| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2015-1000 | Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SSt... | | |
| CVE-2015-1001 | Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow... | | |
| CVE-2015-1002 | IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL encoding, which allows remote a... | | |
| CVE-2015-1003 | Directory traversal vulnerability in IniNet embeddedWebServer (aka eWebServer) before 2.02 allows re... | | |
| CVE-2015-1004 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1005 | IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE uses cleartext for password sto... | | |
| CVE-2015-1006 | A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic v... | M | |
| CVE-2015-1007 | A specially crafted configuration file could be used to cause a stack-based buffer overflow conditio... | | |
| CVE-2015-1008 | SQL injection vulnerability in Emerson AMS Device Manager before 13 allows remote authenticated user... | | |
| CVE-2015-1009 | Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition... | | |
| CVE-2015-1010 | Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does not properly encrypt credential... | | |
| CVE-2015-1011 | Hospira LifeCare PCA Infusion System before 7.0 has hardcoded credentials, which makes it easier for... | | |
| CVE-2015-1012 | Wireless keys are stored in plain text on version 5 of the Hospira LifeCare PCA Infusion System. Acc... | M | |
| CVE-2015-1013 | OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure that the PI SQL (AF) Trusted User... | | |
| CVE-2015-1014 | A successful exploit of these vulnerabilities requires the local user to load a crafted DLL file in ... | M | |
| CVE-2015-1015 | Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 ... | | |
| CVE-2015-1026 | Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ManageEngine ADManager Plus before 6.2 B... | E | |
| CVE-2015-1027 | The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vul... | E M | |
| CVE-2015-1028 | Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2730B router (rev C1) with firmwar... | E | |
| CVE-2015-1029 | The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x before 4.5.1 for Puppet 2.8.8 a... | | |
| CVE-2015-1030 | Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote ... | S | |
| CVE-2015-1031 | Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unsp... | S | |
| CVE-2015-1032 | Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remot... | E | |
| CVE-2015-1038 | p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.... | E | |
| CVE-2015-1039 | Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allo... | E | |
| CVE-2015-1040 | Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 al... | E | |
| CVE-2015-1041 | Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote a... | E M | |
| CVE-2015-1042 | The string_sanitize_url function in core/string_api.php in MantisBT 1.2.0a3 through 1.2.18 uses an i... | E | |
| CVE-2015-1043 | The Host Guest File System (HGFS) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before... | S | |
| CVE-2015-1044 | vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player... | S | |
| CVE-2015-1045 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1046 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1047 | vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attacke... | S | |
| CVE-2015-1048 | Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with... | | |
| CVE-2015-1049 | The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attack... | | |
| CVE-2015-1050 | Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6... | E | |
| CVE-2015-1051 | Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 fo... | S | |
| CVE-2015-1052 | Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT 1.6.6 (Build 160014) allows r... | E | |
| CVE-2015-1053 | Cross-site scripting (XSS) vulnerability in the administrative backend in Croogo before 2.2.1 allows... | E S | |
| CVE-2015-1054 | Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authe... | E | |
| CVE-2015-1055 | SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers ... | E | |
| CVE-2015-1056 | Cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW printer with firmware before L allow... | E | |
| CVE-2015-1057 | Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers t... | E | |
| CVE-2015-1058 | Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inje... | E | |
| CVE-2015-1059 | Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authentica... | E | |
| CVE-2015-1060 | Open redirect vulnerability in lib/Cake/Controller/Controller.php in AdaptCMS 3.0.3 allows remote at... | E | |
| CVE-2015-1061 | IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attack... | | |
| CVE-2015-1062 | MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 does not delete invalid disk-im... | | |
| CVE-2015-1063 | CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause a denial of service (NULL poi... | | |
| CVE-2015-1064 | Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended acti... | | |
| CVE-2015-1065 | Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 and Apple OS X through 10.10.2 ... | | |
| CVE-2015-1066 | Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute ar... | | |
| CVE-2015-1067 | Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 does n... | E | |
| CVE-2015-1068 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | | |
| CVE-2015-1069 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | | |
| CVE-2015-1070 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | | |
| CVE-2015-1071 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | | |
| CVE-2015-1072 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | | |
| CVE-2015-1073 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | | |
| CVE-2015-1074 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | | |
| CVE-2015-1075 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | | |
| CVE-2015-1076 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | | |
| CVE-2015-1077 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | S | |
| CVE-2015-1078 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | S | |
| CVE-2015-1079 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | S | |
| CVE-2015-1080 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | S | |
| CVE-2015-1081 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | S | |
| CVE-2015-1082 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | S | |
| CVE-2015-1083 | WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote ... | S | |
| CVE-2015-1084 | The user interface in WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before... | | |
| CVE-2015-1085 | AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation int... | | |
| CVE-2015-1086 | The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV before 7.2 does not properly valida... | | |
| CVE-2015-1087 | Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitra... | | |
| CVE-2015-1088 | CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly validate URLs, which a... | | |
| CVE-2015-1089 | CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not properly handle cookies dur... | | |
| CVE-2015-1090 | CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict Transport Security (HSTS) state inform... | | |
| CVE-2015-1091 | The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not prope... | | |
| CVE-2015-1092 | NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to... | | |
| CVE-2015-1093 | FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute ... | | |
| CVE-2015-1094 | IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensi... | | |
| CVE-2015-1095 | IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows physi... | | |
| CVE-2015-1096 | IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attac... | | |
| CVE-2015-1097 | IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensi... | | |
| CVE-2015-1098 | iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbit... | | |
| CVE-2015-1099 | Race condition in the setreuid system-call implementation in the kernel in Apple iOS before 8.3, App... | | |
| CVE-2015-1100 | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attack... | E | |
| CVE-2015-1101 | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attack... | | |
| CVE-2015-1102 | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not prop... | | |
| CVE-2015-1103 | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing... | | |
| CVE-2015-1104 | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not prop... | | |
| CVE-2015-1105 | The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple T... | | |
| CVE-2015-1106 | The QuickType feature in the Keyboards subsystem in Apple iOS before 8.3 allows physically proximate... | | |
| CVE-2015-1107 | The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature fo... | | |
| CVE-2015-1108 | The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect p... | | |
| CVE-2015-1109 | NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes i... | | |
| CVE-2015-1110 | The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 allows remote attackers to di... | | |
| CVE-2015-1111 | Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-cl... | | |
| CVE-2015-1112 | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as used on iOS before 8.3 and oth... | | |
| CVE-2015-1113 | The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone nu... | | |
| CVE-2015-1114 | The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to d... | | |
| CVE-2015-1115 | The Telephony component in Apple iOS before 8.3 allows attackers to bypass a sandbox protection mech... | | |
| CVE-2015-1116 | The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Tas... | | |
| CVE-2015-1117 | The (1) setreuid and (2) setregid system-call implementations in the kernel in Apple iOS before 8.3,... | | |
| CVE-2015-1118 | libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attack... | | |
| CVE-2015-1119 | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef... | S | |
| CVE-2015-1120 | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef... | | |
| CVE-2015-1121 | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef... | S | |
| CVE-2015-1122 | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef... | S | |
| CVE-2015-1123 | WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, allows remote attackers to execute ... | | |
| CVE-2015-1124 | WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and Apple Safari before 6.2.5, 7.x bef... | S | |
| CVE-2015-1125 | The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger... | | |
| CVE-2015-1126 | WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x bef... | | |
| CVE-2015-1127 | The private-browsing implementation in WebKit in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.... | | |
| CVE-2015-1128 | The private-browsing implementation in Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8... | | |
| CVE-2015-1129 | Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does not properly select X.509 cli... | | |
| CVE-2015-1130 | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass ... | KEV E | |
| CVE-2015-1131 | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privilege... | E | |
| CVE-2015-1132 | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privilege... | E | |
| CVE-2015-1133 | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privilege... | E | |
| CVE-2015-1134 | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privilege... | E | |
| CVE-2015-1135 | fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privilege... | E | |
| CVE-2015-1136 | Use-after-free vulnerability in CoreAnimation in Apple OS X before 10.10.3 allows remote attackers t... | E | |
| CVE-2015-1137 | The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cau... | E | |
| CVE-2015-1138 | Hypervisor in Apple OS X before 10.10.3 allows local users to cause a denial of service via unspecif... | E | |
| CVE-2015-1139 | ImageIO in Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a de... | E | |
| CVE-2015-1140 | Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges vi... | | |
| CVE-2015-1141 | The mach_vm_read functionality in the kernel in Apple OS X before 10.10.3 allows local users to caus... | | |
| CVE-2015-1142 | LaunchServices in Apple OS X before 10.10.3 allows local users to cause a denial of service (Finder ... | | |
| CVE-2015-1143 | LaunchServices in Apple OS X before 10.10.3 allows local users to gain privileges via a crafted loca... | E | |
| CVE-2015-1144 | Buffer overflow in the UniformTypeIdentifiers component in Apple OS X before 10.10.3 allows local us... | | |
| CVE-2015-1145 | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, ... | E | |
| CVE-2015-1146 | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, ... | E | |
| CVE-2015-1147 | Open Directory Client in Apple OS X before 10.10.3 sends unencrypted password-change requests in cer... | E | |
| CVE-2015-1148 | Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might... | | |
| CVE-2015-1149 | Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attack... | | |
| CVE-2015-1150 | The Firewall component in Apple OS X Server before 4.1 uses an incorrect pathname in configuration f... | | |
| CVE-2015-1151 | Wiki Server in Apple OS X Server before 4.1 allows remote attackers to bypass intended restrictions ... | | |
| CVE-2015-1152 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote ... | S | |
| CVE-2015-1153 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote ... | S | |
| CVE-2015-1154 | WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote ... | | |
| CVE-2015-1155 | The history implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.... | | |
| CVE-2015-1156 | The page-loading implementation in WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, a... | | |
| CVE-2015-1157 | CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot a... | E S | |
| CVE-2015-1158 | The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operat... | E | |
| CVE-2015-1159 | Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the templ... | E | |
| CVE-2015-1160 | Rejected reason: This candidate is unused by its CNA.... | R | |
| CVE-2015-1164 | Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the... | | |
| CVE-2015-1165 | RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x before 4.2.10 allows remote attac... | | |
| CVE-2015-1169 | Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct L... | E | |
| CVE-2015-1170 | The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 before 345.20, and R346 befor... | | |
| CVE-2015-1171 | Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to ... | E | |
| CVE-2015-1172 | Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka ho... | | |
| CVE-2015-1173 | Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (... | | |
| CVE-2015-1174 | Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earl... | | |
| CVE-2015-1175 | Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in Pres... | E | |
| CVE-2015-1176 | Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows r... | E | |
| CVE-2015-1177 | Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.... | E | |
| CVE-2015-1178 | Multiple cross-site scripting (XSS) vulnerabilities in cart.php in X-Cart 5.1.8 and earlier allow re... | E | |
| CVE-2015-1179 | Multiple cross-site scripting (XSS) vulnerabilities in data_point_details.shtm in Mango Automation 2... | E | |
| CVE-2015-1180 | Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attac... | E | |
| CVE-2015-1182 | The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x th... | | |
| CVE-2015-1187 | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary co... | KEV E M | |
| CVE-2015-1188 | The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL route... | | |
| CVE-2015-1191 | Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitr... | E | |
| CVE-2015-1192 | Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary fil... | E | |
| CVE-2015-1193 | Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to ar... | E | |
| CVE-2015-1194 | pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archiv... | E | |
| CVE-2015-1195 | The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x be... | | |
| CVE-2015-1196 | GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch ... | E S | |
| CVE-2015-1197 | cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary f... | E | |
| CVE-2015-1198 | Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5.... | | |
| CVE-2015-1199 | Directory traversal vulnerability in ppmd 10.1-5.... | | |
| CVE-2015-1200 | Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressin... | | |
| CVE-2015-1201 | Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumpt... | | |
| CVE-2015-1202 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2015-1203 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2015-1204 | Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin... | E | |
| CVE-2015-1205 | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a... | | |
| CVE-2015-1206 | Heap-based buffer overflow in Google Chrome before M40 allows remote attackers to cause a denial of ... | | |
| CVE-2015-1207 | Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote ... | | |
| CVE-2015-1208 | Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allow... | | |
| CVE-2015-1209 | Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core... | | |
| CVE-2015-1210 | The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8... | | |
| CVE-2015-1211 | The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatch... | | |
| CVE-2015-1212 | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Lin... | | |
| CVE-2015-1213 | The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as ... | | |
| CVE-2015-1214 | Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters im... | | |
| CVE-2015-1215 | The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote atta... | | |
| CVE-2015-1216 | Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8... | | |
| CVE-2015-1217 | The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp ... | | |
| CVE-2015-1218 | Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome... | | |
| CVE-2015-1219 | Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia,... | | |
| CVE-2015-1220 | Use-after-free vulnerability in the GIFImageReader::parseData function in platform/image-decoders/gi... | | |
| CVE-2015-1221 | Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote a... | | |
| CVE-2015-1222 | Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content... | | |
| CVE-2015-1223 | Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation ... | | |
| CVE-2015-1224 | The VpxVideoDecoder::VpxDecode function in media/filters/vpx_video_decoder.cc in the vpxdecoder impl... | | |
| CVE-2015-1225 | PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of s... | | |
| CVE-2015-1226 | The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in G... | | |
| CVE-2015-1227 | The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 4... | | |
| CVE-2015-1228 | The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in G... | | |
| CVE-2015-1229 | net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 does not properly handle a 407 ... | | |
| CVE-2015-1230 | The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google... | | |
| CVE-2015-1231 | Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a... | | |
| CVE-2015-1232 | Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_us... | | |
| CVE-2015-1233 | Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API,... | | |
| CVE-2015-1234 | Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in Google Chrome before 41.0.2272.... | | |
| CVE-2015-1235 | The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Bl... | | |
| CVE-2015-1236 | The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cp... | | |
| CVE-2015-1237 | Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/... | | |
| CVE-2015-1238 | Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of ser... | | |
| CVE-2015-1239 | Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFiu... | E | |
| CVE-2015-1240 | gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in Google Chrome before 42.0.2311... | | |
| CVE-2015-1241 | Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with... | E M | |
| CVE-2015-1242 | The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.7... | | |
| CVE-2015-1243 | Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserv... | | |
| CVE-2015-1244 | The URLRequest::GetHSTSRedirect function in url_request/url_request.cc in Google Chrome before 42.0.... | | |
| CVE-2015-1245 | Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/locatio... | | |
| CVE-2015-1246 | Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of se... | | |
| CVE-2015-1247 | The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_hel... | | |
| CVE-2015-1248 | The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBr... | | |
| CVE-2015-1249 | Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a... | | |
| CVE-2015-1250 | Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause ... | | |
| CVE-2015-1251 | Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem i... | | |
| CVE-2015-1252 | common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wrap... | | |
| CVE-2015-1253 | core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chro... | | |
| CVE-2015-1254 | core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritanc... | | |
| CVE-2015-1255 | Use-after-free vulnerability in content/renderer/media/webaudio_capturer_source.cc in the WebAudio i... | | |
| CVE-2015-1256 | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.... | | |
| CVE-2015-1257 | platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Ch... | | |
| CVE-2015-1258 | Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --siz... | | |
| CVE-2015-1259 | PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which all... | | |
| CVE-2015-1260 | Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the W... | | |
| CVE-2015-1261 | android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.... | | |
| CVE-2015-1262 | platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, do... | | |
| CVE-2015-1263 | The Spellcheck API implementation in Google Chrome before 43.0.2357.65 does not use an HTTPS session... | | |
| CVE-2015-1264 | Cross-site scripting (XSS) vulnerability in Google Chrome before 43.0.2357.65 allows user-assisted r... | | |
| CVE-2015-1265 | Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a... | E | |
| CVE-2015-1266 | content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 doe... | | |
| CVE-2015-1267 | Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation contex... | | |
| CVE-2015-1268 | bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not prope... | | |
| CVE-2015-1269 | The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43... | | |
| CVE-2015-1270 | The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode ... | | |
| CVE-2015-1271 | PDFium, as used in Google Chrome before 44.0.2403.89, does not properly handle certain out-of-memory... | | |
| CVE-2015-1272 | Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 ... | | |
| CVE-2015-1273 | Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome bef... | | |
| CVE-2015-1274 | Google Chrome before 44.0.2403.89 does not ensure that the auto-open list omits all dangerous file t... | | |
| CVE-2015-1275 | Cross-site scripting (XSS) vulnerability in org/chromium/chrome/browser/UrlUtilities.java in Google ... | | |
| CVE-2015-1276 | Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the Indexe... | | |
| CVE-2015-1277 | Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.8... | | |
| CVE-2015-1278 | content/browser/web_contents/web_contents_impl.cc in Google Chrome before 44.0.2403.89 does not ensu... | | |
| CVE-2015-1279 | Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as... | | |
| CVE-2015-1280 | SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers t... | | |
| CVE-2015-1281 | core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properl... | | |
| CVE-2015-1282 | Multiple use-after-free vulnerabilities in fpdfsdk/src/javascript/Document.cpp in PDFium, as used in... | | |
| CVE-2015-1283 | Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google C... | | |
| CVE-2015-1284 | The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrom... | | |
| CVE-2015-1285 | The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink... | | |
| CVE-2015-1286 | Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in ... | | |
| CVE-2015-1287 | Blink, as used in Google Chrome before 44.0.2403.89, enables a quirks-mode exception that limits the... | | |
| CVE-2015-1288 | The Spellcheck API implementation in Google Chrome before 44.0.2403.89 does not use an HTTPS session... | | |
| CVE-2015-1289 | Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a... | | |
| CVE-2015-1290 | The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before ... | | |
| CVE-2015-1291 | The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Goo... | | |
| CVE-2015-1292 | The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.... | | |
| CVE-2015-1293 | The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attacke... | | |
| CVE-2015-1294 | Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Ski... | | |
| CVE-2015-1295 | Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/rende... | | |
| CVE-2015-1296 | The UnescapeURLWithAdjustmentsImpl implementation in net/base/escape.cc in Google Chrome before 45.0... | | |
| CVE-2015-1297 | The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google... | | |
| CVE-2015-1298 | The RuntimeEventRouter::OnExtensionUninstalled function in extensions/browser/api/runtime/runtime_ap... | | |
| CVE-2015-1299 | Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome b... | | |
| CVE-2015-1300 | The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext... | | |
| CVE-2015-1301 | Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a... | | |
| CVE-2015-1302 | The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages an... | | |
| CVE-2015-1303 | bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not pe... | | |
| CVE-2015-1304 | object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly res... | | |
| CVE-2015-1305 | McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows local users to write to arbitrary ... | E | |
| CVE-2015-1306 | The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.2... | S | |
| CVE-2015-1307 | plasma-workspace before 5.1.95 allows remote attackers to obtain passwords via a Trojan horse Look a... | | |
| CVE-2015-1308 | kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote attackers to obtain input event... | | |
| CVE-2015-1309 | XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver ... | | |
| CVE-2015-1310 | SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers t... | | |
| CVE-2015-1311 | The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP ... | | |
| CVE-2015-1312 | The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obt... | | |
| CVE-2015-1313 | JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted... | E | |
| CVE-2015-1314 | The USAA Mobile Banking application before 7.10.1 for Android displays the most recently-used screen... | E | |
| CVE-2015-1315 | Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remo... | S | |
| CVE-2015-1316 | Juju Joyent provider uploads user's private ssh key by default | S | |
| CVE-2015-1317 | Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to... | | |
| CVE-2015-1318 | The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain p... | E S | |
| CVE-2015-1319 | The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and 15.04.x before 15.04.1+15.04.20... | S | |
| CVE-2015-1320 | Probe-and-enlist for SeaMicro chassis writes password to the log | S | |
| CVE-2015-1321 | Use-after-free vulnerability in the file picker implementation in Oxide before 1.6.5 allows remote a... | | |
| CVE-2015-1322 | Directory traversal vulnerability in the Ubuntu network-manager package for Ubuntu (vivid) before 0.... | | |
| CVE-2015-1323 | The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 as packaged in Ubuntu 15.04, be... | S | |
| CVE-2015-1324 | Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in ... | S | |
| CVE-2015-1325 | Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8... | E S | |
| CVE-2015-1326 | python-dbusmock arbitrary code execution or file overwrite when templates are loaded from /tmp | S | |
| CVE-2015-1327 | Content-hub DBUS API doesn't prevent confined apps from passing paths to files without access | | |
| CVE-2015-1328 | The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu t... | E | |
| CVE-2015-1329 | Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14... | S | |
| CVE-2015-1330 | unattended-upgrades before 0.86.1 does not properly authenticate packages when the (1) force-confold... | | |
| CVE-2015-1331 | lxclock.c in LXC 1.1.2 and earlier allows local users to create arbitrary files via a symlink attack... | E | |
| CVE-2015-1332 | The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 as packaged in Ubuntu 15.04 and... | | |
| CVE-2015-1333 | Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1... | | |
| CVE-2015-1334 | attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a container, which allows local contai... | | |
| CVE-2015-1335 | lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape... | S | |
| CVE-2015-1336 | The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in Ubuntu and Debian allows local... | E | |
| CVE-2015-1337 | Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, whic... | E | |
| CVE-2015-1338 | kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consump... | E S | |
| CVE-2015-1339 | Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 al... | S | |
| CVE-2015-1340 | chmod race in doUidshiftIntoContainer | S | |
| CVE-2015-1341 | Apport privilege escalation through Python module imports | | |
| CVE-2015-1342 | LXCFS before 0.12 does not properly enforce directory escapes, which might allow local users to gain... | E | |
| CVE-2015-1343 | unity-scope-gdrive search feature logs search terms to syslog | | |
| CVE-2015-1344 | The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, whic... | | |
| CVE-2015-1345 | The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial ... | E | |
| CVE-2015-1346 | Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before... | | |
| CVE-2015-1347 | Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote ... | | |
| CVE-2015-1348 | Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.... | | |
| CVE-2015-1349 | named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC valid... | | |
| CVE-2015-1350 | The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr ope... | E S | |
| CVE-2015-1351 | Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcac... | E S | |
| CVE-2015-1352 | The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP through 5.6.7... | E | |
| CVE-2015-1353 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2015-1355 | Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes i... | | |
| CVE-2015-1356 | Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's privileges on the basis of pro... | | |
| CVE-2015-1357 | Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware ... | | |
| CVE-2015-1358 | The remote-management module in the (1) Multi Panels, (2) Comfort Panels, and (3) RT Advanced functi... | | |
| CVE-2015-1359 | Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome befor... | | |
| CVE-2015-1360 | Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of ser... | | |
| CVE-2015-1361 | platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does no... | | |
| CVE-2015-1362 | Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to ... | E | |
| CVE-2015-1363 | Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attacker... | E | |
| CVE-2015-1364 | SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Repri... | E | |
| CVE-2015-1365 | Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for ... | E S | |
| CVE-2015-1366 | Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2... | E | |
| CVE-2015-1367 | SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrar... | E | |
| CVE-2015-1368 | Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 a... | E | |
| CVE-2015-1369 | SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js allows remote attackers to exe... | E | |
| CVE-2015-1370 | Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers t... | E | |
| CVE-2015-1371 | Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to exec... | E | |
| CVE-2015-1372 | SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQ... | E | |
| CVE-2015-1373 | Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remo... | E | |
| CVE-2015-1374 | Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha all... | E | |
| CVE-2015-1375 | pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict ... | E | |
| CVE-2015-1376 | pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames... | E | |
| CVE-2015-1377 | The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack... | | |
| CVE-2015-1378 | cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is source... | | |
| CVE-2015-1379 | The signal handler implementations in socat before 1.7.3.0 and 2.0.0-b8 allow remote attackers to ca... | S | |
| CVE-2015-1380 | jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a cr... | | |
| CVE-2015-1381 | Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to ca... | | |
| CVE-2015-1382 | parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (invalid rea... | | |
| CVE-2015-1383 | Cross-site scripting (XSS) vulnerability in the geo search widget in the Geo Mashup plugin before 1.... | | |
| CVE-2015-1384 | Cross-site scripting (XSS) vulnerability in the Banner Effect Header plugin before 1.2.8 for WordPre... | E S | |
| CVE-2015-1385 | Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress Podcasting plugin before 6.0.1 fo... | E | |
| CVE-2015-1386 | Directory traversal vulnerability in unshield 1.0-1.... | E | |
| CVE-2015-1387 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2015-1454. Reason: This candidate... | R | |
| CVE-2015-1388 | The "RAP console" feature in ArubaOS 5.x through 6.2.x, 6.3.x before 6.3.1.15, and 6.4.x before 6.4.... | | |
| CVE-2015-1389 | Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.... | E | |
| CVE-2015-1390 | Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator.... | | |
| CVE-2015-1391 | Aruba AirWave before 8.0.7 allows bypass of a CSRF protection mechanism.... | | |
| CVE-2015-1392 | Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.... | | |
| CVE-2015-1393 | SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote au... | E | |
| CVE-2015-1394 | Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for Wo... | E | |
| CVE-2015-1395 | Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.... | S | |
| CVE-2015-1396 | A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can writ... | | |
| CVE-2015-1397 | SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class... | E | |
| CVE-2015-1398 | Multiple directory traversal vulnerabilities in Magento Community Edition (CE) 1.9.1.0 and Enterpris... | E S | |
| CVE-2015-1399 | PHP remote file inclusion vulnerability in the fetchView function in the Mage_Core_Block_Template_Ze... | E S | |
| CVE-2015-1400 | SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute a... | E | |
| CVE-2015-1401 | Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extensio... | | |
| CVE-2015-1402 | Cross-site scripting (XSS) vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3... | | |
| CVE-2015-1403 | SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remot... | | |
| CVE-2015-1404 | Cross-site scripting (XSS) vulnerability in the Content Rating Extbase extension 2.0.3 and earlier f... | | |
| CVE-2015-1405 | SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allo... | | |
| CVE-2015-1414 | Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 before p18, and 10.1 before p6 ... | | |
| CVE-2015-1415 | The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when configuring full disk encrypted ZFS, u... | E | |
| CVE-2015-1416 | Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.... | | |
| CVE-2015-1417 | The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10... | | |
| CVE-2015-1418 | The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1... | | |
| CVE-2015-1419 | Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restr... | S | |
| CVE-2015-1420 | Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 all... | | |
| CVE-2015-1421 | Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux ... | | |
| CVE-2015-1422 | Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers ... | E | |
| CVE-2015-1423 | Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execu... | E | |
| CVE-2015-1424 | Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to ... | E | |
| CVE-2015-1425 | JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities... | | |
| CVE-2015-1426 | Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instan... | | |
| CVE-2015-1427 | The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attac... | KEV E S | |
| CVE-2015-1428 | Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execut... | E | |
| CVE-2015-1429 | Directory traversal vulnerability in Cybele Software Thinfinity Remote Desktop Workstation 3.0.0.3 3... | | |
| CVE-2015-1430 | Buffer overflow in xymon 4.3.17-1.... | | |
| CVE-2015-1431 | Cross-site scripting (XSS) vulnerability in includes/startup.php in phpBB before 3.0.13 allows remot... | | |
| CVE-2015-1432 | The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not prop... | | |
| CVE-2015-1433 | program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does not properly quote strings, w... | E S | |
| CVE-2015-1434 | Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators t... | E | |
| CVE-2015-1435 | Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to ... | E | |
| CVE-2015-1436 | Cross-site scripting (XSS) vulnerability in the Easing Slider plugin before 2.2.0.7 for WordPress al... | E S | |
| CVE-2015-1437 | Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 router with firmware 2.1.1.1.... | E | |
| CVE-2015-1438 | Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers t... | E | |
| CVE-2015-1441 | SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allow... | S | |
| CVE-2015-1442 | SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS... | E | |
| CVE-2015-1443 | The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execut... | M | |
| CVE-2015-1444 | Multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend in the httpd ... | | |
| CVE-2015-1445 | HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30.... | M | |
| CVE-2015-1448 | The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.46... | | |
| CVE-2015-1449 | Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware befo... | | |
| CVE-2015-1450 | SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL co... | E | |
| CVE-2015-1451 | Multiple cross-site scripting (XSS) vulnerabilities in Fortinet FortiOS 5.0 Patch 7 build 4457 allow... | E | |
| CVE-2015-1452 | The Control and Provisioning of Wireless Access Points (CAPWAP) daemon in Fortinet FortiOS 5.0 Patch... | | |
| CVE-2015-1453 | The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtIn... | E | |
| CVE-2015-1454 | Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952... | | |
| CVE-2015-1455 | Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) ... | | |
| CVE-2015-1456 | Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which al... | | |
| CVE-2015-1457 | Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary files via the -f flag to the ... | E | |
| CVE-2015-1458 | Fortinet FortiAuthenticator 3.0.0 allows local users to bypass intended restrictions and gain privil... | E | |
| CVE-2015-1459 | Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attacker... | E | |
| CVE-2015-1460 | Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privi... | | |
| CVE-2015-1461 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's cry... | | |
| CVE-2015-1462 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer fil... | | |
| CVE-2015-1463 | ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted peti... | | |
| CVE-2015-1464 | RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows remote attackers to hijack ses... | | |
| CVE-2015-1465 | The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of t... | | |
| CVE-2015-1467 | Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authent... | E | |
| CVE-2015-1469 | time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a10... | | |
| CVE-2015-1471 | SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to exe... | E | |
| CVE-2015-1472 | The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does ... | | |
| CVE-2015-1473 | The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does ... | | |
| CVE-2015-1474 | Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/li... | E S | |
| CVE-2015-1475 | Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow rem... | | |
| CVE-2015-1476 | Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute ... | E | |
| CVE-2015-1477 | SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remot... | E | |
| CVE-2015-1478 | Cross-site scripting (XSS) vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla!... | E | |
| CVE-2015-1479 | SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (... | E | |
| CVE-2015-1480 | ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to ... | E | |
| CVE-2015-1481 | Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privil... | E | |
| CVE-2015-1482 | Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obt... | E | |
| CVE-2015-1483 | Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to exec... | | |
| CVE-2015-1484 | Unquoted Windows search path vulnerability in the agent in Symantec Workspace Streaming (SWS) 6.1 be... | | |
| CVE-2015-1485 | Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server ... | | |
| CVE-2015-1486 | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allow... | E | |
| CVE-2015-1487 | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allow... | E | |
| CVE-2015-1488 | An unspecified action handler in the management console in Symantec Endpoint Protection Manager (SEP... | | |
| CVE-2015-1489 | The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allow... | E | |
| CVE-2015-1490 | Directory traversal vulnerability in the management console in Symantec Endpoint Protection Manager ... | | |
| CVE-2015-1491 | SQL injection vulnerability in the management console in Symantec Endpoint Protection Manager (SEPM)... | | |
| CVE-2015-1492 | Untrusted search path vulnerability in the client in Symantec Endpoint Protection 12.1 before 12.1-R... | | |
| CVE-2015-1493 | Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in... | | |
| CVE-2015-1494 | The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, whic... | E S | |
| CVE-2015-1495 | Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbi... | S | |
| CVE-2015-1496 | Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, (2) rsmdriverproviderservice.exe... | | |
| CVE-2015-1497 | radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remot... | E | |
| CVE-2015-1498 | Persistent Systems Radia Client Automation does not properly restrict access to certain request, whi... | | |
| CVE-2015-1499 | The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete ... | | |
| CVE-2015-1500 | Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Ap... | S | |
| CVE-2015-1501 | The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Ap... | | |
| CVE-2015-1503 | Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attacke... | E | |
| CVE-2015-1512 | Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote att... | E | |
| CVE-2015-1513 | SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary S... | | |
| CVE-2015-1514 | Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to... | E | |
| CVE-2015-1515 | The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write da... | E | |
| CVE-2015-1516 | Cross-site scripting (XSS) vulnerability in Polycom RealPresence CloudAXIS Suite before 1.7.0 allows... | E | |
| CVE-2015-1517 | SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote au... | E S | |
| CVE-2015-1518 | SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before... | E | |
| CVE-2015-1521 | analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet ... | S | |
| CVE-2015-1522 | analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a pack... | S | |
| CVE-2015-1525 | audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service... | | |
| CVE-2015-1526 | The media_server component in Android allows remote attackers to cause a denial of service via a cra... | E | |
| CVE-2015-1527 | Integer overflow in IAudioPolicyService.cpp in Android allows local users to gain privileges via a c... | E S | |
| CVE-2015-1528 | Integer overflow in the native_handle_create function in libcutils/native_handle.c in Android before... | | |
| CVE-2015-1529 | Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a den... | S | |
| CVE-2015-1530 | media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary c... | | |
| CVE-2015-1536 | Integer overflow in the Bitmap_createFromParcel function in core/jni/android/graphics/Bitmap.cpp in ... | | |
| CVE-2015-1537 | Integer overflow in IHDCP.cpp in the media_server component in Android allows remote attackers to ex... | E S | |
| CVE-2015-1538 | Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagef... | E | |
| CVE-2015-1539 | Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in... | | |
| CVE-2015-1541 | The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in... | | |
| CVE-2015-1545 | The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 all... | E | |
| CVE-2015-1546 | Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 ... | | |
| CVE-2015-1547 | The NeXTDecode function in tif_next.c in LibTIFF allows remote attackers to cause a denial of servic... | E | |
| CVE-2015-1548 | mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process mem... | E | |
| CVE-2015-1550 | Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 all... | | |
| CVE-2015-1551 | Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 all... | | |
| CVE-2015-1554 | kgb-bot 1.33-2 allows remote attackers to cause a denial of service (crash).... | | |
| CVE-2015-1555 | Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote a... | | |
| CVE-2015-1558 | Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when using the PJSIP channel driver,... | | |
| CVE-2015-1559 | Multiple cross-site request forgery (CSRF) vulnerabilities in administrator.php in Epignosis eFront ... | E S | |
| CVE-2015-1560 | SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreo... | E | |
| CVE-2015-1561 | The escape_command function in include/Administration/corePerformance/getStats.php in Centreon (form... | E | |
| CVE-2015-1562 | Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to in... | E | |
| CVE-2015-1563 | The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial ... | | |
| CVE-2015-1564 | Cross-site scripting (XSS) vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 a... | E | |
| CVE-2015-1565 | Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storag... | | |
| CVE-2015-1566 | Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 7.4.0 allows remote attackers to... | | |
| CVE-2015-1567 | Cross-site scripting (XSS) vulnerability in the admin page in the GD Infinite Scroll module before 7... | S | |
| CVE-2015-1568 | Cross-site request forgery (CSRF) vulnerability in the GD Infinite Scroll module before 7.x-1.4 for ... | S | |
| CVE-2015-1569 | Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-i... | E | |
| CVE-2015-1570 | The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.0... | E | |
| CVE-2015-1571 | The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same cer... | E | |
| CVE-2015-1572 | Heap-based buffer overflow in closefs.c in the libext2fs library in e2fsprogs before 1.42.12 allows ... | | |
| CVE-2015-1573 | The nft_flush_table function in net/netfilter/nf_tables_api.c in the Linux kernel before 3.18.5 mish... | | |
| CVE-2015-1574 | The Google Email application 4.2.2.0200 for Android allows remote attackers to cause a denial of ser... | E | |
| CVE-2015-1575 | Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to ... | E | |
| CVE-2015-1576 | Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbit... | E | |
| CVE-2015-1577 | Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote atta... | E | |
| CVE-2015-1578 | Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect user... | E | |
| CVE-2015-1579 | Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attac... | E | |
| CVE-2015-1580 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for Wo... | E | |
| CVE-2015-1581 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for Wor... | E | |
| CVE-2015-1582 | Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for ... | E S | |
| CVE-2015-1583 | Multiple cross-site request forgery (CSRF) vulnerabilities in ATutor 2.2 allow remote attackers to h... | E S | |
| CVE-2015-1585 | Fat Free CRM before 0.13.6 allows remote attackers to conduct cross-site request forgery (CSRF) atta... | E | |
| CVE-2015-1587 | Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and ... | E | |
| CVE-2015-1588 | Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange Server 6 and OX AppSuite before ... | | |
| CVE-2015-1589 | Directory traversal vulnerability in arCHMage 0.2.4 allows remote attackers to write to arbitrary fi... | E | |
| CVE-2015-1590 | The kamcmd administrative utility and default configuration in kamailio before 4.3.0 use /tmp/kamail... | S | |
| CVE-2015-1591 | The kamailio build in kamailio before 4.2.0-2 process allows local users to gain privileges.... | | |
| CVE-2015-1592 | Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 do... | | |
| CVE-2015-1593 | The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect... | E | |
| CVE-2015-1594 | Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0... | | |
| CVE-2015-1595 | The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of sy... | | |
| CVE-2015-1596 | The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates ... | | |
| CVE-2015-1597 | The Siemens SPCanywhere application for Android does not use encryption during the loading of code, ... | | |
| CVE-2015-1598 | The Siemens SPCanywhere application for Android does not properly store application passwords, which... | | |
| CVE-2015-1599 | The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended... | | |
| CVE-2015-1600 | Information disclosure vulnerability in Netatmo Indoor Module firmware 100 and earlier.... | | |
| CVE-2015-1601 | Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers ... | S | |
| CVE-2015-1602 | Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data wit... | S | |
| CVE-2015-1603 | Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote at... | E S | |
| CVE-2015-1604 | Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allow... | E S | |
| CVE-2015-1605 | Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset ... | | |
| CVE-2015-1606 | The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote a... | | |
| CVE-2015-1607 | kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not pro... | | |
| CVE-2015-1608 | Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to d... | | |
| CVE-2015-1609 | MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service vi... | | |
| CVE-2015-1610 | hosttracker in OpenDaylight l2switch allows remote attackers to change the host location information... | | |
| CVE-2015-1611 | OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology... | S | |
| CVE-2015-1612 | OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology... | S | |
| CVE-2015-1613 | RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive info... | | |
| CVE-2015-1614 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for... | | |
| CVE-2015-1616 | SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) befo... | | |
| CVE-2015-1617 | Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoin... | | |
| CVE-2015-1618 | The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authen... | | |
| CVE-2015-1619 | Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Emai... | | |
| CVE-2015-1621 | Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for ... | S | |
| CVE-2015-1622 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2015-1623 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1624 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1625 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1626 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1627 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted we... | | |
| CVE-2015-1628 | Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 ... | | |
| CVE-2015-1629 | Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 ... | | |
| CVE-2015-1630 | Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 ... | | |
| CVE-2015-1631 | Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting ... | | |
| CVE-2015-1632 | Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Excha... | | |
| CVE-2015-1633 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Ser... | | |
| CVE-2015-1634 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1635 | HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows... | KEV E S | |
| CVE-2015-1636 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and Sh... | | |
| CVE-2015-1637 | Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Serve... | S | |
| CVE-2015-1638 | Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not proper... | | |
| CVE-2015-1639 | Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to... | | |
| CVE-2015-1640 | Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows re... | | |
| CVE-2015-1641 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for M... | KEV S | |
| CVE-2015-1642 | Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code ... | KEV S | |
| CVE-2015-1643 | Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 S... | S | |
| CVE-2015-1644 | Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 ... | S | |
| CVE-2015-1645 | Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Window... | | |
| CVE-2015-1646 | Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy... | | |
| CVE-2015-1647 | Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 allows ... | S | |
| CVE-2015-1648 | ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, when the... | | |
| CVE-2015-1649 | Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer... | | |
| CVE-2015-1650 | Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 S... | | |
| CVE-2015-1651 | Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ... | | |
| CVE-2015-1652 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1653 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint ... | | |
| CVE-2015-1654 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1655 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1656 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1657 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1658 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1659 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1660 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2015-1661 | Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mecha... | | |
| CVE-2015-1662 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1663 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1664 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1665 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1666 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1667 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1668 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2015-1669 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1670 | The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.... | | |
| CVE-2015-1671 | The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.... | KEV S | |
| CVE-2015-1672 | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to ca... | | |
| CVE-2015-1673 | The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1,... | | |
| CVE-2015-1674 | The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold... | E S | |
| CVE-2015-1675 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8... | S | |
| CVE-2015-1676 | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008... | S | |
| CVE-2015-1677 | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008... | S | |
| CVE-2015-1678 | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008... | S | |
| CVE-2015-1679 | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008... | S | |
| CVE-2015-1680 | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008... | S | |
| CVE-2015-1681 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8... | S | |
| CVE-2015-1682 | Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 SP1, Exce... | | |
| CVE-2015-1683 | Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, ... | | |
| CVE-2015-1684 | VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 throug... | | |
| CVE-2015-1685 | Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a... | | |
| CVE-2015-1686 | The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Inter... | | |
| CVE-2015-1687 | Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a... | | |
| CVE-2015-1688 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted we... | | |
| CVE-2015-1689 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1690 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1691 | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a den... | | |
| CVE-2015-1692 | Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard... | | |
| CVE-2015-1693 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1694 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1695 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8... | S | |
| CVE-2015-1696 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8... | S | |
| CVE-2015-1697 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8... | S | |
| CVE-2015-1698 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8... | S | |
| CVE-2015-1699 | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8... | S | |
| CVE-2015-1700 | Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, an... | | |
| CVE-2015-1701 | Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 20... | KEV E S | |
| CVE-2015-1702 | The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows S... | S | |
| CVE-2015-1703 | Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted we... | | |
| CVE-2015-1704 | Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted we... | | |
| CVE-2015-1705 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1706 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1707 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1708 | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a den... | | |
| CVE-2015-1709 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1710 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1711 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1712 | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a den... | | |
| CVE-2015-1713 | Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, ak... | | |
| CVE-2015-1714 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2015-1715 | Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to bypass intended integrity-lev... | | |
| CVE-2015-1716 | Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1... | S | |
| CVE-2015-1717 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1718 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1719 | The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows ... | S | |
| CVE-2015-1720 | Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 ... | S | |
| CVE-2015-1721 | The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows ... | E S | |
| CVE-2015-1722 | Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 ... | E S | |
| CVE-2015-1723 | Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 ... | E S | |
| CVE-2015-1724 | Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 ... | E S | |
| CVE-2015-1725 | Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows ... | E S | |
| CVE-2015-1726 | Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 ... | E S | |
| CVE-2015-1727 | Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows ... | E S | |
| CVE-2015-1728 | Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a... | | |
| CVE-2015-1729 | Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1... | | |
| CVE-2015-1730 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of... | E | |
| CVE-2015-1731 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2015-1732 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1733 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2015-1734 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1735 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1736 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2015-1737 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2015-1738 | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a den... | | |
| CVE-2015-1739 | Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web s... | | |
| CVE-2015-1740 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1741 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1742 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1743 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted we... | S | |
| CVE-2015-1744 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1745 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1746 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1747 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1748 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted we... | | |
| CVE-2015-1749 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2015-1750 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1751 | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1752 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1753 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial o... | | |
| CVE-2015-1754 | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of... | | |
| CVE-2015-1755 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a d... | | |
| CVE-2015-1756 | Use-after-free vulnerability in Microsoft Common Controls in Microsoft Windows Vista SP2, Windows Se... | S | |
| CVE-2015-1757 | Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) ... | | |
| CVE-2015-1758 | Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows V... | | |
| CVE-2015-1759 | Microsoft Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a craf... | | |
| CVE-2015-1760 | Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 SP1, and Office 2013 RT SP1 al... | | |
| CVE-2015-1761 | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incor... | | |
| CVE-2015-1762 | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transac... | | |
| CVE-2015-1763 | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prev... | | |
| CVE-2015-1764 | The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote atta... | | |
| CVE-2015-1765 | Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a c... | | |
| CVE-2015-1766 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1767 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause ... | | |
| CVE-2015-1768 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2 allows local u... | | |
| CVE-2015-1769 | Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Win... | KEV S | |
| CVE-2015-1770 | Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to execute arbitrary code via a cr... | KEV S | |
| CVE-2015-1771 | Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server... | | |
| CVE-2015-1772 | The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and 1.1.x before 1.1.1, as used i... | | |
| CVE-2015-1773 | Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html in Apache Flex before 4.14.1 ... | | |
| CVE-2015-1774 | The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2... | | |
| CVE-2015-1775 | Server-side request forgery (SSRF) vulnerability in the proxy endpoint (api/v1/proxy) in Apache Amba... | | |
| CVE-2015-1776 | Apache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with... | | |
| CVE-2015-1777 | rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on Red Hat Gluster Storage 2.1 and ... | | |
| CVE-2015-1778 | The custom authentication realm used by karaf-tomcat's "opendaylight" realm in Opendaylight before H... | S | |
| CVE-2015-1779 | The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory... | S | |
| CVE-2015-1780 | oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-cente... | | |
| CVE-2015-1781 | Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka... | | |
| CVE-2015-1782 | The kex_agree_methods function in libssh2 before 1.5.0 allows remote servers to cause a denial of se... | | |
| CVE-2015-1783 | The prefix variable in the get_or_define_ns function in Lasso before commit 6d854cef4211cdcdbc7446c9... | S | |
| CVE-2015-1784 | In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an ... | E | |
| CVE-2015-1785 | In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an ... | E | |
| CVE-2015-1786 | Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x befor... | | |
| CVE-2015-1787 | The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL 1.0.2 before 1.0.2a, when client a... | S | |
| CVE-2015-1788 | The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before 0.9.8s, 1.0.0 before 1.0.0e, 1... | | |
| CVE-2015-1789 | The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s,... | | |
| CVE-2015-1790 | The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.... | | |
| CVE-2015-1791 | Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8z... | | |
| CVE-2015-1792 | The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, ... | | |
| CVE-2015-1793 | The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2... | E S | |
| CVE-2015-1794 | The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 before 1.0.2e allows remote ser... | | |
| CVE-2015-1795 | Red Hat Gluster Storage RPM Package 3.2 allows local users to gain privileges and execute arbitrary ... | | |
| CVE-2015-1796 | The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 and OpenSAML Java (OpenSAML-J) b... | | |
| CVE-2015-1797 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was wi... | R | |
| CVE-2015-1798 | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 r... | | |
| CVE-2015-1799 | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 3.x and 4.x before 4... | | |
| CVE-2015-1800 | The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows a... | | |
| CVE-2015-1801 | The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows a... | | |
| CVE-2015-1802 | The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1... | | |
| CVE-2015-1803 | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1... | | |
| CVE-2015-1804 | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1... | | |
| CVE-2015-1805 | The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do... | | |
| CVE-2015-1806 | The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote au... | | |
| CVE-2015-1807 | Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authe... | | |
| CVE-2015-1808 | Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users to cause a denial of s... | | |
| CVE-2015-1809 | XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 all... | | |
| CVE-2015-1810 | The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS before 1.596.1 does not restric... | | |
| CVE-2015-1811 | XML external entity (XXE) vulnerability in CloudBees Jenkins before 1.600 and LTS before 1.596.1 all... | | |
| CVE-2015-1812 | Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remot... | | |
| CVE-2015-1813 | Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remot... | | |
| CVE-2015-1814 | The API token-issuing service in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers... | | |
| CVE-2015-1815 | The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows re... | E | |
| CVE-2015-1816 | Forman before 1.7.4 does not verify SSL certificates for LDAP connections, which allows man-in-the-m... | | |
| CVE-2015-1817 | Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 thr... | S | |
| CVE-2015-1818 | XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.... | | |
| CVE-2015-1819 | The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) vi... | S | |
| CVE-2015-1820 | REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixat... | S | |
| CVE-2015-1821 | Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a deni... | S | |
| CVE-2015-1822 | chrony before 1.31.1 does not initialize the last "next" pointer when saving unacknowledged replies ... | S | |
| CVE-2015-1823 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2015-1824 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2015-1825 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2015-1826 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2015-1827 | The get_user_grouplist function in the extdom plug-in in FreeIPA before 4.1.4 does not properly real... | | |
| CVE-2015-1828 | The Ruby http gem before 0.7.3 does not verify hostnames in SSL connections, which might allow remot... | | |
| CVE-2015-1829 | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, ... | | |
| CVE-2015-1830 | Directory traversal vulnerability in the fileserver upload/download functionality for blob messages ... | | |
| CVE-2015-1831 | The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "comp... | | |
| CVE-2015-1832 | XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, whe... | | |
| CVE-2015-1833 | XML external entity (XXE) vulnerability in Apache Jackrabbit before 2.0.6, 2.2.x before 2.2.14, 2.4.... | E | |
| CVE-2015-1834 | A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that a... | | |
| CVE-2015-1835 | Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an application does not set explicit ... | E | |
| CVE-2015-1836 | Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before 1.1.0.1, as used in IBM InfoS... | | |
| CVE-2015-1837 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2015-1838 | modules/serverdensity_device.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.... | S | |
| CVE-2015-1839 | modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp.... | S | |
| CVE-2015-1840 | jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and rails.js in jquery-ujs before 1.... | E | |
| CVE-2015-1841 | The Web Admin interface in Red Hat Enterprise Virtualization Manager (RHEV-M) allows local users to ... | | |
| CVE-2015-1842 | The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a defau... | | |
| CVE-2015-1843 | The Red Hat docker package before 1.5.0-28, when using the --add-registry option, falls back to HTTP... | | |
| CVE-2015-1844 | Foreman before 1.7.5 allows remote authenticated users to bypass organization and location restricti... | S | |
| CVE-2015-1845 | Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitr... | | |
| CVE-2015-1846 | unzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) ... | | |
| CVE-2015-1847 | Directory traversal vulnerability in the web request/response interface in Appserver before 1.0.3 al... | | |
| CVE-2015-1848 | The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an htt... | E | |
| CVE-2015-1849 | AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.1 allows a... | E | |
| CVE-2015-1850 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2015-1851 | OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 (juno), and 2015.1.x before 20... | | |
| CVE-2015-1852 | The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 and python-keystoneclient befor... | | |
| CVE-2015-1853 | chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associ... | | |
| CVE-2015-1854 | 389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and mod... | | |
| CVE-2015-1855 | verify_certificate_identity in the OpenSSL extension in Ruby before 2.0.0 patchlevel 645, 2.1.x befo... | | |
| CVE-2015-1856 | OpenStack Object Storage (Swift) before 2.3.0, when allow_version is configured, allows remote authe... | | |
| CVE-2015-1857 | The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive info... | S | |
| CVE-2015-1858 | Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase module in Qt before 4.8.7 and 5... | S | |
| CVE-2015-1859 | Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt bef... | S | |
| CVE-2015-1860 | Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase module in Qt before 4.8.7 and 5... | S | |
| CVE-2015-1861 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2015-1862 | The crash reporting feature in Abrt allows local users to gain privileges by leveraging an execve by... | E S | |
| CVE-2015-1863 | Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a deni... | | |
| CVE-2015-1864 | Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before ... | E S | |
| CVE-2015-1865 | fts.c in coreutils 8.4 allows local users to delete arbitrary files.... | | |
| CVE-2015-1866 | Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before 1.10.1 and 1.11.x before 1.11.2.... | E S | |
| CVE-2015-1867 | Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users ... | | |
| CVE-2015-1868 | The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x befo... | | |
| CVE-2015-1869 | The default event handling scripts in Automatic Bug Reporting Tool (ABRT) allow local users to gain ... | S | |
| CVE-2015-1870 | The event scripts in Automatic Bug Reporting Tool (ABRT) uses world-readable permission on a copy of... | S | |
| CVE-2015-1871 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2015-1872 | The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg before 2.5.4 does not validate t... | | |
| CVE-2015-1874 | Cross-site request forgery (CSRF) vulnerability in the Contact Form DB (aka CFDB and contact-form-7-... | E S | |
| CVE-2015-1875 | SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier al... | E | |
| CVE-2015-1876 | Directory traversal vulnerability in ES File Explorer 3.2.4.1.... | E | |
| CVE-2015-1877 | The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, do... | S | |
| CVE-2015-1878 | Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, and 6000+ before 11.72 allows p... | | |
| CVE-2015-1879 | Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPre... | E S | |
| CVE-2015-1880 | Cross-site scripting (XSS) vulnerability in the sslvpn login page in Fortinet FortiOS 5.2.x before 5... | | |
| CVE-2015-1881 | OpenStack Image Registry and Delivery Service (Glance) 2014.2 through 2014.2.2 does not properly rem... | E | |
| CVE-2015-1882 | Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.... | S | |
| CVE-2015-1883 | IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and... | S | |
| CVE-2015-1884 | Directory traversal vulnerability in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x... | S | |
| CVE-2015-1885 | WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0... | S | |
| CVE-2015-1886 | The Remote Document Conversion Service (DCS) in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1... | S | |
| CVE-2015-1887 | IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF17, and 8.5.0 before CF06 al... | S | |
| CVE-2015-1888 | Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.2 before 2.0.2-ICN-FP007 and 2... | S | |
| CVE-2015-1889 | The Big SQL component in IBM InfoSphere BigInsights 3.0 through 3.0.0.2 allows remote authenticated ... | | |
| CVE-2015-1890 | /usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) 4.1 before 4.1.0.7 produces a... | S | |
| CVE-2015-1892 | The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and ... | S | |
| CVE-2015-1893 | The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows remote attackers to hijack the ... | S | |
| CVE-2015-1894 | Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Optim Workload Replay 2.x before 2... | S | |
| CVE-2015-1895 | IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on client-side code to verify authori... | S | |
| CVE-2015-1896 | Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 ... | S | |
| CVE-2015-1897 | Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 ... | S | |
| CVE-2015-1898 | Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 ... | S | |
| CVE-2015-1899 | IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause a denial of service (CPU cons... | S | |
| CVE-2015-1900 | IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 on UNIX allows local users to... | S | |
| CVE-2015-1901 | The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local use... | S | |
| CVE-2015-1902 | Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allo... | S | |
| CVE-2015-1903 | Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allo... | S | |
| CVE-2015-1904 | IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5... | S | |
| CVE-2015-1905 | The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5... | S | |
| CVE-2015-1906 | Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x... | S | |
| CVE-2015-1907 | The Administration and Reporting Tool in IBM Rational License Key Server (RLKS) 8.1.4 before 8.1.4.7... | S | |
| CVE-2015-1908 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 t... | S | |
| CVE-2015-1909 | The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Dat... | S | |
| CVE-2015-1910 | Cross-site scripting (XSS) vulnerability in the Reference Data Management component in the server in... | S | |
| CVE-2015-1911 | Cross-site scripting (XSS) vulnerability in Sterling Order Management 8.5 before HF113, Sterling Sel... | S | |
| CVE-2015-1913 | Rational Test Control Panel in IBM Rational Test Workbench and Rational Test Virtualization Server 8... | S | |
| CVE-2015-1914 | IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 ... | | |
| CVE-2015-1915 | The Endpoint Manager for Remote Control component in IBM Tivoli Endpoint Manager for Lifecycle Manag... | S | |
| CVE-2015-1916 | Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of serv... | | |
| CVE-2015-1917 | Cross-site scripting (XSS) vulnerability in the Active Content Filtering component in IBM WebSphere ... | S | |
| CVE-2015-1919 | Cross-site scripting (XSS) vulnerability in IBM Security QRadar Incident Forensics before 7.2.5 allo... | | |
| CVE-2015-1920 | IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.1... | S | |
| CVE-2015-1921 | Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 ... | | |
| CVE-2015-1922 | The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and ... | S | |
| CVE-2015-1923 | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote... | | |
| CVE-2015-1924 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 a... | | |
| CVE-2015-1925 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 a... | | |
| CVE-2015-1926 | Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.... | | |
| CVE-2015-1927 | The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 bef... | S | |
| CVE-2015-1928 | Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and... | | |
| CVE-2015-1929 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 a... | | |
| CVE-2015-1930 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 a... | | |
| CVE-2015-1931 | IBM Java Security Components in IBM SDK, Java Technology Edition 8 before SR1 FP10, 7 R1 before SR3 ... | | |
| CVE-2015-1932 | IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0.0.11, and 8.5.x before 8.5.5.... | | |
| CVE-2015-1933 | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6... | S | |
| CVE-2015-1934 | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX002, and 7.6.0 before 7.6... | S | |
| CVE-2015-1935 | The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, an... | S | |
| CVE-2015-1936 | The administrative console in IBM WebSphere Application Server (WAS) 8.0.0 before 8.0.0.11 and 8.5 b... | S | |
| CVE-2015-1937 | IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not r... | S | |
| CVE-2015-1938 | The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execu... | | |
| CVE-2015-1941 | The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to read ... | | |
| CVE-2015-1942 | The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to write... | | |
| CVE-2015-1943 | IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0... | S | |
| CVE-2015-1944 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0... | S | |
| CVE-2015-1945 | Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data M... | S | |
| CVE-2015-1946 | IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and WebSphere Virtual Enterprise 7.0 befo... | S | |
| CVE-2015-1947 | Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, wh... | | |
| CVE-2015-1948 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 a... | | |
| CVE-2015-1949 | The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execu... | | |
| CVE-2015-1950 | IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require authentication for access to t... | | |
| CVE-2015-1951 | IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 IFIX001, and 7.6.0 before 7.6... | | |
| CVE-2015-1952 | Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 0... | S | |
| CVE-2015-1953 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 a... | | |
| CVE-2015-1954 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 a... | | |
| CVE-2015-1955 | IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (CPU consumption) v... | | |
| CVE-2015-1956 | IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) ... | | |
| CVE-2015-1957 | IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows remote authenticated users to ... | S | |
| CVE-2015-1958 | IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) ... | | |
| CVE-2015-1959 | IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3... | S | |
| CVE-2015-1961 | The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5... | S | |
| CVE-2015-1962 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 a... | | |
| CVE-2015-1963 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 a... | | |
| CVE-2015-1964 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 a... | | |
| CVE-2015-1965 | Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 a... | | |
| CVE-2015-1966 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Federated Identity Manager (TFIM) ... | S | |
| CVE-2015-1967 | MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the absence of the compatibility-m... | | |
| CVE-2015-1968 | Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data Management Collaborative Edit... | S | |
| CVE-2015-1969 | Cross-site scripting (XSS) vulnerability in IBM Tivoli Common Reporting (TCR) 2.1 before IF13 and 2.... | S | |
| CVE-2015-1970 | The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 through 2.5.0.4 retains data ... | S | |
| CVE-2015-1971 | Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifec... | | |
| CVE-2015-1972 | IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3... | S | |
| CVE-2015-1974 | The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before i... | S | |
| CVE-2015-1975 | The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before i... | | |
| CVE-2015-1976 | IBM Security Directory Server could allow an authenticated user to execute commands into the web adm... | S | |
| CVE-2015-1977 | Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITD... | | |
| CVE-2015-1978 | Cross-site scripting (XSS) vulnerability in IBM Tivoli Security Directory Server 6.0 before iFix 75,... | S | |
| CVE-2015-1979 | Multiple cross-site scripting (XSS) vulnerabilities in the Error dialog in IBM Case Manager 5.2.1 be... | S | |
| CVE-2015-1980 | IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before F... | S | |
| CVE-2015-1981 | Cross-site scripting (XSS) vulnerability in the web server in IBM Domino 8.5.x before 8.5.3 FP6 IF8 ... | S | |
| CVE-2015-1982 | IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before F... | S | |
| CVE-2015-1983 | Cross-site scripting (XSS) vulnerability in the Projects page in IBM UrbanCode Build 6.1.x before 6.... | | |
| CVE-2015-1984 | IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before F... | S | |
| CVE-2015-1985 | The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended... | | |
| CVE-2015-1986 | The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execu... | | |
| CVE-2015-1987 | IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial of service (disk consumption) ... | | |
| CVE-2015-1988 | Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger for Virtual Environments: Data... | | |
| CVE-2015-1989 | SQL injection vulnerability in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 all... | | |
| CVE-2015-1990 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2015-1991 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in... | R | |
| CVE-2015-1992 | IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, an... | | |
| CVE-2015-1993 | IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for u... | | |
| CVE-2015-1994 | IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not include the HTTPOnly flag... | | |
| CVE-2015-1995 | Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x ... | | |
| CVE-2015-1996 | IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not prevent caching of HTTPS ... | | |
| CVE-2015-1997 | Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x b... | | |
| CVE-2015-1999 | IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 places session IDs in https URLs, ... | |