CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-4464 | critical | 9.8 | 9.8 | 9y ago | Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server. | |||
| CVE-2015-0575 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. | |||
| CVE-2015-0574 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. | |||
| CVE-2015-1817 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors. | |||
| CVE-2015-3616 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. | |||
| CVE-2015-7894 | high | 8.8 | 9.8 | 9y ago | The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process… | |||
| CVE-2015-6816 | critical | 9.8 | 9.8 | 9y ago | ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | |||
| CVE-2015-2311 | critical | 9.8 | 9.8 | 9y ago | Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execut… | |||
| CVE-2015-0786 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecif… | |||
| CVE-2015-0782 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecifi… | |||
| CVE-2015-0781 | critical | 9.8 | 9.8 | 9y ago | Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecif… | |||
| CVE-2015-0780 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via… | |||
| CVE-2015-6941 | critical | 9.8 | 9.8 | 9y ago | win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. | |||
| CVE-2015-7853 | critical | 9.8 | 9.8 | 9y ago | The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative… | |||
| CVE-2015-7705 | critical | 9.8 | 9.8 | 9y ago | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | |||
| CVE-2015-5244 | critical | 9.8 | 9.8 | 9y ago | The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. | |||
| CVE-2015-9107 | critical | 9.8 | 9.8 | 9y ago | Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key o… | |||
| CVE-2015-2560 | critical | 9.8 | 9.8 | 9y ago | Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. | |||
| CVE-2015-1174 | critical | 9.8 | 9.8 | 9y ago | Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id. | |||
| CVE-2015-3278 | critical | 9.8 | 9.8 | 9y ago | The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impa… | |||
| CVE-2015-8009 | critical | 9.8 | 9.8 | 9y ago | The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the … | |||
| CVE-2015-2280 | high | 8.8 | 9.8 | 9y ago | snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands v… | |||
| CVE-2015-3886 | critical | 9.8 | 9.8 | 9y ago | libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors. | |||
| CVE-2015-1778 | critical | 9.8 | 9.8 | 9y ago | Opendaylight will authenticate any username and password combination | |||
| CVE-2015-7326 | critical | 9.8 | 9.8 | 9y ago | XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. | |||
| CVE-2015-5473 | critical | 9.8 | 9.8 | 9y ago | Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addD… | |||
| CVE-2015-9059 | critical | 9.8 | 9.8 | 9y ago | picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely. | |||
| CVE-2015-8257 | high | 8.8 | 9.8 | 9y ago | The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_… | |||
| CVE-2015-7569 | high | 8.8 | 9.8 | 9y ago | SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter. | |||
| CVE-2015-0104 | high | 8.8 | 9.8 | 9y ago | IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol… | |||
| CVE-2015-6568 | high | 8.8 | 9.8 | 9y ago | Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" … | |||
| CVE-2015-6567 | high | 8.8 | 9.8 | 9y ago | Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exp… | |||
| CVE-2015-8284 | high | 8.8 | 9.8 | 9y ago | SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions. | |||
| CVE-2015-8271 | critical | 9.8 | 9.8 | 9y ago | The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code. | |||
| CVE-2015-6674 | critical | 9.8 | 9.8 | 9y ago | Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplet… | |||
| CVE-2015-7563 | high | 8.8 | 9.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user. | |||
| CVE-2015-7893 | high | 8.8 | 9.8 | 9y ago | SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. | |||
| CVE-2015-7826 | critical | 9.8 | 9.8 | 9y ago | botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by acc… | |||
| CVE-2015-8255 | high | 8.8 | 9.8 | 9y ago | AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi. | |||
| CVE-2015-7292 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have uns… | |||
| CVE-2015-7273 | critical | 9.8 | 9.8 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. | |||
| CVE-2015-7272 | critical | 9.8 | 9.8 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via … | |||
| CVE-2015-7271 | critical | 9.8 | 9.8 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. | |||
| CVE-2015-7264 | critical | 9.8 | 9.8 | 9y ago | The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks. | |||
| CVE-2015-2888 | critical | 9.8 | 9.8 | 9y ago | Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service. | |||
| CVE-2015-2887 | critical | 9.8 | 9.8 | 9y ago | iBaby M3S has a password of admin for the backdoor admin account. | |||
| CVE-2015-2885 | critical | 9.8 | 9.8 | 9y ago | Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. | |||
| CVE-2015-2882 | critical | 9.8 | 9.8 | 9y ago | Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a passwo… | |||
| CVE-2015-2881 | critical | 9.8 | 9.8 | 9y ago | Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. | |||
| CVE-2015-8965 | critical | 9.8 | 9.8 | 9y ago | Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue e… | |||
| CVE-2015-8626 | critical | 9.8 | 9.8 | 9y ago | The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which ma… | |||
| CVE-2015-5729 | critical | 9.8 | 9.8 | 9y ago | The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain … | |||
| CVE-2015-4166 | critical | 9.8 | 9.8 | 9y ago | Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. | |||
| CVE-2015-0855 | critical | 9.8 | 9.8 | 9y ago | The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. | |||
| CVE-2015-8954 | critical | 9.8 | 9.8 | 9y ago | The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafte… | |||
| CVE-2015-3884 | high | 8.8 | 9.8 | 9y ago | Unrestricted file upload vulnerability in the (1) myAccount, (2) projects, (3) tasks, (4) tickets, (5) discussions, (6) reports, and (7) scheduler pages in qdPM 8.3 allows remote attackers to execute… | |||
| CVE-2015-8981 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size. | |||
| CVE-2015-8771 | critical | 9.8 | 9.8 | 9y ago | The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. | |||
| CVE-2015-8768 | critical | 9.8 | 9.8 | 9y ago | click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges… | |||
| CVE-2015-8608 | critical | 9.8 | 9.8 | 9y ago | The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive lette… | |||
| CVE-2015-8972 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large inp… | |||
| CVE-2015-8212 | critical | 9.8 | 9.8 | 10y ago | CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware pr… | |||
| CVE-2015-3188 | critical | 9.8 | 9.8 | 10y ago | Apache Storm remote code execution vulnerability | |||
| CVE-2015-4593 | high | 8.8 | 9.8 | 10y ago | eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content a… | |||
| CVE-2015-4592 | high | 8.8 | 9.8 | 10y ago | eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as… | |||
| CVE-2015-2868 | critical | 9.8 | 9.8 | 10y ago | An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II… | |||
| CVE-2015-2867 | critical | 9.8 | 9.8 | 10y ago | A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. | |||
| CVE-2015-3210 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)… | |||
| CVE-2015-1000011 | critical | 9.8 | 9.8 | 10y ago | Blind SQL Injection in wordpress plugin dukapress v2.5.9 | |||
| CVE-2015-1000003 | critical | 9.8 | 9.8 | 10y ago | Blind SQL Injection in filedownload v1.4 wordpress plugin | |||
| CVE-2015-1000001 | critical | 9.8 | 9.8 | 10y ago | Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | |||
| CVE-2015-1000000 | critical | 9.8 | 9.8 | 10y ago | Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | |||
| CVE-2015-8871 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors. | |||
| CVE-2015-5721 | critical | 9.8 | 9.8 | 10y ago | Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_… | |||
| CVE-2015-5719 | critical | 9.8 | 9.8 | 10y ago | app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact a… | |||
| CVE-2015-8949 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login. | |||
| CVE-2015-0573 | critical | 9.8 | 9.8 | 10y ago | drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows at… | |||
| CVE-2015-7029 | critical | 9.8 | 9.8 | 10y ago | Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) vi… | |||
| CVE-2015-7988 | critical | 9.8 | 9.8 | 10y ago | The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vecto… | |||
| CVE-2015-7987 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueFor… | |||
| CVE-2015-7695 | critical | 9.8 | 9.8 | 10y ago | Zend Framework SQL injection vector using null byte for PDO | |||
| CVE-2015-8880 | critical | 9.8 | 9.8 | 10y ago | Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. | |||
| CVE-2015-8876 | critical | 9.8 | 9.8 | 10y ago | Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL… | |||
| CVE-2015-8835 | critical | 9.8 | 9.8 | 10y ago | The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a… | |||
| CVE-2015-5589 | critical | 9.8 | 9.8 | 10y ago | The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows… | |||
| CVE-2015-4643 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply t… | |||
| CVE-2015-4642 | critical | 9.8 | 9.8 | 10y ago | The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2015-4603 | critical | 9.8 | 9.8 | 10y ago | The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpecte… | |||
| CVE-2015-4602 | critical | 9.8 | 9.8 | 10y ago | The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (applicat… | |||
| CVE-2015-4601 | critical | 9.8 | 9.8 | 10y ago | PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1… | |||
| CVE-2015-4600 | critical | 9.8 | 9.8 | 10y ago | The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary … | |||
| CVE-2015-4599 | critical | 9.8 | 9.8 | 10y ago | The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of servic… | |||
| CVE-2015-4116 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a f… | |||
| CVE-2015-6552 | critical | 9.8 | 9.8 | 10y ago | The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.… | |||
| CVE-2015-6550 | critical | 9.8 | 9.8 | 10y ago | bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through… | |||
| CVE-2015-8863 | critical | 9.8 | 9.8 | 10y ago | Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. | |||
| CVE-2015-0857 | critical | 9.8 | 9.8 | 10y ago | Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | |||
| CVE-2015-8812 | critical | 9.8 | 9.8 | 10y ago | drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service … | |||
| CVE-2015-8779 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possib… | |||
| CVE-2015-8778 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the s… |