| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
401 |
CVE-2015-1721 |
476 |
|
DoS +Priv |
2015-06-10 |
2019-05-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer Dereference Vulnerability." |
|
402 |
CVE-2015-1720 |
416 |
|
+Priv |
2015-06-10 |
2019-05-14 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Microsoft Windows Kernel Use After Free Vulnerability." |
|
403 |
CVE-2015-1719 |
200 |
|
+Info |
2015-06-10 |
2019-05-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain sensitive information from kernel memory via a crafted application, aka "Microsoft Windows Kernel Information Disclosure Vulnerability." |
|
404 |
CVE-2015-1687 |
19 |
|
DoS Exec Code Mem. Corr. |
2015-06-10 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." |
|
405 |
CVE-2015-1493 |
22 |
|
Dir. Trav. |
2015-06-01 |
2020-12-01 |
6.8 |
None |
Remote |
Low |
??? |
Complete |
None |
None |
|
Directory traversal vulnerability in the min_get_slash_argument function in lib/configonlylib.php in Moodle through 2.5.9, 2.6.x before 2.6.8, 2.7.x before 2.7.5, and 2.8.x before 2.8.3 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter, as demonstrated by reading PHP scripts. |
|
406 |
CVE-2015-1485 |
352 |
|
CSRF |
2015-06-28 |
2017-09-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the administration console in the Enforce Server in Symantec Data Loss Prevention (DLP) before 12.5.2 allows remote attackers to hijack the authentication of administrators. |
|
407 |
CVE-2015-1269 |
254 |
|
Bypass |
2015-06-26 |
2016-12-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase. |
|
408 |
CVE-2015-1268 |
254 |
|
Bypass |
2015-06-26 |
2016-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL. |
|
409 |
CVE-2015-1267 |
254 |
|
Bypass |
2015-06-26 |
2016-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp. |
|
410 |
CVE-2015-1266 |
254 |
|
Bypass |
2015-06-26 |
2016-12-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests. |
|
411 |
CVE-2015-1159 |
79 |
|
XSS |
2015-06-26 |
2017-09-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the cgi_puts function in cgi-bin/template.c in the template engine in CUPS before 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter to help/. |
|
412 |
CVE-2015-1158 |
254 |
|
|
2015-06-26 |
2017-09-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code. |
|
413 |
CVE-2015-1000 |
119 |
|
Exec Code Overflow |
2015-06-05 |
2016-11-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the OpenForIPCamTest method in the RTSPVIDEO.rtspvideoCtrl.1 (aka SStreamVideo) ActiveX control in Moxa SoftCMS before 1.3 allows remote attackers to execute arbitrary code via the StrRtspPath parameter. |
|
414 |
CVE-2015-0989 |
19 |
|
DoS |
2015-06-28 |
2015-06-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
PACTware 4.1 SP3 allows remote attackers to cause a denial of service (application crash) via a crafted file that triggers an internal error. |
|
415 |
CVE-2015-0972 |
255 |
|
DoS |
2015-06-23 |
2015-06-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Pearson ProctorCache before 2015.1.17 uses the same hardcoded password across different customers' installations, which allows remote attackers to modify test metadata or cause a denial of service (test disruption) by leveraging knowledge of this password. |
|
416 |
CVE-2015-0850 |
20 |
|
Exec Code |
2015-06-02 |
2015-06-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository. |
|
417 |
CVE-2015-0779 |
22 |
|
Exec Code Dir. Trav. |
2015-06-07 |
2015-06-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324. |
|
418 |
CVE-2015-0776 |
399 |
|
DoS |
2015-06-12 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 devices allows remote attackers to cause a denial of service (device reload) via a malformed TELNET packet, aka Bug ID CSCuq31566. |
|
419 |
CVE-2015-0775 |
399 |
|
DoS |
2015-06-12 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on Nexus 4000 devices, 5.2(1)SV3(2.1) on Nexus 1000V devices, 6.0(2)N2(2) on Nexus 5000 devices, 6.2(11) on MDS 9000 devices, 6.2(12) on Nexus 7000 devices, 7.0(3) on Nexus 9000 devices, and 7.2(0)ZN(99.67) on Nexus 3000 devices allows remote attackers to cause a denial of service (login process reset) via an unspecified terminal-session request during TELNET session setup, aka Bug IDs CSCuo10554, CSCuu75466, CSCuu75471, CSCuu75484, CSCuu75498, CSCuu77170, and CSCuu77182. |
|
420 |
CVE-2015-0774 |
79 |
|
XSS |
2015-06-12 |
2017-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Cisco Application and Content Networking System (ACNS) 5.5(9) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuu70650. |
|
421 |
CVE-2015-0773 |
264 |
|
|
2015-06-12 |
2017-01-04 |
5.5 |
None |
Remote |
Low |
??? |
None |
Partial |
Partial |
|
Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote authenticated users to delete an arbitrary user's dashboard via a modified VPN deletion request in a management session, aka Bug ID CSCut67078. |
|
422 |
CVE-2015-0772 |
399 |
|
DoS |
2015-06-12 |
2017-01-04 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in an SDP session during a SIP connection, aka Bug ID CSCut42422. |
|
423 |
CVE-2015-0771 |
399 |
|
DoS |
2015-06-12 |
2017-01-04 |
6.3 |
None |
Remote |
Medium |
??? |
None |
None |
Complete |
|
The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS 12.2 on Catalyst 6500 devices allows remote authenticated users to cause a denial of service (device reload) by sending a crafted message during IPsec tunnel setup, aka Bug ID CSCur70505. |
|
424 |
CVE-2015-0770 |
20 |
|
Http R.Spl. |
2015-06-07 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341. |
|
425 |
CVE-2015-0769 |
399 |
|
DoS |
2015-06-12 |
2017-01-04 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System allows remote attackers to cause a denial of service (NPU ASIC scan and line-card reload) via crafted IPv6 extension headers, aka Bug ID CSCtx03546. |
|
426 |
CVE-2015-0768 |
264 |
|
Exec Code Bypass |
2015-06-12 |
2017-01-04 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
The Device Work Center (DWC) component in Cisco Prime Network Control System (NCS) 2.1(0.0.85), 2.2(0.0.58), and 2.2(0.0.69) does not properly implement AAA roles, which allows remote authenticated users to bypass intended access restrictions and execute commands via a login session, aka Bug ID CSCur27371. |
|
427 |
CVE-2015-0767 |
264 |
|
|
2015-06-07 |
2015-06-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local users to obtain root privileges via unspecified commands, aka Bug ID CSCur18132. |
|
428 |
CVE-2015-0766 |
79 |
|
XSS |
2015-06-04 |
2017-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface in the Management Center component in Cisco FireSIGHT System Software 6.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified fields, aka Bug IDs CSCus93566, CSCut31557, and CSCut47196. |
|
429 |
CVE-2015-0765 |
399 |
|
DoS |
2015-06-04 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Cisco ONS 15454 System Software 10.30 and 10.301 allows remote attackers to cause a denial of service (tNetTask CPU consumption or card reset) via a flood of (1) IP or (2) Ethernet traffic, aka Bug ID CSCus57263. |
|
430 |
CVE-2015-0764 |
200 |
|
+Info |
2015-06-04 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read arbitrary files via a crafted resource request, aka Bug ID CSCus95603. |
|
431 |
CVE-2015-0763 |
200 |
|
+Info |
2015-06-04 |
2017-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session IDs in http URLs, which allows remote attackers to obtain sensitive session information via a crafted URL, aka Bug ID CSCuu60338. |
|
432 |
CVE-2015-0762 |
79 |
|
XSS |
2015-06-04 |
2017-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400. |
|
433 |
CVE-2015-0761 |
264 |
|
|
2015-06-04 |
2017-01-04 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x before 4.0(2052) on Linux does not properly implement unspecified internal functions, which allows local users to obtain root privileges via crafted vpnagent options, aka Bug ID CSCus86790. |
|
434 |
CVE-2015-0760 |
264 |
|
Bypass |
2015-06-04 |
2017-01-04 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and 8.2.x before 8.2.2.13 allows remote authenticated users to bypass XAUTH authentication via crafted IKEv1 packets, aka Bug ID CSCus47259. |
|
435 |
CVE-2015-0759 |
352 |
|
CSRF |
2015-06-02 |
2017-01-04 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Cisco Headend Digital Broadband Delivery System allows remote attackers to hijack the authentication of arbitrary users. |
|
436 |
CVE-2015-0737 |
79 |
|
XSS |
2015-06-12 |
2017-01-04 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT System Software 5.3.1.1 allow remote attackers to inject arbitrary web script or HTML via a crafted (1) GET or (2) POST parameter, aka Bug ID CSCuu11099. |
|
437 |
CVE-2015-0550 |
22 |
|
Dir. Trav. Bypass |
2015-06-28 |
2017-09-23 |
8.5 |
None |
Remote |
Low |
Not required |
Complete |
None |
Partial |
|
Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intended Content Server access restrictions via unspecified vectors. |
|
438 |
CVE-2015-0549 |
79 |
|
XSS |
2015-06-28 |
2017-09-23 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before 4.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
439 |
CVE-2015-0546 |
264 |
|
Bypass |
2015-06-17 |
2017-09-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows remote attackers to bypass LDAP authentication by providing a valid account name. |
|
440 |
CVE-2015-0545 |
|
|
Exec Code |
2015-06-29 |
2016-12-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging Wire Protocol (JDWP) service, which allows remote attackers to execute arbitrary code via unspecified vectors. |
|
441 |
CVE-2015-0541 |
352 |
|
CSRF |
2015-06-05 |
2022-05-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat Detection before 5.1 allows remote attackers to hijack the authentication of arbitrary users. |
|
442 |
CVE-2015-0526 |
79 |
|
XSS |
2015-06-22 |
2017-09-23 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Validation Manager (RVM) 3.2 before build 201 allow remote attackers to inject arbitrary web script or HTML via the (1) displayMode or (2) wrapPreDisplayMode parameter. |
|
443 |
CVE-2015-0344 |
79 |
|
XSS |
2015-06-13 |
2016-12-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
444 |
CVE-2015-0343 |
79 |
|
XSS |
2015-06-13 |
2016-12-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in admin/home/homepage/search in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. |
|
445 |
CVE-2015-0264 |
|
|
|
2015-06-03 |
2019-05-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query. |
|
446 |
CVE-2015-0263 |
|
|
|
2015-06-03 |
2019-05-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource. |
|
447 |
CVE-2015-0218 |
352 |
|
CSRF |
2015-06-01 |
2020-12-01 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout. |
|
448 |
CVE-2015-0217 |
399 |
|
DoS |
2015-06-01 |
2020-12-01 |
6.8 |
None |
Remote |
Low |
??? |
None |
None |
Complete |
|
filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression. |
|
449 |
CVE-2015-0216 |
79 |
|
XSS |
2015-06-01 |
2020-12-01 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback. |
|
450 |
CVE-2015-0215 |
200 |
|
+Info |
2015-06-01 |
2020-12-01 |
4.0 |
None |
Remote |
Low |
??? |
Partial |
None |
None |
|
calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request. |
