CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1138 | medium | — | 4.9 | 11y ago | Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecified vectors. | |||
| CVE-2015-2756 | medium | — | 4.9 | 11y ago | QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict access to PCI command registers, which might allow local HVM guest users to cause a denial of service (non-maskable interrupt and … | |||
| CVE-2015-2752 | medium | — | 4.9 | 11y ago | The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, when using a PCI passthrough device, is not preemptible, which allows local x86 HVM domain users to cause a denial of service (host… | |||
| CVE-2015-0199 | medium | — | 4.9 | 11y ago | The mmfslinux kernel module in IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 before 3.5.0.24, and 4.1 before 4.1.0.7 allows local users to cause a denial of service (memory corrupt… | |||
| CVE-2015-2150 | medium | — | 4.9 | 11y ago | Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest OS users to cause a denial of service (non-maskable… | |||
| CVE-2015-0268 | medium | — | 4.9 | 12y ago | The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when running on ARM hardware with general interrupt controller (GIC) version 2, allows local guest users to cause a denial of service (… | |||
| CVE-2015-0606 | medium | — | 4.9 | 12y ago | The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. | |||
| CVE-2015-1377 | medium | — | 4.9 | 12y ago | The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. | |||
| CVE-2015-1457 | medium | — | 4.9 | 12y ago | Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the dig command. | |||
| CVE-2015-0428 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control. | |||
| CVE-2015-0371 | medium | — | 4.9 | 12y ago | Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity and availability via u… | |||
| CVE-2015-2148 | medium | 4.8 | 4.8 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters. | |||
| CVE-2015-2144 | medium | 4.8 | 4.8 | 9y ago | Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) project name paramet… | |||
| CVE-2015-9230 | medium | 4.8 | 4.8 | 9y ago | In the admin/db-backup-security/db-backup-security.php page in the BulletProof Security plugin before .52.5 for WordPress, XSS is possible for remote authenticated administrators via the DBTablePrefi… | |||
| CVE-2015-9229 | medium | 4.8 | 4.8 | 9y ago | In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery plugin 2.1.15 for WordPress, XSS is possible for remote authenticated administrators via the images[1][alttext] parameter. | |||
| CVE-2015-3161 | medium | 4.8 | 4.8 | 9y ago | The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape </script> tags in string literals when producing JSON. | |||
| CVE-2015-8140 | medium | 4.8 | 4.8 | 10y ago | The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to conduct replay attacks by sniffing the network. | |||
| CVE-2015-6295 | medium | — | 4.8 | 11y ago | Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices allows remote attackers to cause a denial of service (CPU consumption or control-plane instability) or trigger unintended traffic f… | |||
| CVE-2015-3774 | medium | — | 4.8 | 11y ago | The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, which allows man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modif… | |||
| CVE-2015-5521 | medium | 4.8 | 4.8 | 11y ago | Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the name in a new group to backend/groups/index.php. | |||
| CVE-2015-3728 | medium | — | 4.8 | 11y ago | The WiFi Connectivity feature in Apple iOS before 8.4 allows remote Wi-Fi access points to trigger an automatic association, with an arbitrary security type, by operating with a recognized ESSID with… | |||
| CVE-2015-0296 | medium | 4.7 | 4.7 | 9y ago | The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged in Fedora 21 and rpm, and texlive 6.20131226_r32488.fc20 and rpm allows local users to delete arbitrary files via a crafted file… | |||
| CVE-2015-3248 | medium | 4.7 | 4.7 | 9y ago | openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hostin… | |||
| CVE-2015-7553 | medium | 4.7 | 4.7 | 9y ago | Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt and Red Hat Enterprise MRG 2, when the nfnetlink_log module is loaded, allows local users to cause a denial of service (panic) by… | |||
| CVE-2015-2687 | medium | 4.7 | 4.7 | 9y ago | OpenStack Compute (nova) Icehouse, Juno and Havana when live migration fails allows local users to access VM volumes that they would normally not have permissions for. | |||
| CVE-2015-3142 | medium | 4.7 | 4.7 | 9y ago | The kernel-invoked coredump processor in Automatic Bug Reporting Tool (ABRT) does not properly check the ownership of files before writing core dumps to them, which allows local users to obtain sensi… | |||
| CVE-2015-7493 | medium | 4.7 | 4.7 | 10y ago | IBM InfoSphere Information Server could allow a local user under special circumstances to execute commands during installation processes that could expose sensitive information. | |||
| CVE-2015-4170 | medium | 4.7 | 4.7 | 10y ago | Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_do… | |||
| CVE-2015-7328 | medium | 4.7 | 4.7 | 11y ago | Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and 2015.2.x before 2015.2.3 uses world-readable permissions for the private key of the Certification Authority (CA) certificate during th… | |||
| CVE-2015-8508 | medium | 4.7 | 4.7 | 11y ago | Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot conf… | |||
| CVE-2015-7438 | medium | 4.7 | 4.7 | 11y ago | IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive cleartext web-services information by leveraging database access. | |||
| CVE-2015-8340 | medium | — | 4.7 | 11y ago | The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly release locks, which might allow guest OS administrators to cause a denial of service (deadlock or host cr… | |||
| CVE-2015-8339 | medium | — | 4.7 | 11y ago | The memory_exchange function in common/memory.c in Xen 3.2.x through 4.6.x does not properly hand back pages to a domain, which might allow guest OS administrators to cause a denial of service (host … | |||
| CVE-2015-7814 | medium | — | 4.7 | 11y ago | Race condition in the relinquish_memory function in arch/arm/domain.c in Xen 4.6.x and earlier allows local domains with partial management control to cause a denial of service (host crash) via vecto… | |||
| CVE-2015-5283 | medium | — | 4.7 | 11y ago | The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic… | |||
| CVE-2015-5914 | medium | — | 4.7 | 11y ago | The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted cod… | |||
| CVE-2015-2453 | medium | — | 4.7 | 11y ago | The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT… | |||
| CVE-2015-4167 | medium | — | 4.7 | 11y ago | The udf_read_inode function in fs/udf/inode.c in the Linux kernel before 3.19.1 does not validate certain length values, which allows local users to cause a denial of service (incorrect data represen… | |||
| CVE-2015-0011 | medium | — | 4.7 | 12y ago | mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windo… | |||
| CVE-2015-6839 | medium | 4.6 | 4.6 | 9y ago | The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted R… | |||
| CVE-2015-7846 | medium | 4.6 | 4.6 | 9y ago | Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information. | |||
| CVE-2015-8324 | medium | 4.6 | 4.6 | 10y ago | The ext4 implementation in the Linux kernel before 2.6.34 does not properly track the initialization of certain data structures, which allows physically proximate attackers to cause a denial of servi… | |||
| CVE-2015-8512 | medium | 4.6 | 4.6 | 11y ago | The lockscreen feature in Mozilla Firefox OS before 2.5 does not properly restrict failed authentication attempts, which makes it easier for physically proximate attackers to obtain access by enterin… | |||
| CVE-2015-7062 | medium | — | 4.6 | 11y ago | Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to bypass intended configuration-profile installation restrictions via unspecified vectors. | |||
| CVE-2015-7057 | medium | — | 4.6 | 11y ago | otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7049. | |||
| CVE-2015-7049 | medium | — | 4.6 | 11y ago | otools in Apple Xcode before 7.2 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted mach-o file, a different vulnerability than CVE-2015-7057. | |||
| CVE-2015-1342 | medium | — | 4.6 | 11y ago | LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain privileges by (1) querying or (2) updating a cgroup. | |||
| CVE-2015-0856 | medium | — | 4.6 | 11y ago | daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the KDE crash handler, which allows local users to gain privileges by crashing a greeter when using certain themes, as demonstrated … | |||
| CVE-2015-8222 | medium | — | 4.6 | 11y ago | The lxd-unix.socket systemd unit file in the Ubuntu lxd package before 0.20-0ubuntu4.1 uses world-readable permissions for /var/lib/lxd/unix.socket, which allows local users to gain privileges via un… | |||
| CVE-2015-4625 | medium | — | 4.6 | 11y ago | Integer overflow in the authentication_agent_new_cookie function in PolicyKit (aka polkit) before 0.113 allows local users to gain privileges by creating a large number of connections, which triggers… | |||
| CVE-2015-3256 | medium | — | 4.6 | 11y ago | PolicyKit (aka polkit) before 0.113 allows local users to cause a denial of service (memory corruption and polkitd daemon crash) and possibly gain privileges via unspecified vectors, related to "java… | |||
| CVE-2015-3255 | medium | — | 4.6 | 11y ago | The polkit_backend_action_pool_init function in polkitbackend/polkitbackendactionpool.c in PolicyKit (aka polkit) before 0.113 might allow local users to gain privileges via duplicate action IDs in a… | |||
| CVE-2015-4907 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnera… | |||
| CVE-2015-4891 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to NSCD. | |||
| CVE-2015-4879 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, and 5.6.25 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors relat… | |||
| CVE-2015-5707 | medium | — | 4.6 | 11y ago | Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other … | |||
| CVE-2015-1810 | medium | — | 4.6 | 11y ago | Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation | |||
| CVE-2015-6333 | medium | — | 4.6 | 11y ago | Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076. | |||
| CVE-2015-5897 | medium | — | 4.6 | 11y ago | The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework. | |||
| CVE-2015-5442 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in HP Software Update before 5.005.002.002 allows local users to gain privileges via unknown vectors. | |||
| CVE-2015-5426 | medium | — | 4.6 | 11y ago | Unspecified vulnerability in HP LoadRunner Controller before 12.50 allows local users to gain privileges via unknown vectors, aka ZDI-CAN-2756. | |||
| CVE-2015-6745 | medium | — | 4.6 | 11y ago | Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to enforce account locking, which allows local users to bypass that security mechanism by deleting the entry from the locking table. NO… | |||
| CVE-2015-5706 | medium | — | 4.6 | 11y ago | Use-after-free vulnerability in the path_openat function in fs/namei.c in the Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a denial of service or possibly have unspecified other … | |||
| CVE-2015-3759 | medium | — | 4.6 | 11y ago | Location Framework in Apple iOS before 8.4.1 allows local users to bypass intended restrictions on filesystem modification via a symlink. | |||
| CVE-2015-4482 | medium | — | 4.6 | 11y ago | mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name o… | |||
| CVE-2015-3286 | medium | — | 4.6 | 11y ago | Buffer overflow in the Solaris kernel extension in OpenAFS before 1.6.13 allows local users to cause a denial of service (panic or deadlock) or possibly have other unspecified impact via a large grou… | |||
| CVE-2015-1334 | medium | — | 4.6 | 11y ago | attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local container users to escape AppArmor or SELinux confinement by mounting a proc filesystem with a crafted (1… | |||
| CVE-2015-3957 | medium | — | 4.6 | 11y ago | Hospira LifeCare PCA Infusion System before 7.0 stores private keys and certificates, which has unspecified impact and attack vectors. | |||
| CVE-2015-4237 | medium | — | 4.6 | 11y ago | The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted cha… | |||
| CVE-2015-4232 | medium | — | 4.6 | 11y ago | Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users to execute arbitrary OS commands by entering crafted tar parameters in the CLI, aka Bug ID CSCus44856. | |||
| CVE-2015-3726 | medium | — | 4.6 | 11y ago | The Telephony subsystem in Apple iOS before 8.4 allows physically proximate attackers to execute arbitrary code via a crafted (1) SIM or (2) UIM card. | |||
| CVE-2015-1950 | medium | — | 4.6 | 11y ago | IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to the Python interpreter with nova credentials, which allows KVM guest OS users to discover certain Po… | |||
| CVE-2015-1959 | medium | — | 4.6 | 11y ago | IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 does not properly restrict encrypted f… | |||
| CVE-2015-3318 | medium | — | 4.6 | 11y ago | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA U… | |||
| CVE-2015-3317 | medium | — | 4.6 | 11y ago | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA U… | |||
| CVE-2015-3316 | medium | — | 4.6 | 11y ago | CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2; CA NSM Job Management Option r11.0, r11.1, and r11.2; CA U… | |||
| CVE-2015-4106 | medium | — | 4.6 | 11y ago | QEMU does not properly restrict write access to the PCI config space for certain PCI pass-through devices, which might allow local x86 HVM guests to gain privileges, cause a denial of service (host c… | |||
| CVE-2015-1322 | medium | — | 4.6 | 11y ago | Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.9.10.0-4ubuntu15.1, Ubuntu 14.10 before 0.9.8.8-0ubuntu28.1, and Ubuntu 14.04 LTS before 0.9.8.8-0u… | |||
| CVE-2015-2042 | medium | — | 4.6 | 11y ago | net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly hav… | |||
| CVE-2015-2041 | medium | — | 4.6 | 11y ago | net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or poss… | |||
| CVE-2015-1572 | medium | — | 4.6 | 11y ago | Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code by causing a crafted block group descriptor to be marked as d… | |||
| CVE-2015-0247 | medium | — | 4.6 | 12y ago | Heap-based buffer overflow in openfs.c in the libext2fs library in e2fsprogs before 1.42.12 allows local users to execute arbitrary code via crafted block group descriptor data in a filesystem image. | |||
| CVE-2015-0603 | medium | — | 4.6 | 12y ago | Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use weak permissions for unspecified files, which allows local users to cause a denial of service (persistent hang or reboot) by writing… | |||
| CVE-2015-0601 | medium | — | 4.6 | 12y ago | Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow local users to cause a denial of service (device reload) via crafted commands, aka Bug ID CSCup92790. | |||
| CVE-2015-0392 | medium | — | 4.6 | 12y ago | Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availa… | |||
| CVE-2015-7418 | medium | 4.4 | 4.4 | 10y ago | IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance allow some sensitive data to linger in memory instead of being overwritten which could allow a local user with administrator pri… | |||
| CVE-2015-7462 | medium | 4.4 | 4.4 | 10y ago | IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to discover cleartext certificate-keystore passwords within MQ trace output by leveraging administrator privileges to execute the mqcert… | |||
| CVE-2015-5208 | medium | 4.4 | 4.4 | 10y ago | Apache Cordova iOS before 4.0.0 allows remote attackers to execute arbitrary plugins via a link. | |||
| CVE-2015-8552 | medium | 4.4 | 4.4 | 10y ago | The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messag… | |||
| CVE-2015-2008 | medium | 4.4 | 4.4 | 11y ago | IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x before 7.2.6 includes SSH private keys during backup operations, which allows remote authenticated administrators to obtain sensitive … | |||
| CVE-2015-7509 | medium | 4.4 | 4.4 | 11y ago | fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a crafted no-journal filesystem, a related issue to CVE-2013-2015. | |||
| CVE-2015-7312 | medium | — | 4.4 | 11y ago | Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-aft… | |||
| CVE-2015-2642 | medium | — | 4.4 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gzip. | |||
| CVE-2015-2132 | medium | — | 4.4 | 11y ago | Unspecified vulnerability in the execve system-call implementation in HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain privileges via unknown vectors. | |||
| CVE-2015-1946 | medium | — | 4.4 | 11y ago | IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 before 7.0.0.6 for WebSphere Application Server (WAS) 7.0 and 8.0, does not properly implement user rol… | |||
| CVE-2015-3716 | medium | — | 4.4 | 11y ago | Spotlight in Apple OS X before 10.10.4 allows attackers to execute arbitrary commands via a crafted name of a photo file within the local photo library. | |||
| CVE-2015-2720 | medium | — | 4.4 | 11y ago | The update implementation in Mozilla Firefox before 38.0 on Windows does not ensure that the pathname for updater.exe corresponds to the application directory, which might allow local users to gain p… | |||
| CVE-2015-0471 | medium | — | 4.4 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign. | |||
| CVE-2015-1115 | medium | — | 4.4 | 11y ago | The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mechanism and access unintended telephone capabilities via a crafted app. | |||
| CVE-2015-0990 | medium | — | 4.4 | 11y ago | Untrusted search path vulnerability in Ecava IntegraXor SCADA Server before 4.2.4488 allows local users to gain privileges via a renamed DLL in the default install directory. |