CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1651 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft… | |||
| CVE-2015-1650 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on Share… | |||
| CVE-2015-1649 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, and Office… | |||
| CVE-2015-1645 | critical | — | 9.3 | 11y ago | Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to execute arbitrary code via a crafted Enhanced Metafile (EMF) imag… | |||
| CVE-2015-2846 | critical | — | 9.3 | 11y ago | BitTorrent Sync allows remote attackers to execute arbitrary commands via a crafted btsync: link. | |||
| CVE-2015-0334 | critical | — | 9.3 | 11y ago | Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecifi… | |||
| CVE-2015-1061 | critical | — | 9.3 | 11y ago | IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confus… | |||
| CVE-2015-1634 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-1626 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2015-1625 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-1624 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-1623 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2015-1622 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |||
| CVE-2015-0100 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne… | |||
| CVE-2015-0099 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2015-0093 | critical | — | 9.3 | 11y ago | Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT G… | |||
| CVE-2015-0092 | critical | — | 9.3 | 11y ago | Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT G… | |||
| CVE-2015-0091 | critical | — | 9.3 | 11y ago | Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT G… | |||
| CVE-2015-0090 | critical | — | 9.3 | 11y ago | Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT G… | |||
| CVE-2015-0088 | critical | — | 9.3 | 11y ago | Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT G… | |||
| CVE-2015-0086 | critical | — | 9.3 | 11y ago | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 Gold and SP1, Word 2013 RT Gold and SP1, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2… | |||
| CVE-2015-0085 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Office 2013 Gold an… | |||
| CVE-2015-0056 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2015-0032 | critical | — | 9.3 | 11y ago | vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 8 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (mem… | |||
| CVE-2015-0068 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |||
| CVE-2015-0067 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup… | |||
| CVE-2015-0066 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2015-0063 | critical | — | 9.3 | 12y ago | Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitr… | |||
| CVE-2015-0053 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup… | |||
| CVE-2015-0052 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |||
| CVE-2015-0049 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 8 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruptio… | |||
| CVE-2015-0048 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne… | |||
| CVE-2015-0046 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0045 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrup… | |||
| CVE-2015-0044 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption… | |||
| CVE-2015-0043 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0042 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0041 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0039 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |||
| CVE-2015-0038 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0037 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2015-0036 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0035 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |||
| CVE-2015-0031 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0030 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0029 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption… | |||
| CVE-2015-0028 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne… | |||
| CVE-2015-0027 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti… | |||
| CVE-2015-0026 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0025 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2015-0023 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2015-0022 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0021 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0020 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0019 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruptio… | |||
| CVE-2015-0018 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2015-0017 | critical | — | 9.3 | 12y ago | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-0008 | high | — | 9.3 | 12y ago | The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows… | |||
| CVE-2015-0312 | critical | — | 9.3 | 12y ago | Double free vulnerability in Adobe Flash Player before 13.0.0.264 and 14.x through 16.x before 16.0.0.296 on Windows and OS X and before 11.2.202.440 on Linux allows attackers to execute arbitrary co… | |||
| CVE-2015-0437 | critical | — | 9.3 | 12y ago | Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | |||
| CVE-2015-0395 | critical | — | 9.3 | 12y ago | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | |||
| CVE-2015-0305 | critical | — | 9.3 | 12y ago | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27… | |||
| CVE-2015-8914 | critical | 9.1 | 9.1 | 4y ago | The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended ICMPv6-spoofing protection mechanism and consequently cause a denial of s… | |||
| CVE-2015-7544 | critical | 9.1 | 9.1 | 9y ago | redhat-support-plugin-rhev in Red Hat Enterprise Virtualization Manager (aka RHEV Manager) before 3.6 allows remote authenticated users with the SuperUser role on any Entity to execute arbitrary comm… | |||
| CVE-2015-4075 | high | 8.1 | 9.1 | 9y ago | The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task. | |||
| CVE-2015-3314 | high | 8.1 | 9.1 | 9y ago | SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. | |||
| CVE-2015-2310 | critical | 9.1 | 9.1 | 9y ago | Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows remote peers to cause a denial of service or possibly obtain sensitive information from memory v… | |||
| CVE-2015-1555 | critical | 9.1 | 9.1 | 9y ago | Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators. | |||
| CVE-2015-5609 | critical | 9.1 | 9.1 | 9y ago | Absolute path traversal vulnerability in the Image Export plugin 1.1 for WordPress allows remote attackers to read and delete arbitrary files via a full pathname in the file parameter to download.php. | |||
| CVE-2015-2947 | critical | 9.1 | 9.1 | 9y ago | KanColleViewer versions 3.8.1 and earlier operates as an open proxy which allows remote attackers to trigger outbound network traffic. | |||
| CVE-2015-5073 | critical | 9.1 | 9.1 | 10y ago | Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from hea… | |||
| CVE-2015-1000009 | critical | 9.1 | 9.1 | 10y ago | Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 | |||
| CVE-2015-1832 | critical | 9.1 | 9.1 | 10y ago | Improper Restriction of XML External Entity Reference in Apace Derby | |||
| CVE-2015-8869 | critical | 9.1 | 9.1 | 10y ago | OCaml before 4.03.0 does not properly handle sign extensions, which allows remote attackers to conduct buffer overflow attacks or obtain sensitive information as demonstrated by a long string to the … | |||
| CVE-2015-7611 | high | 8.1 | 9.1 | 10y ago | Apache James Server OS Command Injection | |||
| CVE-2015-5041 | critical | 9.1 | 9.1 | 10y ago | The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 R1 before SR8 FP20, 7 before SR9 FP30, and 7 R1 before SR3 FP30 allows remote attackers to obtain sensitive information or inject … | |||
| CVE-2015-8776 | critical | 9.1 | 9.1 | 10y ago | The strftime function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly obtain sensitive informatio… | |||
| CVE-2015-7921 | critical | 9.1 | 9.1 | 10y ago | The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, PFXEXEDLS before 4.05.000, and PFXEXGRPLS before 4.05.000 has hardcoded credentials, which makes it easier for re… | |||
| CVE-2015-6854 | critical | 9.1 | 9.1 | 10y ago | The non-Domino web agents in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, and R12.5 before CR5 allow remote attackers to cause a denial of serv… | |||
| CVE-2015-6853 | critical | 9.1 | 9.1 | 10y ago | The Domino web agent in CA Single Sign-On (aka SSO, formerly SiteMinder) R6, R12.0 before SP3 CR13, R12.0J before SP3 CR1.2, R12.5 before CR5, R12.51 before CR4, and R12.52 before SP1 CR3 allows remo… | |||
| CVE-2015-8151 | critical | 9.1 | 9.1 | 10y ago | Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote authenticated users to execute arbitrary OS commands by leveraging console administrator access. | |||
| CVE-2015-7547 | high | 8.1 | 9.1 | 10y ago | Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a den… | |||
| CVE-2015-8361 | critical | 9.1 | 9.1 | 11y ago | Multiple unspecified services in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 do not require authentication, which allows remote attackers to obtain sensitive information, modify settings, … | |||
| CVE-2015-8772 | critical | 9.1 | 9.1 | 11y ago | McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows local users to obtain sensitive information from kernel memory or cause a denial of service (system crash) via a large … | |||
| CVE-2015-8753 | critical | 9.1 | 9.1 | 11y ago | SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization checks and wipe or lock mobile devices via a crafted request, related to "Insecure signature," aka SAP Security Note 2134905. | |||
| CVE-2015-7911 | critical | 9.1 | 9.1 | 11y ago | Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, PCD3.Mxxx0, PCD7.D4xxD, PCD7.D4xxV, PCD7.D4xxWTPF, and PCD7.D4xxxT5F devices before 1.24.50 and PCD3.T665 and PCD3.T666 devices before 1.2… | |||
| CVE-2015-2142 | high | 8.0 | 9.0 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that caus… | |||
| CVE-2015-8356 | high | 8.0 | 9.0 | 9y ago | Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to adm… | |||
| CVE-2015-7923 | critical | 9.0 | 9.0 | 11y ago | Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanism… | |||
| CVE-2015-7512 | critical | 9.0 | 9.0 | 11y ago | Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU, when a guest NIC has a larger MTU, allows remote attackers to cause a denial of service (guest OS crash) or execute arbitrary … | |||
| CVE-2015-8557 | critical | 9.0 | 9.0 | 11y ago | The FontManager._get_nix_font_path function in formatters/img.py in Pygments 1.2.2 through 2.0.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a font name. | |||
| CVE-2015-8761 | critical | 9.0 | 9.0 | 11y ago | The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly check permissions, which allows remote administrators with the "Import value sets" permission to execute arbitrary PHP code via t… | |||
| CVE-2015-6389 | critical | — | 9.0 | 11y ago | Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser account, which allows remote attackers to obtain access by establishing an SSH session and leveraging knowledge of this account'… | |||
| CVE-2015-7394 | critical | — | 9.0 | 11y ago | The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link Controller, and LTM 11.1.0 before 12.0.0, BIG-IP AAM 11.4.0 before 12.0.0, BIG-IP AFM, PEM 11.3.0 before 12.0.0, BIG-IP Edge Gateway,… | |||
| CVE-2015-6298 | critical | — | 9.0 | 11y ago | The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) device… | |||
| CVE-2015-7699 | critical | — | 9.0 | 11y ago | The files_external app in ownCloud Server before 7.0.9, 8.0.x before 8.0.7, and 8.1.x before 8.1.2 allows remote authenticated users to instantiate arbitrary classes and possibly execute arbitrary co… | |||
| CVE-2015-6335 | critical | — | 9.0 | 11y ago | The policy implementation in Cisco FireSIGHT Management Center 5.3.1.7, 5.4.0.4, and 6.0.0 for VMware allows remote authenticated administrators to bypass intended policy restrictions and execute Lin… | |||
| CVE-2015-4796 | critical | — | 9.0 | 11y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, in… | |||
| CVE-2015-4794 | critical | — | 9.0 | 11y ago | Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability … | |||
| CVE-2015-7698 | critical | — | 9.0 | 11y ago | icewind1991 SMB before 1.0.3 allows remote authenticated users to execute arbitrary SMB commands via shell metacharacters in the user argument in the (1) listShares function in Server.php or the (2) … |