CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8995 | high | 7.8 | 7.8 | 9y ago | In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. | |||
| CVE-2015-9004 | high | 7.8 | 7.8 | 9y ago | kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_even… | |||
| CVE-2015-8110 | high | 7.8 | 7.8 | 9y ago | Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by navigating to (1) "Click here to learn more" or (2) "View privacy policy" within t… | |||
| CVE-2015-8107 | high | 7.8 | 7.8 | 9y ago | Format string vulnerability in GNU a2ps 4.14 allows remote attackers to execute arbitrary code. | |||
| CVE-2015-7270 | high | 7.8 | 7.8 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows directory traversal. | |||
| CVE-2015-7260 | high | 7.8 | 7.8 | 9y ago | Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain privileges by replacing the LiebertM executable file. | |||
| CVE-2015-8026 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in the verify_vbr_checksum function in exfatfsck in exfat-utils before 1.2.1 allows remote attackers to cause a denial of service (infinite loop) or possibly execute arbitr… | |||
| CVE-2015-8971 | high | 7.8 | 7.8 | 10y ago | Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. | |||
| CVE-2015-0854 | high | 7.8 | 7.8 | 10y ago | App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action. | |||
| CVE-2015-8967 | high | 7.8 | 7.8 | 10y ago | arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileg… | |||
| CVE-2015-8966 | high | 7.8 | 7.8 | 10y ago | arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 allows local users to gain privileges via a crafted (1) F_OFD_GETLK, (2) F_OFD_SETLK, or (3) F_OFD_SETLKW command in an fcntl64 system… | |||
| CVE-2015-8961 | high | 7.8 | 7.8 | 10y ago | The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel before 4.3.3 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging improper acc… | |||
| CVE-2015-3288 | high | 7.8 | 7.8 | 10y ago | mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that trigge… | |||
| CVE-2015-8951 | high | 7.8 | 7.8 | 10y ago | Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attack… | |||
| CVE-2015-1000013 | high | 7.8 | 7.8 | 10y ago | Remote file upload vulnerability in wordpress plugin csv2wpec-coupon v1.1 | |||
| CVE-2015-8931 | high | 7.8 | 7.8 | 10y ago | Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impa… | |||
| CVE-2015-0568 | high | 7.8 | 7.8 | 10y ago | Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Andro… | |||
| CVE-2015-8943 | high | 7.8 | 7.8 | 10y ago | drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, whic… | |||
| CVE-2015-8942 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain … | |||
| CVE-2015-8941 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which all… | |||
| CVE-2015-8940 | high | 7.8 | 7.8 | 10y ago | Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android… | |||
| CVE-2015-8939 | high | 7.8 | 7.8 | 10y ago | drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain … | |||
| CVE-2015-8938 | high | 7.8 | 7.8 | 10y ago | The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted applicatio… | |||
| CVE-2015-8937 | high | 7.8 | 7.8 | 10y ago | drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges vi… | |||
| CVE-2015-8892 | high | 7.8 | 7.8 | 10y ago | platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with traili… | |||
| CVE-2015-8891 | high | 7.8 | 7.8 | 10y ago | Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a cr… | |||
| CVE-2015-8890 | high | 7.8 | 7.8 | 10y ago | platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows … | |||
| CVE-2015-8889 | high | 7.8 | 7.8 | 10y ago | The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android inter… | |||
| CVE-2015-8888 | high | 7.8 | 7.8 | 10y ago | Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and … | |||
| CVE-2015-5723 | high | 7.8 | 7.8 | 10y ago | Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before 1.4.2, Common before 2.4.3 and 2.5.x before 2.5.1, ORM before 2.4.8 or 2.5.x before 2.5.1, MongoDB ODM before 1.0.2, and MongoDB… | |||
| CVE-2015-5260 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host v… | |||
| CVE-2015-5228 | high | 7.8 | 7.8 | 10y ago | The service daemon in CRIU creates log and dump files insecurely, which allows local users to create arbitrary files and take ownership of existing files via unspecified vectors related to a director… | |||
| CVE-2015-8875 | high | 7.8 | 7.8 | 10y ago | Multiple integer overflows in the (1) pixops_composite_nearest, (2) pixops_composite_color_nearest, and (3) pixops_process functions in pixops/pixops.c in gdk-pixbuf before 2.33.1 allow remote attack… | |||
| CVE-2015-8156 | high | 7.8 | 7.8 | 10y ago | Unquoted Windows search path vulnerability in EEDService in Symantec Endpoint Encryption (SEE) 11.x before 11.1.1 allows local users to gain privileges via a Trojan horse executable file in the %SYST… | |||
| CVE-2015-8312 | high | 7.8 | 7.8 | 10y ago | Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow local users to cause a denial of service (memory overwrite and system crash) via a pioctl with an input buffer size of 4096 bytes. | |||
| CVE-2015-0571 | high | 7.8 | 7.8 | 10y ago | The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for … | |||
| CVE-2015-0570 | high | 7.8 | 7.8 | 10y ago | Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in wlan_hdd_hostapd.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) … | |||
| CVE-2015-8868 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the ExponentialFunction::ExponentialFunction function in Poppler before 0.40.0 allows remote attackers to cause a denial of service (memory corruption and crash) or poss… | |||
| CVE-2015-8830 | high | 7.8 | 7.8 | 10y ago | Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO … | |||
| CVE-2015-8019 | high | 7.8 | 7.8 | 10y ago | The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c in the Linux kernel 3.14.54 and 3.18.22 does not accept a length argument, which allows local users to cause a denial of service (… | |||
| CVE-2015-2686 | high | 7.8 | 7.8 | 10y ago | net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate certain range data for (1) sendto and (2) recvfrom system calls, which allows local users to gain privileges by leveraging a subs… | |||
| CVE-2015-8325 | high | 7.8 | 7.8 | 10y ago | The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows loc… | |||
| CVE-2015-8106 | high | 7.8 | 7.8 | 10y ago | Format string vulnerability in the CmdKeywords function in funct1.c in latex2rtf before 2.3.10 allows remote attackers to execute arbitrary code via format string specifiers in the \keywords command … | |||
| CVE-2015-7552 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the gdk_pixbuf_flip function in gdk-pixbuf-scale.c in gdk-pixbuf 2.30.x allows remote attackers to cause a denial of service or possibly execute arbitrary code via a cra… | |||
| CVE-2015-8620 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the Avast virtualization driver (aswSnx.sys) in Avast Internet Security, Pro Antivirus, Premier, and Free Antivirus before 11.1.2253 allows local users to gain privilege… | |||
| CVE-2015-8304 | high | 7.8 | 7.8 | 10y ago | Integer overflow in Huawei P7 phones with software before P7-L07 V100R001C01B606 allows remote attackers to gain privileges via a crafted application with the system or camera permission. | |||
| CVE-2015-5349 | high | 7.8 | 7.8 | 10y ago | Apache Directory Studio Command Injection | |||
| CVE-2015-8681 | high | 7.8 | 7.8 | 10y ago | The ovisp driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-UL1… | |||
| CVE-2015-8680 | high | 7.8 | 7.8 | 10y ago | The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-… | |||
| CVE-2015-8319 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before… | |||
| CVE-2015-8318 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before… | |||
| CVE-2015-8307 | high | 7.8 | 7.8 | 10y ago | The Graphics driver in Huawei P8 smartphones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230, and GRA-… | |||
| CVE-2015-8150 | high | 7.8 | 7.8 | 10y ago | Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows local users to obtain root access by modifying a batch file. | |||
| CVE-2015-8539 | high | 7.8 | 7.8 | 11y ago | The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to se… | |||
| CVE-2015-8306 | high | 7.8 | 7.8 | 11y ago | Buffer overflow in the HIFI driver in Huawei P8 phones with software GRA-TL00 before GRA-TL00C01B230, GRA-CL00 before GRA-CL00C92B230, GRA-CL10 before GRA-CL10C92B230, GRA-UL00 before GRA-UL00C00B230… | |||
| CVE-2015-6980 | high | 7.8 | 7.8 | 11y ago | Directory Utility in Apple OS X before 10.11.1 mishandles authentication for new sessions, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-7362 | high | 7.8 | 7.8 | 11y ago | Fortinet FortiClient Linux SSLVPN before build 2313, when installed on Linux in a home directory that is world readable and executable, allows local users to gain privileges via the helper/subroc set… | |||
| CVE-2015-6856 | high | 7.8 | 7.8 | 11y ago | Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x0022201c IOCTL call. | |||
| CVE-2015-6647 | high | 7.8 | 7.8 | 11y ago | The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka i… | |||
| CVE-2015-6640 | high | 7.8 | 7.8 | 11y ago | The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows at… | |||
| CVE-2015-6638 | high | 7.8 | 7.8 | 11y ago | The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908. | |||
| CVE-2015-6637 | high | 7.8 | 7.8 | 11y ago | The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. | |||
| CVE-2015-6859 | high | 7.8 | 7.8 | 11y ago | HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6860. | |||
| CVE-2015-7489 | high | 7.8 | 7.8 | 11y ago | IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses weak permissions (Everyone: Write) for Python scripts, which allows local users to gain privileges by modifying a script. | |||
| CVE-2015-8341 | high | — | 7.8 | 11y ago | The libxl toolstack library in Xen 4.1.x through 4.6.x does not properly release mappings of files used as kernels and initial ramdisks when managing multiple domains in the same process, which allow… | |||
| CVE-2015-6849 | high | — | 7.8 | 11y ago | EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before 8.2.2.2, and 9.0 before build 407 allows remote attackers to cause a denial of service (process outage) via malformed RPC authenticati… | |||
| CVE-2015-6391 | high | — | 7.8 | 11y ago | Cisco Unified SIP 3905 phones allow remote attackers to cause a denial of service (resource consumption and functionality loss) via a large amount of network traffic, aka Bug ID CSCuh51331. | |||
| CVE-2015-8330 | high | — | 7.8 | 11y ago | The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers to cause a denial of service (memory corruption and agent crash) via crafted xMII requests, aka SAP Security Note 2238619. | |||
| CVE-2015-6377 | high | — | 7.8 | 11y ago | Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote attackers to cause a denial of service (CPU and memory consumption, and TCP port outage) via a flood of crafted TCP packets, aka Bu… | |||
| CVE-2015-8083 | high | — | 7.8 | 11y ago | An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout… | |||
| CVE-2015-7910 | high | — | 7.8 | 11y ago | Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this head… | |||
| CVE-2015-7419 | high | — | 7.8 | 11y ago | IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows remote attackers to cause a denial of service (memory consumption) via crafted requests. | |||
| CVE-2015-6367 | high | — | 7.8 | 11y ago | Cisco Aironet 1800 devices with software 8.1(131.0) allow remote attackers to cause a denial of service (CPU consumption) by improperly establishing many SSHv2 connections, aka Bug ID CSCux13374. | |||
| CVE-2015-7662 | high | — | 7.8 | 11y ago | Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on Windows and OS X and before 11.2.202.548 on Linux, Adobe AIR before 19.0.0.241, Adobe AIR SDK before 19.0.0.241, and Adobe AIR SDK &… | |||
| CVE-2015-6292 | high | — | 7.8 | 11y ago | The proxy-cache implementation in Cisco AsyncOS 8.0.x before 8.0.7-151, 8.1.x and 8.5.x before 8.5.2-004, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WS… | |||
| CVE-2015-6321 | high | — | 7.8 | 11y ago | Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-042 on Email Security Appliance (ESA) devices; before 9.1.0-032, 9.1.1 before 9.1.1-005,… | |||
| CVE-2015-6293 | high | — | 7.8 | 11y ago | Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, 8.6.x and 8.7.x before 8.7.0-171-LD, and 8.8.x before 8.8.0-085 on Web Security Appliance (WSA) devices allows remote attackers t… | |||
| CVE-2015-6291 | high | — | 7.8 | 11y ago | Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and 9.6.x before 9.6.0-046 on Email Security Appliance (ESA) devices mishandles malformed fields during body-contains, attachment-conta… | |||
| CVE-2015-5470 | high | — | 7.8 | 11y ago | The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a d… | |||
| CVE-2015-6327 | high | — | 7.8 | 11y ago | The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 be… | |||
| CVE-2015-6326 | high | — | 7.8 | 11y ago | Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.… | |||
| CVE-2015-4717 | high | — | 7.8 | 11y ago | The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote … | |||
| CVE-2015-7752 | high | — | 7.8 | 11y ago | The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R8, 13.2X51 before 13.2… | |||
| CVE-2015-7749 | high | — | 7.8 | 11y ago | The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service via an unspecified connection request to the "host-OS." | |||
| CVE-2015-7686 | high | — | 7.8 | 11y ago | Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and earlier for Perl allows remote attackers to cause a denial of service (CPU consumption) via a crafted string c… | |||
| CVE-2015-3938 | high | — | 7.8 | 11y ago | The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices before April 2015 allows remote attackers to cause a denial of service (device outage) via a long parameter. | |||
| CVE-2015-4546 | high | — | 7.8 | 11y ago | Directory traversal vulnerability in EMC RSA OneStep 6.9 before build 559, as used in RSA Certificate Manager and RSA Registration Manager through 6.9 build 558 and other products, allows remote atta… | |||
| CVE-2015-6279 | high | — | 7.8 | 11y ago | The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E… | |||
| CVE-2015-6278 | high | — | 7.8 | 11y ago | The IPv6 snooping functionality in the first-hop security subsystem in Cisco IOS 12.2, 15.0, 15.1, 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.2SE, 3.3SE, 3.3XO, 3.4SG, 3.5E, and 3.6E before 3.6.3E; 3.7E… | |||
| CVE-2015-6282 | high | — | 7.8 | 11y ago | Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS before 3.13.3S, and 3.14.xS through 3.15.xS before 3.15.1S allows remote attackers to cause a denial of service (device reload) via IP… | |||
| CVE-2015-5993 | high | — | 7.8 | 11y ago | Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to ca… | |||
| CVE-2015-6284 | high | — | 7.8 | 11y ago | Buffer overflow in the Conference Control Protocol API implementation in Cisco TelePresence Server software before 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devic… | |||
| CVE-2015-6973 | high | — | 7.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a pass… | |||
| CVE-2015-5472 | high | — | 7.8 | 11y ago | Absolute path traversal vulnerability in lib/download.php in the IBS Mappro plugin before 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter. | |||
| CVE-2015-1943 | high | — | 7.8 | 11y ago | IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial… | |||
| CVE-2015-5997 | high | — | 7.8 | 11y ago | Impero Education Pro before 5105 uses a hardcoded CBC key and initialization vector derived from a hash of the Imp3ro string, which makes it easier for remote attackers to obtain plaintext data by sn… | |||
| CVE-2015-6914 | high | — | 7.8 | 11y ago | Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows remote attackers to read arbitrary files via a full pathname in the file parameter to assets/download.aspx. | |||
| CVE-2015-5722 | high | — | 7.8 | 11y ago | buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (assertion failure and daemon exit) by creating a zone containing a … | |||
| CVE-2015-6812 | high | — | 7.8 | 11y ago | Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.0.12.1 allows remote attackers to cause a denial of service (loop and memory consumption) via a cr… | |||
| CVE-2015-6272 | high | — | 7.8 | 11y ago | Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) vi… |