How severe is CVE-2015-2423?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2015-2423?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2015-2423

MEDIUM Year: 2015

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-200

View all →

Vulnerability Description

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Visio 2013 RT SP1, Word 2013 RT SP1, and Internet Explorer 7 through 11 allow remote attackers to gain privileges and obtain sensitive information via a crafted command-line parameter to an Office application or Notepad, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Unsafe Command Line Parameter Passing Vulnerability."

CVE-2024-32037

NONE

CVSS:0.0(None)

GeoNetwork is a catalog application to manage spatially referenced resources. In versions prior to 4.2.10 and 4.4.5, the search end-point response headers contain information about Elasticsearch softw...

CWE-2002024

CVE-2017-2320

CRITICAL

CVSS:10.0(Critical)

A vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unauthenticated, unprivileged, network-based attacker to cause various denials o...

CWE-2002017

CVE-2019-5016

CRITICAL

CVSS:10.0(Critical)

An exploitable arbitrary memory read vulnerability exists in the KCodes NetUSB.ko kernel module which enables the ReadySHARE Printer functionality of at least two NETGEAR Nighthawk Routers and potenti...

CWE-2002019

CVE-2020-13702

CRITICAL

CVSS:10.0(Critical)

The Rolling Proximity Identifier used in the Apple/Google Exposure Notification API beta through 2020-05-29 enables attackers to circumvent Bluetooth Smart Privacy because there is a secondary tempora...

CWE-2002020

CVE-2022-29165

CRITICAL

CVSS:10.0(Critical)

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. A critical vulnerability has been discovered in Argo CD starting with version 1.4.0 and prior to versions 2.1.15, 2.2.9, and 2...

CWE-2002022

CVE-2025-22612

CRITICAL

CVSS:10.0(Critical)

Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization allows an authenticated user to retrieve ...

CWE-2002025

CVE-2015-2423

Vulnerability Description

Related Vulnerabilities

CVE-2024-32037

CVE-2017-2320

CVE-2019-5016

CVE-2020-13702

CVE-2022-29165

CVE-2025-22612