CVEs from 2015
Total
7,261
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-4214 | medium | — | 4.0 | 11y ago | Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050. | |||
| CVE-2015-4213 | medium | — | 4.0 | 11y ago | Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated users to discover cleartext passwords by leveraging the existence of a decryption mechanism, aka Bug ID CSCuu84391. | |||
| CVE-2015-3231 | medium | — | 4.0 | 11y ago | The Render cache system in Drupal 7.x before 7.38, when used to cache content by user role, allows remote authenticated users to obtain private content viewed by user 1 by reading the cache. | |||
| CVE-2015-4195 | medium | — | 4.0 | 11y ago | Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a denial of service (vty error, and SSH and TELNET outage) via a crafted disconnect action within an SSH session, aka Bug ID CSCul6… | |||
| CVE-2015-4389 | medium | — | 4.0 | 11y ago | The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not properly check the create permission for content types created during import, which allows remote authenticated users to bypass i… | |||
| CVE-2015-0112 | medium | — | 4.0 | 11y ago | Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1, 4.x before 4.0.7 IF5, and 5.x before 5.0.2 IF4; Rational Quality Manager (RQM) 2.0 through 2.0.1, 3… | |||
| CVE-2015-0760 | medium | — | 4.0 | 11y ago | The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCu… | |||
| CVE-2015-4162 | medium | — | 4.0 | 11y ago | XML external entity (XXE) vulnerability in the management interface in PAN-OS before 5.0.16, 6.x before 6.0.8, and 6.1.x before 6.1.4 allows remote authenticated administrators to obtain sensitive in… | |||
| CVE-2015-3181 | medium | — | 4.0 | 11y ago | Moodle allows attackers to bypass file-management restrictions | |||
| CVE-2015-3180 | medium | — | 4.0 | 11y ago | Moodle allows attackers to obtain sensitive course-structure information | |||
| CVE-2015-2272 | medium | — | 4.0 | 11y ago | Moodle allows attackers to bypass a forced-password-change requirement | |||
| CVE-2015-2271 | medium | — | 4.0 | 11y ago | Moodle does not consider the moodle/tag:flag capability | |||
| CVE-2015-2267 | medium | — | 4.0 | 11y ago | Moodle allows attackers to extract archives to arbitrary directories | |||
| CVE-2015-2266 | medium | — | 4.0 | 11y ago | Moodle allows attackers to obtain sensitive personal-contact and unread-message-count information | |||
| CVE-2015-0215 | medium | — | 4.0 | 11y ago | Moodle allows attackers to obtain sensitive calendar-event information | |||
| CVE-2015-0214 | medium | — | 4.0 | 11y ago | Moodle allows attackers to bypass a messaging-disabled setting | |||
| CVE-2015-0211 | medium | — | 4.0 | 11y ago | Moodle allows attackers to obtain sensitive information | |||
| CVE-2015-0758 | medium | — | 4.0 | 11y ago | The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with a… | |||
| CVE-2015-3995 | medium | — | 4.0 | 11y ago | SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to read arbitrary files via an IMPORT FROM SQL statement, aka SAP Security Note 2109565. | |||
| CVE-2015-3994 | medium | — | 4.0 | 11y ago | The grant.xsfunc application in testApps/grantAccess/ in the XS Engine in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to spoof log entries via a crafted request, ak… | |||
| CVE-2015-1551 | medium | — | 4.0 | 11y ago | Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors. | |||
| CVE-2015-2118 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Secure Pull Print and Security Pull Print components in HP Access Control (AC) Software 12.x through 14.x before 14.1.2 allows remote authenticated users to obtain se… | |||
| CVE-2015-0169 | medium | — | 4.0 | 11y ago | IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before 3.1.0.4, and 3.1.1 before 3.1.1.2 allows remote authenticated users to inject arguments via unspecified vectors. | |||
| CVE-2015-0189 | medium | — | 4.0 | 11y ago | The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 and 8.0 before 8.0.0.2 allows remote authenticated administrators to cause a denial of service (memory overwrite and daemon outag… | |||
| CVE-2015-0739 | medium | — | 4.0 | 11y ago | The Lights-Out Management (LOM) implementation in Cisco FireSIGHT System Software 5.3.0 on Sourcefire 3D Sensor devices allows remote authenticated users to perform arbitrary Baseboard Management Con… | |||
| CVE-2015-2346 | medium | — | 4.0 | 11y ago | XML external entity (XXE) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote authenticated users to read arbitrary files via the req parameter. | |||
| CVE-2015-3646 | medium | — | 4.0 | 11y ago | OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and othe… | |||
| CVE-2015-1907 | medium | — | 4.0 | 11y ago | The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7 allows remote authenticated users to read cookies via unspecified vectors. | |||
| CVE-2015-0174 | medium | — | 4.0 | 11y ago | The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive informati… | |||
| CVE-2015-3404 | medium | — | 4.0 | 11y ago | The Certify module before 6.x-2.3 for Drupal does not properly perform node access checks, which allows remote authenticated users to bypass intended access restrictions and obtain sensitive PDF cert… | |||
| CVE-2015-3379 | medium | — | 4.0 | 11y ago | The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to the default views configurations, which allows remote authenticat… | |||
| CVE-2015-2573 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. | |||
| CVE-2015-2571 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer. | |||
| CVE-2015-0508 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability … | |||
| CVE-2015-0503 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. | |||
| CVE-2015-0500 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors. | |||
| CVE-2015-0496 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via vectors relate… | |||
| CVE-2015-0487 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via vectors related to P… | |||
| CVE-2015-0483 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown … | |||
| CVE-2015-0479 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the XDK and XDB - XML Database component in Oracle Database Server 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect availability via unknown v… | |||
| CVE-2015-0475 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the JD Edwards EnterpriseOne Technology component in Oracle JD Edwards Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors relate… | |||
| CVE-2015-0465 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authentic… | |||
| CVE-2015-0463 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated … | |||
| CVE-2015-0462 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authentic… | |||
| CVE-2015-0441 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Security … | |||
| CVE-2015-0439 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : InnoDB, a different vulnerability … | |||
| CVE-2015-0438 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. | |||
| CVE-2015-0433 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML. | |||
| CVE-2015-0423 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||
| CVE-2015-0405 | medium | — | 4.0 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via unknown vectors related to XA. | |||
| CVE-2015-3293 | medium | — | 4.0 | 11y ago | FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the "diag debug application httpd" command. | |||
| CVE-2015-1099 | medium | — | 4.0 | 11y ago | Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to cause a denial of service via a… | |||
| CVE-2015-3030 | medium | — | 4.0 | 11y ago | The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote authenticated users to obtain sensitive configuration information via unspecified vectors. | |||
| CVE-2015-3029 | medium | — | 4.0 | 11y ago | The web interface in McAfee Advanced Threat Defense (MATD) before 3.4.4.63 does not properly restrict access, which allows remote authenticated users to obtain sensitive information via unspecified v… | |||
| CVE-2015-0251 | medium | — | 4.0 | 11y ago | The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences. | |||
| CVE-2015-0994 | medium | — | 4.0 | 11y ago | Inductive Automation Ignition 7.7.2 allows remote authenticated users to bypass a brute-force protection mechanism by using different session ID values in a series of HTTP requests. | |||
| CVE-2015-0683 | medium | — | 4.0 | 11y ago | Cisco Unified Communications Domain Manager 8.1(4) allows remote authenticated users to obtain sensitive information via a file-inclusion attack, aka Bug ID CSCup94744. | |||
| CVE-2015-2684 | medium | — | 4.0 | 11y ago | Shibboleth Service Provider (SP) before 2.5.4 allows remote authenticated users to cause a denial of service (crash) via a crafted SAML message. | |||
| CVE-2015-0680 | medium | — | 4.0 | 11y ago | Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly restrict resource requests, which allows remote authenticated users to read arbitrary files via unspecified vectors, aka Bug ID CSCuq4… | |||
| CVE-2015-2757 | medium | — | 4.0 | 11y ago | The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3 Patch 4 Hotfix 16 (9.3.416.4) allows remote authenticated users to cause a denial of service (database lock or license corr… | |||
| CVE-2015-0673 | medium | — | 4.0 | 11y ago | Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote authenticated users to discover the passwords of arbitrary users by (1) reading log files or (2) using an unspecified GUI feature, aka Bu… | |||
| CVE-2015-0271 | medium | — | 4.0 | 11y ago | The log-viewing function in the Red Hat redhat-access-plugin before 6.0.3 for OpenStack Dashboard (horizon) allows remote attackers to read arbitrary files via a crafted path. | |||
| CVE-2015-0661 | medium | — | 4.0 | 11y ago | The SNMPv2 implementation in Cisco IOS XR allows remote authenticated users to cause a denial of service (snmpd daemon reload) via a malformed SNMP packet, aka Bug ID CSCur25858. | |||
| CVE-2015-0620 | medium | — | 4.0 | 11y ago | The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via P… | |||
| CVE-2015-1618 | medium | — | 4.0 | 11y ago | The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. | |||
| CVE-2015-1613 | medium | — | 4.0 | 11y ago | RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method. | |||
| CVE-2015-0260 | medium | — | 4.0 | 11y ago | RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated users to obtain API keys and other sensitive information via the get_repo API method. | |||
| CVE-2015-1608 | medium | — | 4.0 | 11y ago | Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive crede… | |||
| CVE-2015-0517 | medium | — | 4.0 | 12y ago | The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log files, which allows remote authenticat… | |||
| CVE-2015-1456 | medium | — | 4.0 | 12y ago | Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/. | |||
| CVE-2015-0432 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. | |||
| CVE-2015-0422 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated us… | |||
| CVE-2015-0417 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal F… | |||
| CVE-2015-0415 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Ses… | |||
| CVE-2015-0409 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | |||
| CVE-2015-0401 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 and 11.1.1.7 allows remote authenticated users to affect integrity via unknown ve… | |||
| CVE-2015-0399 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.2 and 11.1.1.7 allows remote authenticated users to affect confidential… | |||
| CVE-2015-0398 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Clinica… | |||
| CVE-2015-0394 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vector… | |||
| CVE-2015-0391 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. | |||
| CVE-2015-0388 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal F… | |||
| CVE-2015-0387 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Sec… | |||
| CVE-2015-0363 | medium | — | 4.0 | 12y ago | Unspecified vulnerability in the Siebel Core EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Bus… | |||
| CVE-2015-7755 | unknown | — | 2.5 | 8mo ago | Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device. | |||
| CVE-2015-2291 | unknown | — | 2.5 | 3y ago | Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS). | |||
| CVE-2015-4495 | unknown | — | 2.5 | 4y ago | Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. | |||
| CVE-2015-0016 | unknown | — | 2.5 | 4y ago | Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges. | |||
| CVE-2015-1427 | unknown | — | 2.5 | 4y ago | The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. | |||
| CVE-2015-3113 | unknown | — | 2.5 | 4y ago | Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-0311 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-5122 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | |||
| CVE-2015-0313 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-2426 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. | |||
| CVE-2015-2419 | unknown | — | 2.5 | 4y ago | JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2015-3035 | unknown | — | 2.5 | 4y ago | Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. | |||
| CVE-2015-1187 | unknown | — | 2.5 | 4y ago | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. | |||
| CVE-2015-5119 | unknown | — | 2.5 | 4y ago | A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution. | |||
| CVE-2015-7645 | unknown | — | 2.5 | 4y ago | Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file. | |||
| CVE-2015-1701 | unknown | — | 2.5 | 4y ago | An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges. | |||
| CVE-2015-3043 | unknown | — | 2.5 | 4y ago | A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution. |