Vulnerabilities > Microsoft > Windows > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-04-16 | CVE-2015-2572 | Local Security vulnerability in Oracle Hyperion Smart View for Office Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core. | 4.6 |
| 2015-04-14 | CVE-2015-3044 | Information Exposure vulnerability in multiple products Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | 5.0 |
| 2015-04-14 | CVE-2015-3040 | Information Exposure vulnerability in multiple products Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-0357. | 5.0 |
| 2015-04-14 | CVE-2015-2114 | 7PK - Security Features vulnerability in HP Support Solution Framework 11.51.0027 HP Support Solution Framework before 11.51.0049 allows remote attackers to download an arbitrary program onto a client machine and execute this program via unspecified vectors. | 6.8 |
| 2015-04-14 | CVE-2015-0357 | Information Exposure vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism via unspecified vectors, a different vulnerability than CVE-2015-3040. | 5.0 |
| 2015-03-13 | CVE-2015-0340 | File Upload Restriction Security Bypass vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass intended file-upload restrictions via unspecified vectors. | 5.0 |
| 2015-03-13 | CVE-2015-0337 | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | 5.0 |
| 2015-02-28 | CVE-2015-0884 | Unspecified vulnerability in Toshiba Bluetooth Stack and Service Station Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character. | 6.9 |
| 2015-02-25 | CVE-2015-0833 | DLL Loading Arbitrary Code Execution vulnerability in Mozilla Firefox Firefox ESR and Thunderbird Multiple untrusted search path vulnerabilities in updater.exe in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 on Windows, when the Maintenance Service is not used, allow local users to gain privileges via a Trojan horse DLL in (1) the current working directory or (2) a temporary directory, as demonstrated by bcrypt.dll. | 6.9 |
| 2015-02-09 | CVE-2015-1565 | Cross-site Scripting vulnerability in Hitachi products Cross-site scripting (XSS) vulnerability in the online help in Hitachi Device Manager, Tiered Storage Manager, Replication Manager, and Global Link Manager before 8.1.2-00, and Compute Systems Manager before 7.6.1-08 and 8.x before 8.1.2-00, as used in Hitachi Command Suite, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |