The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2015-6873 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6872 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6871 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6870 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6869 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6868 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6866 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6865 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6839 | The parse function in MSA vot.Ar 3.1 does not check whether a candidate receives more than one vote, which allows physically proximate attackers to cast multiple votes for a candidate via a crafted RFID ballot tag. | LOW | Oct 23, 2017 |
| CVE-2015-6835 | The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.<a href=http://cwe.mitre.org/data/definitions/416.html>CWE-416: Use After Free</a> | High | May 18, 2016 |
| CVE-2015-6834 | Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.<a href=http://cwe.mitre.org/data/definitions/502.html>CWE-502: Deserialization of Untrusted Data</a> | High | May 17, 2016 |
| CVE-2015-6817 | PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username. | MEDIUM | May 23, 2017 |
| CVE-2015-6816 | ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | HIGH | Aug 9, 2017 |
| CVE-2015-6815 | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of service (infinite loop and guest crash) via unspecified vectors. | LOW | Feb 11, 2020 |
| CVE-2015-6748 | Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. | MEDIUM | Sep 25, 2017 |
| CVE-2015-6674 | Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplete fix of CVE-2012-1836. | High | Apr 20, 2017 |
| CVE-2015-6673 | Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. | HIGH | Sep 20, 2017 |
| CVE-2015-6671 | Open edX edx-platform before 2015-08-25 requires use of the database for storage of SAML SSO secrets, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging access to a database backup. | Medium | Mar 15, 2017 |
| CVE-2015-6668 | The Job Manager plugin before 0.7.25 allows remote attackers to read arbitrary CV files via a brute force attack to the WordPress upload directory structure, related to an insecure direct object reference. | MEDIUM | Oct 19, 2017 |
| CVE-2015-6666 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6653 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6652 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6651 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6650 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6649 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6607 | SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows attackers to gain privileges via a crafted application, aka internal bug 20099586. | Medium | Oct 7, 2015 |
| CVE-2015-6593 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6593. Reason: This candidate is a duplicate of CVE-2014-6593. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2014-6593 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2015-6592 | Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require authentication to the serial port or the VxWorks shell. | HIGH | Sep 25, 2017 |
| CVE-2015-6591 | Directory traversal vulnerability in application/templates/amelia/loadjs.php in Free Reprintables ArticleFR 3.0.7 and earlier allows local users to read arbitrary files via the s parameter. | LOW | Jan 16, 2020 |
| CVE-2015-6589 | Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx. | MEDIUM | Feb 13, 2020 |
| CVE-2015-6588 | Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX Revolution before 1.9.1 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. | Medium | Sep 2, 2017 |
| CVE-2015-6586 | The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with software before V200R006C00SPC100 allows remote attackers to obtain sensitive information by leveraging failure to restrict processing of mDNS unicast queries to the link local network. | MEDIUM | May 23, 2017 |
| CVE-2015-6585 | hwpapp.dll in Hangul Word Processor allows remote attackers to execute arbitrary code via a crafted heap spray, and by leveraging a type confusion via an HWPX file containing a crafted para text tag. | MEDIUM | Jul 25, 2017 |
| CVE-2015-6576 | Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers with access to the Bamboo web interface to execute arbitrary Java code via an unspecified resource. | MEDIUM | Oct 2, 2017 |
| CVE-2015-6574 | The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. | High | Dec 22, 2016 |
| CVE-2015-6569 | Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state manipulation attack. | MEDIUM | Feb 21, 2018 |
| CVE-2015-6568 | Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to .php after originally using the parameter filename for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality. | Medium | Apr 21, 2017 |
| CVE-2015-6567 | Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter filename properly. Exploitation requires a registered user who has access to upload functionality. | Medium | Apr 21, 2017 |
| CVE-2015-6553 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn. Further investigation showed that it was not a security issue in customer-controlled software. Notes: none | -- | Nov 7, 2023 |
| CVE-2015-6544 | Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title. | MEDIUM | Feb 20, 2018 |
| CVE-2015-6542 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3403. Reason: This candidate is a reservation duplicate of CVE-2016-3403. Notes: All CVE users should reference CVE-2016-3403 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 |
| CVE-2015-6540 | Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software. | MEDIUM | Jun 7, 2017 |
| CVE-2015-6531 | Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 might allow remote attackers to execute arbitrary Python code via a crafted firmware image file. | High | Jun 8, 2017 |
| CVE-2015-6521 | Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS version 2.2. | LOW | Oct 10, 2017 |
| CVE-2015-6502 | Cross-site scripting (XSS) vulnerability in the console in Puppet Enterprise before 2015.2.1 allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect. | -- | Dec 11, 2017 |
| CVE-2015-6501 | Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. | Medium | Jan 17, 2017 |
| CVE-2015-6498 | Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 allows remote attackers to spoof and make calls as target devices. | MEDIUM | Aug 9, 2017 |
| CVE-2015-6497 | The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2.php in Magento Community Edition (CE) before 1.9.2.1 and Enterprise Edition (EE) before 1.14.2.1, when used with PHP before 5.4.24 or 5.5.8, allows remote authenticated users to execute arbitrary PHP code via the productData parameter to index.php/api/v2_soap. | MEDIUM | Jan 15, 2020 |
| CVE-2015-6495 | There is Sensitive Information in Cloudera Manager before 5.4.6 Diagnostic Support Bundles. | MEDIUM | Nov 26, 2019 |
| CVE-2015-6487 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none | -- | Nov 7, 2023 |
