200, 3200, and 3600 routers with software before V200R006SPH003 allows remote authenticated users to … | |||
| CVE-2015-6371 | medium | — | 4.0 | 11y ago | Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CS… | |||
| CVE-2015-8090 | medium | — | 4.0 | 11y ago | The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows remote authenticated users to gain privileges, and consequently obtain sensitive information, via an HTTP request. | |||
| CVE-2015-5253 | medium | — | 4.0 | 11y ago | Improper Access Control in Apache CXF | |||
| CVE-2015-6365 | medium | — | 4.0 | 11y ago | Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportu… | |||
| CVE-2015-7992 | medium | — | 4.0 | 11y ago | SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RUL… | |||
| CVE-2015-6362 | medium | — | 4.0 | 11y ago | The web GUI in Cisco Connected Grid Network Management System (CG-NMS) 3.0(0.35) and 3.0(0.54) allows remote authenticated users to bypass intended access restrictions and modify the configuration by… | |||
| CVE-2015-8007 | medium | — | 4.0 | 11y ago | The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demon… | |||
| CVE-2015-8004 | medium | — | 4.0 | 11y ago | MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to … | |||
| CVE-2015-2697 | medium | — | 4.0 | 11y ago | The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) … | |||
| CVE-2015-7395 | medium | — | 4.0 | 11y ago | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX005, and 7.6.0 before 7.6.0.2 FP002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005, 7.5.1, and 7.6.0 before 7.6.0.2 F… | |||
| CVE-2015-6348 | medium | — | 4.0 | 11y ago | The report-generation web interface in the Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and read repor… | |||
| CVE-2015-6347 | medium | — | 4.0 | 11y ago | The Solution Engine in Cisco Secure Access Control Server (ACS) 5.7(0.15) allows remote authenticated users to bypass intended RBAC restrictions, and create a dashboard or portlet, by visiting an uns… | |||
| CVE-2015-6344 | medium | — | 4.0 | 11y ago | The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security 9.3(4.1.11) allows remote authenticated users to bypass intended access restrictions and obtain sensitive user i… | |||
| CVE-2015-6491 | medium | — | 4.0 | 11y ago | Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 devices before B FRN 15.003 allow remote authenticated users to insert the content of an arbitrary file into a FRAME element via uns… | |||
| CVE-2015-5712 | medium | — | 4.0 | 11y ago | Spotfire Parsing Library and Spotfire Security Filter in TIBCO Spotfire Server 5.5.x before 5.5.4, 6.0.x before 6.0.5, 6.5.x before 6.5.4, and 7.0.x before 7.0.1 and Spotfire Analytics Platform befor… | |||
| CVE-2015-6670 | medium | — | 4.0 | 11y ago | ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before 8.1.1 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the ca… | |||
| CVE-2015-4905 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. | |||
| CVE-2015-4904 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to libmysqld. | |||
| CVE-2015-4898 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity… | |||
| CVE-2015-4876 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors rela… | |||
| CVE-2015-4866 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | |||
| CVE-2015-4862 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||
| CVE-2015-4858 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via vectors related to DML, a different vulnerabi… | |||
| CVE-2015-4838 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote authenticated users to affect confidentiality via vectors… | |||
| CVE-2015-4833 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. | |||
| CVE-2015-4830 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server : Security : Pri… | |||
| CVE-2015-4828 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via vectors related to FIN Resource… | |||
| CVE-2015-4826 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Types. | |||
| CVE-2015-4816 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB. | |||
| CVE-2015-4815 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via vectors related to Server : DDL. | |||
| CVE-2015-4804 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Management component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via un… | |||
| CVE-2015-4802 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, … | |||
| CVE-2015-4800 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||
| CVE-2015-4762 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 and 12.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related… | |||
| CVE-2015-4730 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows remote authenticated users to affect availability via unknown vectors related to Types. | |||
| CVE-2015-5954 | medium | — | 4.0 | 11y ago | The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before 7.0.7, and 8.0.x before 8.0.5 does not consider that NULL is a valid getPath return value, which allows remote authenticated users… | |||
| CVE-2015-7683 | medium | — | 4.0 | 11y ago | Absolute path traversal vulnerability in Font.php in the Font plugin before 7.5.1 for WordPress allows remote administrators to read arbitrary files via a full pathname in the url parameter to AjaxPr… | |||
| CVE-2015-5443 | medium | — | 4.0 | 11y ago | HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vector… | |||
| CVE-2015-4547 | medium | — | 4.0 | 11y ago | EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB password in a configuration file, which allows remote authenticated users to obtain sensitive information by reading this file. | |||
| CVE-2015-4929 | medium | — | 4.0 | 11y ago | IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for Software Use Analysis 9 before 9.2.1.0 allow remote authenticated users to bypass intended access restrictions and obtain sensitive i… | |||
| CVE-2015-5024 | medium | — | 4.0 | 11y ago | IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, 10.0.2.3, 10.0.2.5 before iFix4, 10.0.2.6 before iFix8, 10.0.2.7 before iFix1, and 10.0.4.x before iFix2 allows remote authenticat… | |||
| CVE-2015-4965 | medium | — | 4.0 | 11y ago | maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX004, and 7.6.0 before 7.6.0.1 IFIX002; Maximo Asset Management 7.5.x b… | |||
| CVE-2015-7685 | medium | — | 4.0 | 11y ago | GLPI before 0.85.3 allows remote authenticated users to create super-admin accounts by leveraging permissions to create a user and the _profiles_id parameter to front/user.form.php. | |||
| CVE-2015-0143 | medium | — | 4.0 | 11y ago | IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to obtain sensitive information by reading error messages. | |||
| CVE-2015-0142 | medium | — | 4.0 | 11y ago | IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to cause a denial of service (maintenance-mode transition and… | |||
| CVE-2015-0141 | medium | — | 4.0 | 11y ago | IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to modify arbitrary user filters via a JSON request. | |||
| CVE-2015-6308 | medium | — | 4.0 | 11y ago | Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated users to cause a denial of service (temporary SNMP outage) via an SNMP request for an OID that does not exist, aka Bug ID CSCuw36… | |||
| CVE-2015-5435 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 before 1.85 and 4 before 2.22 allows remote authenticated users to cause a denial of service via unknown vectors. | |||
| CVE-2015-0299 | medium | — | 4.0 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Open Source Point of Sale 2.3.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2015-5711 | medium | — | 4.0 | 11y ago | TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain … | |||
| CVE-2015-4543 | medium | — | 4.0 | 11y ago | EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored passwords in unspecified circumstances, which allows remote authenticated users to obtain sensitive information by reading database field… | |||
| CVE-2015-6300 | medium | — | 4.0 | 11y ago | Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) allows remote authenticated users to cause a denial of service (SSH screen process crash) via crafted (1) CLI or (2) GUI commands, a… | |||
| CVE-2015-4305 | medium | — | 4.0 | 11y ago | The web framework in Cisco Prime Collaboration Assurance before 10.5.1.53684-1 allows remote authenticated users to bypass intended system-database read restrictions, and discover credentials or SNMP… | |||
| CVE-2015-7234 | medium | — | 4.0 | 11y ago | The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology and OSF Import modules are enabled, allows user-assisted remote attackers to delete arbitrary files via unspecified vectors. | |||
| CVE-2015-2136 | medium | — | 4.0 | 11y ago | HP ArcSight Logger before 6.0 P2 allows remote authenticated users to bypass the intended authorization policy via unspecified vectors. | |||
| CVE-2015-4980 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through 7.0.0.9 allows remote authenticated users to obtain sensitive personal information via unknown vectors. | |||
| CVE-2015-2535 | medium | — | 4.0 | 11y ago | Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service outage) by creating multiple machi… | |||
| CVE-2015-5250 | medium | — | 4.0 | 11y ago | Denial of Service in OpenShift Origin in github.com/openshift/origin | |||
| CVE-2015-2990 | medium | — | 4.0 | 11y ago | Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter. | |||
| CVE-2015-6587 | medium | — | 4.0 | 11y ago | The vlserver in OpenAFS before 1.6.13 allows remote authenticated users to cause a denial of service (out-of-bounds read and crash) via a crafted regular expression in a VL_ListAttributesN2 RPC. | |||
| CVE-2015-3966 | medium | — | 4.0 | 11y ago | The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a pee… | |||
| CVE-2015-5433 | medium | — | 4.0 | 11y ago | HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive inform… | |||
| CVE-2015-5403 | medium | — | 4.0 | 11y ago | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspec… | |||
| CVE-2015-2139 | medium | — | 4.0 | 11y ago | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspec… | |||
| CVE-2015-3158 | medium | — | 4.0 | 11y ago | PicketLink does not properly check role based authorization | |||
| CVE-2015-5413 | medium | — | 4.0 | 11y ago | HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to gain privileges and obtain sensitive information via unspecified vectors. | |||
| CVE-2015-6261 | medium | — | 4.0 | 11y ago | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to bypass intended access restrictions and read configuration files by leveraging the Mobile an… | |||
| CVE-2015-4950 | medium | — | 4.0 | 11y ago | The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: Data Protection for Microsoft Exchange Server 6.1 before 6.1.3.6, 6.3 before 6.3.1.3, 6.4 before 6.4.1.4, and 7.1 before 7.1.0.2; T… | |||
| CVE-2015-4328 | medium | — | 4.0 | 11y ago | Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 improperly checks for a user account's read-only attribute, which allows remote authenticated users to execute arbitrary OS comma… | |||
| CVE-2015-4320 | medium | — | 4.0 | 11y ago | The Configuration Log File component in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, … | |||
| CVE-2015-4314 | medium | — | 4.0 | 11y ago | The System Snapshot feature in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 allows remote authenticated users to obtain sensitive password-hash information by reading the sna… | |||
| CVE-2015-5499 | medium | — | 4.0 | 11y ago | The Navigate module for Drupal does not properly check permissions, which allows remote authenticated users to modify custom widgets and create widget database records by leveraging the "navigate vie… | |||
| CVE-2015-5482 | medium | — | 4.0 | 11y ago | Directory traversal vulnerability in the GD bbPress Attachments plugin before 2.3 for WordPress allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the tab… | |||
| CVE-2015-3289 | medium | — | 4.0 | 11y ago | OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated users to cause a denial of service (disk consumption) by repeatedly using the import task flow API to create images and then deleti… | |||
| CVE-2015-1844 | medium | — | 4.0 | 11y ago | Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restrictions by connecting through the REST API. | |||
| CVE-2015-5718 | medium | — | 4.0 | 11y ago | Stack-based buffer overflow in the handle_debug_network function in the manager in Websense Content Gateway before 8.0.0 HF02 allows remote administrators to cause a denial of service (crash) via a c… | |||
| CVE-2015-3187 | medium | — | 4.0 | 11y ago | The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive pa… | |||
| CVE-2015-5623 | medium | — | 4.0 | 11y ago | WordPress before 4.2.3 does not properly verify the edit_posts capability, which allows remote authenticated users to bypass intended access restrictions and create drafts by leveraging the Subscribe… | |||
| CVE-2015-4295 | medium | — | 4.0 | 11y ago | The Prime Collaboration Deployment component in Cisco Unified Communications Manager 10.5(3.10000.9) allows remote authenticated users to discover root credentials via a direct request to an unspecif… | |||
| CVE-2015-1488 | medium | — | 4.0 | 11y ago | An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to read arbitrary files via unknown v… | |||
| CVE-2015-1905 | medium | — | 4.0 | 11y ago | The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated us… | |||
| CVE-2015-5610 | medium | — | 4.0 | 11y ago | The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central before 9.5.1.4514 uses the same password decryption key across different customers' installations, which makes it easier for remote … | |||
| CVE-2015-1984 | medium | — | 4.0 | 11y ago | IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to bypass intended access restrictions and read arbitrary pro… | |||
| CVE-2015-1982 | medium | — | 4.0 | 11y ago | IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to obtain sensitive information via a crafted request, which … | |||
| CVE-2015-1883 | medium | — | 4.0 | 11y ago | IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of … | |||
| CVE-2015-4773 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Hyperion Common Security component in Oracle Hyperion 11.1.2.2, 11.1.2.3, and 11.1.2.4 allows remote authenticated users to affect availability via unknown vectors re… | |||
| CVE-2015-4772 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. | |||
| CVE-2015-4768 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, and 6.3.7 allows remote au… | |||
| CVE-2015-4756 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability … | |||
| CVE-2015-4752 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S. | |||
| CVE-2015-4746 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0.0.7, 6.1.0.3, 6.1.1.5, and 6.2.0.0 allows remote authenticat… | |||
| CVE-2015-4743 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 allows remote authenticated users to affect confidentiality via unknown vectors related to AD Util… | |||
| CVE-2015-4738 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise HCM Candidate Gateway component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via unknow… | |||
| CVE-2015-4729 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment. | |||
| CVE-2015-4728 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Sourcing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via unknow… | |||
| CVE-2015-2657 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, and 6.3.0 through 6.3.7 allows remote authenticated users to affect confide… | |||
| CVE-2015-2650 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vector… | |||
| CVE-2015-2648 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||
| CVE-2015-2643 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. |