The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2015-1593 | The stack randomization feature in the Linux kernel before 3.19.1 on 64-bit platforms uses incorrect data types for the results of bitwise left-shift operations, which makes it easier for attackers to bypass the ASLR protection mechanism by predicting the address of the top of the stack, related to the randomize_stack_top function in fs/binfmt_elf.c and the stack_maxrandom_size function in arch/x86/mm/mmap.c. | Medium | Mar 18, 2015 |
| CVE-2015-1594 | Untrusted search path vulnerability in Siemens SIMATIC ProSave before 13 SP1; SIMATIC CFC before 8.0 SP4 Upd9 and 8.1 before Upd1; SIMATIC STEP 7 before 5.5 SP1 HF2, 5.5 SP2 before HF7, 5.5 SP3, and 5.5 SP4 before HF4; SIMOTION Scout before 4.4; and STARTER before 4.4 HF3 allows local users to gain privileges via a Trojan horse application file.<a href=http://cwe.mitre.org/data/definitions/426.html>CWE-426: Untrusted Search Path</a> | Medium | Mar 9, 2015 |
| CVE-2015-1595 | The Siemens SPCanywhere application for Android and iOS does not use encryption during lookups of system ID to IP address mappings, which allows man-in-the-middle attackers to discover alarm IP addresses and spoof servers by intercepting the client-server data stream. | Medium | Mar 9, 2015 |
| CVE-2015-1596 | The Siemens SPCanywhere application for Android and iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | Medium | Mar 9, 2015 |
| CVE-2015-1597 | The Siemens SPCanywhere application for Android does not use encryption during the loading of code, which allows man-in-the-middle attackers to execute arbitrary code by modifying the client-server data stream. | Medium | Mar 9, 2015 |
| CVE-2015-1601 | Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 allows man-in-the-middle attackers to obtain sensitive information or modify transmitted data via unspecified vectors. | Medium | Apr 6, 2015 |
| CVE-2015-1603 | Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php. | Medium | Feb 20, 2015 |
| CVE-2015-1604 | Unrestricted file upload vulnerability in asys/site/files.php in Adminsystems CMS before 4.0.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in upload/files/. | Medium | Feb 20, 2015 |
| CVE-2015-1608 | Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not properly restrict access to database-connection strings, which allows attackers to read the cleartext version of sensitive credential and e-mail address information via unspecified vectors. | Medium | Feb 17, 2015 |
| CVE-2015-1609 | MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers to cause a denial of service via a crafted UTF-8 string in a BSON request. | Medium | Apr 1, 2015 |
| CVE-2015-1613 | RhodeCode before 2.2.7 allows remote authenticated users to obtain API keys and other sensitive information via the (1) update_repo, (2) get_locks, or (3) get_user_groups API method. | Medium | Feb 17, 2015 |
| CVE-2015-1614 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the (1) image_metadata_cruncher[alt] or (2) image_metadata_cruncher[caption] parameter in an update action in the image_metadata_cruncher_title page to wp-admin/options.php or (3) custom image meta tag to the image metadata cruncher page. | Medium | Feb 20, 2015 |
| CVE-2015-1616 | SQL injection vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated ePO users to execute arbitrary SQL commands via unspecified vectors. | Medium | Feb 18, 2015 |
| CVE-2015-1618 | The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL. | Medium | Feb 18, 2015 |
| CVE-2015-1627 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka Internet Explorer Elevation of Privilege Vulnerability. | Medium | Mar 11, 2015 |
| CVE-2015-1628 | Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted X-OWA-Canary cookie in an AD.RecipientType.User action, aka OWA Modified Canary Parameter Cross Site Scripting Vulnerability. | Medium | Mar 11, 2015 |
| CVE-2015-1629 | Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka ExchangeDLP Cross Site Scripting Vulnerability. | Medium | Mar 11, 2015 |
| CVE-2015-1630 | Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Audit Report Cross Site Scripting Vulnerability. | Medium | Mar 11, 2015 |
| CVE-2015-1631 | Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to spoof meeting organizers via unspecified vectors, aka Exchange Forged Meeting Request Spoofing Vulnerability. | Medium | Mar 11, 2015 |
| CVE-2015-1632 | Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via the msgParam parameter in an authError action, aka Exchange Error Message Cross Site Scripting Vulnerability. | Medium | Mar 11, 2015 |
| CVE-2015-1637 | Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the FREAK issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067. | Medium | Mar 12, 2015 |
| CVE-2015-1638 | Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows Server 2012 R2 does not properly handle logoff actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation, aka Active Directory Federation Services Information Disclosure Vulnerability. | MEDIUM | Apr 14, 2015 |
| CVE-2015-1639 | Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac 2011 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Microsoft Outlook App for Mac XSS Vulnerability. | MEDIUM | Apr 14, 2015 |
| CVE-2015-1640 | Cross-site scripting (XSS) vulnerability in Microsoft Project Server 2010 SP2 and 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka Microsoft SharePoint XSS Vulnerability. | MEDIUM | Apr 14, 2015 |
| CVE-2015-1646 | Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted DTD, aka MSXML3 Same Origin Policy SFB Vulnerability. | MEDIUM | Apr 14, 2015 |
| CVE-2015-1653 | Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka Microsoft SharePoint XSS Vulnerability. | MEDIUM | Apr 14, 2015 |
| CVE-2015-1661 | Microsoft Internet Explorer 6 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka Internet Explorer ASLR Bypass Vulnerability. | MEDIUM | Apr 14, 2015 |
| CVE-2015-1670 | The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a crafted OpenType font on a web site, aka OpenType Font Parsing Vulnerability. | Medium | May 14, 2015 |
| CVE-2015-1672 | Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an XML document, aka .NET XML Decryption Denial of Service Vulnerability.<a href=https://cwe.mitre.org/data/definitions/674.html>CWE-674: Uncontrolled Recursion</a> | Medium | May 15, 2015 |
| CVE-2015-1684 | VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 through 11 and other products, allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka VBScript ASLR Bypass. | Medium | May 14, 2015 |
| CVE-2015-1685 | Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka Internet Explorer ASLR Bypass. | Medium | May 13, 2015 |
| CVE-2015-1686 | The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka VBScript and JScript ASLR Bypass. | Medium | May 14, 2015 |
| CVE-2015-1688 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka Internet Explorer Elevation of Privilege Vulnerability. | Medium | May 13, 2015 |
| CVE-2015-1692 | Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka Internet Explorer Clipboard Information Disclosure Vulnerability. | Medium | May 13, 2015 |
| CVE-2015-1700 | Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka Microsoft SharePoint Page Content Vulnerabilities. | Medium | May 14, 2015 |
| CVE-2015-1702 | The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka Service Control Manager Elevation of Privilege Vulnerability. | Medium | May 13, 2015 |
| CVE-2015-1703 | Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka Internet Explorer Elevation of Privilege Vulnerability, a different vulnerability than CVE-2015-1704. | Medium | May 13, 2015 |
| CVE-2015-1704 | Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka Internet Explorer Elevation of Privilege Vulnerability, a different vulnerability than CVE-2015-1703. | Medium | May 13, 2015 |
| CVE-2015-1713 | Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, aka Internet Explorer Elevation of Privilege Vulnerability. | Medium | May 14, 2015 |
| CVE-2015-1716 | Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict Diffie-Hellman Ephemeral (DHE) key lengths, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via unspecified vectors, aka Schannel Information Disclosure Vulnerability. | Medium | May 14, 2015 |
| CVE-2015-1729 | Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka Internet Explorer Information Disclosure Vulnerability. | MEDIUM | Jul 14, 2015 |
| CVE-2015-1739 | Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka Internet Explorer Elevation of Privilege Vulnerability. | Medium | Jun 10, 2015 |
| CVE-2015-1743 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka Internet Explorer Elevation of Privilege Vulnerability, a different vulnerability than CVE-2015-1748. | Medium | Jun 10, 2015 |
| CVE-2015-1748 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka Internet Explorer Elevation of Privilege Vulnerability, a different vulnerability than CVE-2015-1743. | Medium | Jun 10, 2015 |
| CVE-2015-1757 | Cross-site scripting (XSS) vulnerability in adfs/ls in Active Directory Federation Services (AD FS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 allows remote attackers to inject arbitrary web script or HTML via the wct parameter, aka ADFS XSS Elevation of Privilege Vulnerability. | Medium | Jun 10, 2015 |
| CVE-2015-1758 | Untrusted search path vulnerability in the LoadLibrary function in the kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, aka Windows LoadLibrary EoP Vulnerability.CWE-426: Untrusted Search Path https://cwe.mitre.org/data/definitions/426.html | Medium | Jun 10, 2015 |
| CVE-2015-1761 | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 uses an incorrect class during casts of unspecified pointers, which allows remote authenticated users to gain privileges by leveraging certain write access, aka SQL Server Elevation of Privilege Vulnerability. | MEDIUM | Jul 14, 2015 |
| CVE-2015-1764 | The web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allow remote attackers to bypass the Same Origin Policy and send HTTP traffic to intranet servers via a crafted request, related to a Server-Side Request Forgery (SSRF) issue, aka Exchange Server-Side Request Forgery Vulnerability. | Medium | Jun 10, 2015 |
| CVE-2015-1765 | Microsoft Internet Explorer 9 through 11 allows remote attackers to read the browser history via a crafted web site. | Medium | Jun 10, 2015 |
| CVE-2015-1771 | Cross-site request forgery (CSRF) vulnerability in the web applications in Microsoft Exchange Server 2013 SP1 and Cumulative Update 8 allows remote attackers to hijack the authentication of arbitrary users, aka Exchange Cross-Site Request Forgery Vulnerability. | Medium | Jun 10, 2015 |
