CVEs from 2015
Total
7,261
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3239 | low | — | 3.3 | 11y ago | Off-by-one error in the dwarf_to_unw_regnum function in include/dwarf_i.h in libunwind 1.1 allows local users to have unspecified impact via invalid dwarf opcodes. | |||
| CVE-2015-3787 | low | — | 3.3 | 11y ago | The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote attackers to cause a denial of service via malformed Bluetooth ACL packets. | |||
| CVE-2015-3778 | low | — | 3.3 | 11y ago | bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 n… | |||
| CVE-2015-5961 | low | — | 3.3 | 11y ago | The COPPA error page in the Accounts setup dialog in Mozilla Firefox OS before 2.2 embeds content from an external web server URL into the System process, which allows man-in-the-middle attackers to … | |||
| CVE-2015-4788 | low | — | 3.3 | 11y ago | Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect integrity and availability via unknown … | |||
| CVE-2015-4779 | low | — | 3.3 | 11y ago | Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect integrity and availability via unknown … | |||
| CVE-2015-4774 | low | — | 3.3 | 11y ago | Unspecified vulnerability in the Data Store component in Oracle Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35 allows local users to affect integrity and availability via unknown … | |||
| CVE-2015-2374 | low | — | 3.3 | 11y ago | The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Server 2008 SP2 and R2 SP1, and Windows Server 2012 Gold and R2 does not properly implement domain-controller communicati… | |||
| CVE-2015-4033 | low | — | 3.3 | 11y ago | Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000. | |||
| CVE-2015-2922 | low | — | 3.3 | 11y ago | The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigu… | |||
| CVE-2015-0453 | low | — | 3.3 | 11y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via vectors related to PORTA… | |||
| CVE-2015-0998 | low | — | 3.3 | 11y ago | Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 transmit cleartext credentials, which allows remote attackers to obtain s… | |||
| CVE-2015-1044 | low | — | 3.3 | 12y ago | vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of se… | |||
| CVE-2015-1043 | low | — | 3.3 | 12y ago | The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware Fusion 6.x before 6.0.5 and 7.x before 7.0.1 allows guest OS users to cause a gu… | |||
| CVE-2015-0429 | low | — | 3.3 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility. | |||
| CVE-2015-5011 | low | — | 3.2 | 11y ago | IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 before 9.0.0.4 do not check authorization for MQSISTARTMSGFLOW and MQSISTOPMSGFLOW commands, which allows local users to bypass int… | |||
| CVE-2015-0427 | low | — | 3.2 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSV… | |||
| CVE-2015-5070 | low | 3.1 | 3.1 | 9y ago | The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insens… | |||
| CVE-2015-7561 | low | 3.1 | 3.1 | 9y ago | Kubernetes in OpenShift3 Access Control Misconfiguration in k8s.io/kubernetes | |||
| CVE-2015-4078 | low | 3.1 | 3.1 | 9y ago | Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data v… | |||
| CVE-2015-7490 | low | 3.1 | 3.1 | 10y ago | IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, 9.1 through 9.1.2.0, 11.3 through 11.3.1.2, and 11.5 allows remote authenticated users to bypass intended access restrictions via a… | |||
| CVE-2015-7455 | low | 3.1 | 3.1 | 10y ago | IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF20, and 8.5.x before 8.5.0.0 CF09 uses weak permissions for content items, which allows remote authenticated users to make modifi… | |||
| CVE-2015-7466 | low | 3.1 | 3.1 | 11y ago | Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass int… | |||
| CVE-2015-8481 | low | 3.1 | 3.1 | 11y ago | Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA Service Desk 3.0.3 installer attaches the wrong image to e-mail notifications when a user views an issue with inline wiki markup r… | |||
| CVE-2015-6641 | low | 3.1 | 3.1 | 11y ago | Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. | |||
| CVE-2015-6102 | low | — | 3.1 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and… | |||
| CVE-2015-4077 | low | — | 3.1 | 11y ago | The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) mdare64_52.sys drivers in Fortinet FortiClient before 5.2.4 allow local users to read arbitrary kernel memory via a 0x22608C io… | |||
| CVE-2015-2433 | low | — | 3.1 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows l… | |||
| CVE-2015-3245 | low | — | 3.1 | 11y ago | Incomplete blacklist vulnerability in the chfn function in libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, allows local users to cause a de… | |||
| CVE-2015-1680 | low | — | 3.1 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Window… | |||
| CVE-2015-1679 | low | — | 3.1 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Window… | |||
| CVE-2015-1678 | low | — | 3.1 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Window… | |||
| CVE-2015-1677 | low | — | 3.1 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Window… | |||
| CVE-2015-1676 | low | — | 3.1 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Window… | |||
| CVE-2015-8801 | low | 2.9 | 2.9 | 10y ago | Race condition in the client in Symantec Endpoint Protection (SEP) 12.1 before RU6 MP5 allows local users to bypass intended restrictions on USB file transfer by conducting filesystem operations befo… | |||
| CVE-2015-4640 | low | — | 2.9 | 11y ago | The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attack… | |||
| CVE-2015-3340 | low | — | 2.9 | 11y ago | Xen 4.2.x through 4.5.x does not initialize certain fields, which allows certain remote service domains to obtain sensitive information from memory via a (1) XEN_DOMCTL_gettscinfo or (2) XEN_SYSCTL_g… | |||
| CVE-2015-0010 | low | — | 2.9 | 12y ago | The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 an… | |||
| CVE-2015-7494 | low | 2.8 | 2.8 | 9y ago | A vulnerability has been identified in IBM Cloud Orchestrator services/[action]/launch API. An authenticated domain admin user might modify cross domain resources via a /services/[action]/launch API … | |||
| CVE-2015-4836 | low | — | 2.8 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, and 5.6.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : SP. | |||
| CVE-2015-2566 | low | — | 2.8 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier allows remote authenticated users to affect availability via vectors related to DML. | |||
| CVE-2015-0511 | low | — | 2.8 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : SP. | |||
| CVE-2015-2115 | low | — | 2.7 | 11y ago | Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows remote authenticated users to obtain sensitive information … | |||
| CVE-2015-4961 | low | 2.6 | 2.6 | 10y ago | IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A b… | |||
| CVE-2015-4926 | low | — | 2.6 | 11y ago | Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect integrity via vectors related to UIX. | |||
| CVE-2015-8577 | low | — | 2.6 | 11y ago | The Buffer Overflow Protection (BOP) feature in McAfee VirusScan Enterprise before 8.8 Patch 6 allocates memory with Read, Write, Execute (RWX) permissions at predictable addresses on 32-bit platform… | |||
| CVE-2015-7094 | low | — | 2.6 | 11y ago | CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 allows man-in-the-middle attackers to bypass the HSTS protection mechanism via a crafted URL. | |||
| CVE-2015-7046 | low | — | 2.6 | 11y ago | The Sandbox feature in xnu in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 does not properly implement privilege separation, which allows attackers to bypass the… | |||
| CVE-2015-6627 | low | — | 2.6 | 11y ago | The Audio component in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to obtain sensitive information via a crafted audio file, as demonstrated by obtaining Signature o… | |||
| CVE-2015-5281 | low | — | 2.6 | 11y ago | The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) 7, when used on UEFI systems, allows local users to bypass intended Secure Boot restrictions and execute non-verified code via a … | |||
| CVE-2015-8035 | low | — | 2.6 | 11y ago | The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly detect compression errors, which allows context-dependent attackers to cause a denial of service (process hang) via crafted XML da… | |||
| CVE-2015-8233 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject … | |||
| CVE-2015-7412 | low | — | 2.6 | 11y ago | The GatewayScript modules on IBM DataPower Gateways with software 7.2.0.x before 7.2.0.1, when the GatewayScript decryption API or a JWE decrypt action is enabled, do not require signed ciphertext da… | |||
| CVE-2015-5667 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module before 0.15 for Perl, when the comment feature is enabled, allows remote attackers to inject arbitrary web script or HTML via a cr… | |||
| CVE-2015-4456 | low | — | 2.6 | 11y ago | ownCloud Desktop Client before 1.8.2 does not call QNetworkReply::ignoreSslErrors with the list of errors to be ignored, which allows man-in-the-middle attackers to bypass the user's certificate dist… | |||
| CVE-2015-4812 | low | — | 2.6 | 11y ago | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to OSSL Module. | |||
| CVE-2015-4508 | low | — | 2.6 | 11y ago | Mozilla Firefox before 41.0, when reader mode is enabled, allows remote attackers to spoof the relationship between address-bar URLs and web content via a crafted web site. | |||
| CVE-2015-7304 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data. | |||
| CVE-2015-5907 | low | — | 2.6 | 11y ago | WebKit in Apple iOS before 9 allows man-in-the-middle attackers to conduct redirection attacks by leveraging the mishandling of the resource cache of an SSL web site with an invalid X.509 certificate. | |||
| CVE-2015-7232 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in unspecified administration pages in the OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF Ontology module is enabled, allows remote attackers to i… | |||
| CVE-2015-6921 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inje… | |||
| CVE-2015-2987 | low | — | 2.6 | 11y ago | Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, which makes it easier for attackers to obtain plaintext data via differential cryptanalysis of a file with an original length smal… | |||
| CVE-2015-5514 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary w… | |||
| CVE-2015-2476 | low | — | 2.6 | 11y ago | The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 supports SSL … | |||
| CVE-2015-4744 | low | — | 2.6 | 11y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, … | |||
| CVE-2015-2627 | low | — | 2.6 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to installation. | |||
| CVE-2015-2625 | low | — | 2.6 | 11y ago | Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; JRockit R28.3.6; and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality via vectors related to JSSE. | |||
| CVE-2015-4388 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the Current Search Links module 7.x-1.x before 7.x-1.1 for Drupal, when the "Append the keywords passed by the user to the list" option is disabled, allows… | |||
| CVE-2015-4387 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in unspecified administration pages in the Password Policy module 6.x-1.x before 6.x-1.11 and 7.x-1.x before 7.x-1.11 for Drupal, when a site has a policy tha… | |||
| CVE-2015-4346 | low | — | 2.6 | 11y ago | Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the "Send to phone" submodule is enabled, allows remote attackers to inject arbitrary web … | |||
| CVE-2015-4171 | low | — | 2.6 | 11y ago | strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client before 1.4.6, when using EAP or pre-shared keys for authenticating an IKEv2 connection, does not enforce server authentication rest… | |||
| CVE-2015-3455 | low | — | 2.6 | 11y ago | Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.50… | |||
| CVE-2015-0504 | low | — | 2.6 | 11y ago | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Er… | |||
| CVE-2015-1648 | low | — | 2.6 | 11y ago | ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the customErrors configuration is disabled, allows remote attackers to obtain sensitive configuration-… | |||
| CVE-2015-1787 | low | — | 2.6 | 11y ago | The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client authentication and an ephemeral Diffie-Hellman ciphersuite are enabled, allows remote attackers to c… | |||
| CVE-2015-0820 | low | — | 2.6 | 11y ago | Mozilla Firefox before 36.0 does not properly restrict transitions of JavaScript objects from a non-extensible state to an extensible state, which allows remote attackers to bypass a Caja Compiler sa… | |||
| CVE-2015-2047 | low | — | 2.6 | 11y ago | The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39, and 4.6.0 through 4.6.18, when configured for the frontend, allows remote attackers to bypass authenti… | |||
| CVE-2015-7755 | unknown | — | 2.5 | 8mo ago | Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device. | |||
| CVE-2015-2291 | unknown | — | 2.5 | 3y ago | Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS). | |||
| CVE-2015-4495 | unknown | — | 2.5 | 4y ago | Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. | |||
| CVE-2015-0016 | unknown | — | 2.5 | 4y ago | Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges. | |||
| CVE-2015-1427 | unknown | — | 2.5 | 4y ago | The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. | |||
| CVE-2015-5122 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | |||
| CVE-2015-3113 | unknown | — | 2.5 | 4y ago | Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-0313 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-0311 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-2426 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. | |||
| CVE-2015-2419 | unknown | — | 2.5 | 4y ago | JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2015-1187 | unknown | — | 2.5 | 4y ago | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. | |||
| CVE-2015-3035 | unknown | — | 2.5 | 4y ago | Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. | |||
| CVE-2015-1701 | unknown | — | 2.5 | 4y ago | An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges. | |||
| CVE-2015-7645 | unknown | — | 2.5 | 4y ago | Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file. | |||
| CVE-2015-5119 | unknown | — | 2.5 | 4y ago | A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution. | |||
| CVE-2015-3043 | unknown | — | 2.5 | 4y ago | A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution. | |||
| CVE-2015-1635 | unknown | — | 2.5 | 4y ago | Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution. | |||
| CVE-2015-2051 | unknown | — | 2.5 | 4y ago | D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |||
| CVE-2015-1130 | unknown | — | 2.5 | 4y ago | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. | |||
| CVE-2015-7450 | unknown | — | 2.5 | 4y ago | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands | |||
| CVE-2015-4852 | unknown | — | 2.5 | 5y ago | Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution. | |||
| CVE-2015-7473 | low | 2.5 | 2.5 | 10y ago | runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to bypass intended queue-manager command access restrictions by leveraging authority for +connect and +dsp. |