CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-4704 | high | 7.5 | 7.5 | 9y ago | Directory traversal vulnerability in the Download Zip Attachments plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the File parameter to download.php. | |||
| CVE-2015-4054 | high | 7.5 | 7.5 | 9y ago | PgBouncer before 1.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by sending a password packet before a startup packet. | |||
| CVE-2015-1529 | high | 7.5 | 7.5 | 9y ago | Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android allows attacks to cause a denial of service via unspecified vectors. | |||
| CVE-2015-5436 | high | 7.5 | 7.5 | 9y ago | A potential security vulnerability has been identified with HP Integrated Lights-Out 4 (iLO 4) firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotel… | |||
| CVE-2015-1522 | high | 7.5 | 7.5 | 9y ago | analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer ov… | |||
| CVE-2015-1521 | high | 7.5 | 7.5 | 9y ago | analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly handle zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-… | |||
| CVE-2015-8619 | high | 7.5 | 7.5 | 9y ago | The Human Monitor Interface support in QEMU allows remote attackers to cause a denial of service (out-of-bounds write and application crash). | |||
| CVE-2015-4646 | high | 7.5 | 7.5 | 9y ago | (1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) unsquash-4.c in Squashfs and sasquatch allow remote attackers to cause a denial of service (application crash) via a crafted input. | |||
| CVE-2015-8270 | high | 7.5 | 7.5 | 9y ago | The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to cause a denial of service (invalid pointer dereference and process crash). | |||
| CVE-2015-7825 | high | 7.5 | 7.5 | 9y ago | botan before 1.11.22 improperly validates certificate paths, which allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a certificate with a loop in the cer… | |||
| CVE-2015-7824 | high | 7.5 | 7.5 | 9y ago | botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites. | |||
| CVE-2015-8378 | high | 7.5 | 7.5 | 9y ago | In KeePassX before 0.4.4, a cleartext copy of password data is created upon a cancel of an XML export action. This allows context-dependent attackers to obtain sensitive information by reading the .x… | |||
| CVE-2015-7265 | high | 7.5 | 7.5 | 9y ago | Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request state, which allows remote attackers to conduct hijacking attacks and bypass ACL checks. | |||
| CVE-2015-7263 | high | 7.5 | 7.5 | 9y ago | The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote attackers to conduct hijacking attacks and bypass ACL checks via a crafted host value. | |||
| CVE-2015-2886 | high | 7.5 | 7.5 | 9y ago | iBaby M6 allows remote attackers to obtain sensitive information, related to the ibabycloud.com service. | |||
| CVE-2015-2884 | high | 7.5 | 7.5 | 9y ago | Philips In.Sight B120/37 allows remote attackers to obtain sensitive information via a direct request, related to yoics.net URLs, stream.m3u8 URIs, and cam_service_enable.cgi. | |||
| CVE-2015-4680 | high | 7.5 | 7.5 | 9y ago | FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly check revocation of intermediate CA certificates. | |||
| CVE-2015-1612 | high | 7.5 | 7.5 | 9y ago | OpenFlow plugin for OpenDaylight LLDP Relay | |||
| CVE-2015-1611 | high | 7.5 | 7.5 | 9y ago | OpenFlow plugin for OpenDaylight allows spoofing the SDN topology | |||
| CVE-2015-7844 | high | 7.5 | 7.5 | 9y ago | Huawei FusionAccess with software V100R005C10,V100R005C20 could allow attackers to craft and send a malformed HDP protocol packet to cause the virtual cloud desktop to be displaying an error and not … | |||
| CVE-2015-4556 | high | 7.5 | 7.5 | 9y ago | The string-translate* procedure in the data-structures unit in CHICKEN before 4.10.0 allows remote attackers to cause a denial of service (crash). | |||
| CVE-2015-8625 | high | 7.5 | 7.5 | 9y ago | MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read… | |||
| CVE-2015-3881 | high | 7.5 | 7.5 | 9y ago | Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qd… | |||
| CVE-2015-8895 | high | 7.5 | 7.5 | 9y ago | Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflo… | |||
| CVE-2015-8990 | high | 7.5 | 7.5 | 9y ago | Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware. | |||
| CVE-2015-2330 | high | 7.5 | 7.5 | 9y ago | Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | |||
| CVE-2015-8994 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a n… | |||
| CVE-2015-4057 | high | 7.5 | 7.5 | 9y ago | The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover th… | |||
| CVE-2015-8979 | high | 7.5 | 7.5 | 9y ago | Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long … | |||
| CVE-2015-8544 | high | 7.5 | 7.5 | 10y ago | NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-8977 | high | 7.5 | 7.5 | 10y ago | MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files. | |||
| CVE-2015-7979 | high | 7.5 | 7.5 | 10y ago | NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a bro… | |||
| CVE-2015-7978 | high | 7.5 | 7.5 | 10y ago | NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction… | |||
| CVE-2015-8860 | high | 7.5 | 7.5 | 10y ago | The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||
| CVE-2015-8858 | high | 7.5 | 7.5 | 10y ago | The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)." | |||
| CVE-2015-8855 | high | 7.5 | 7.5 | 10y ago | The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | |||
| CVE-2015-8854 | high | 7.5 | 7.5 | 10y ago | The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline r… | |||
| CVE-2015-8315 | high | 7.5 | 7.5 | 10y ago | The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | |||
| CVE-2015-4626 | high | 7.5 | 7.5 | 10y ago | B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft. | |||
| CVE-2015-6574 | high | 7.5 | 7.5 | 10y ago | The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. | |||
| CVE-2015-3418 | high | 7.5 | 7.5 | 10y ago | The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutI… | |||
| CVE-2015-3217 | high | 7.5 | 7.5 | 10y ago | PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expr… | |||
| CVE-2015-8978 | high | 7.5 | 7.5 | 10y ago | In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with th… | |||
| CVE-2015-5162 | high | 7.5 | 7.5 | 10y ago | The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attack… | |||
| CVE-2015-1000012 | high | 7.5 | 7.5 | 10y ago | Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin | |||
| CVE-2015-1000010 | high | 7.5 | 7.5 | 10y ago | Remote file download in simple-image-manipulator v1.0 wordpress plugin | |||
| CVE-2015-1000007 | high | 7.5 | 7.5 | 10y ago | Remote file download vulnerability in wptf-image-gallery v1.03 | |||
| CVE-2015-1000006 | high | 7.5 | 7.5 | 10y ago | Remote file download vulnerability in recent-backups v0.7 wordpress plugin | |||
| CVE-2015-1000005 | high | 7.5 | 7.5 | 10y ago | Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin | |||
| CVE-2015-6393 | high | 7.5 | 7.5 | 10y ago | Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) v… | |||
| CVE-2015-6392 | high | 7.5 | 7.5 | 10y ago | Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted I… | |||
| CVE-2015-8930 | high | 7.5 | 7.5 | 10y ago | bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. | |||
| CVE-2015-8921 | high | 7.5 | 7.5 | 10y ago | The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. | |||
| CVE-2015-8919 | high | 7.5 | 7.5 | 10y ago | The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) … | |||
| CVE-2015-8918 | high | 7.5 | 7.5 | 10y ago | The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." | |||
| CVE-2015-8917 | high | 7.5 | 7.5 | 10y ago | bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. | |||
| CVE-2015-8948 | high | 7.5 | 7.5 | 10y ago | idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. | |||
| CVE-2015-8022 | high | 7.5 | 7.5 | 10y ago | The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; B… | |||
| CVE-2015-3854 | high | 7.5 | 7.5 | 10y ago | packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.sto… | |||
| CVE-2015-5738 | high | 7.5 | 7.5 | 10y ago | The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for rem… | |||
| CVE-2015-1977 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.4… | |||
| CVE-2015-0899 | high | 7.5 | 7.5 | 10y ago | Improper Input Validation in Apache Struts | |||
| CVE-2015-8899 | high | 7.5 | 7.5 | 10y ago | Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. | |||
| CVE-2015-6289 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka… | |||
| CVE-2015-8289 | high | 7.5 | 7.5 | 10y ago | The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator pass… | |||
| CVE-2015-8268 | high | 7.5 | 7.5 | 10y ago | The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2015-8806 | high | 7.5 | 7.5 | 10y ago | Denial of service or RCE from libxml2 and libxslt | |||
| CVE-2015-8853 | high | 7.5 | 7.5 | 10y ago | The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 … | |||
| CVE-2015-8879 | high | 7.5 | 7.5 | 10y ago | The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application cra… | |||
| CVE-2015-8877 | high | 7.5 | 7.5 | 10y ago | The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows … | |||
| CVE-2015-8867 | high | 7.5 | 7.5 | 10y ago | The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, w… | |||
| CVE-2015-7558 | high | 7.5 | 7.5 | 10y ago | librsvg DoS via Cyclic References | |||
| CVE-2015-7557 | high | 7.5 | 7.5 | 10y ago | The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elemen… | |||
| CVE-2015-8874 | high | 7.5 | 7.5 | 10y ago | Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. | |||
| CVE-2015-8873 | high | 7.5 | 7.5 | 10y ago | Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) … | |||
| CVE-2015-6838 | high | 7.5 | 7.5 | 10y ago | The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility o… | |||
| CVE-2015-6837 | high | 7.5 | 7.5 | 10y ago | The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility o… | |||
| CVE-2015-4644 | high | 7.5 | 7.5 | 10y ago | The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table nam… | |||
| CVE-2015-4605 | high | 7.5 | 7.5 | 10y ago | The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, … | |||
| CVE-2015-4604 | high | 7.5 | 7.5 | 10y ago | The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relatio… | |||
| CVE-2015-7827 | high | 7.5 | 7.5 | 10y ago | Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | |||
| CVE-2015-5727 | high | 7.5 | 7.5 | 10y ago | The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | |||
| CVE-2015-5726 | high | 7.5 | 7.5 | 10y ago | The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. | |||
| CVE-2015-8746 | high | 7.5 | 7.5 | 10y ago | fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of servic… | |||
| CVE-2015-8852 | high | 7.5 | 7.5 | 10y ago | Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated… | |||
| CVE-2015-6360 | high | 7.5 | 7.5 | 10y ago | The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. | |||
| CVE-2015-5271 | high | 7.5 | 7.5 | 10y ago | The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline w… | |||
| CVE-2015-8676 | high | 7.5 | 7.5 | 10y ago | Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C… | |||
| CVE-2015-8554 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a s… | |||
| CVE-2015-3146 | high | 7.5 | 7.5 | 10y ago | The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (… | |||
| CVE-2015-8080 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to ca… | |||
| CVE-2015-5303 | high | 7.5 | 7.5 | 10y ago | The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the… | |||
| CVE-2015-8240 | high | 7.5 | 7.5 | 10y ago | The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 a… | |||
| CVE-2015-5229 | high | 7.5 | 7.5 | 10y ago | The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of s… | |||
| CVE-2015-6313 | high | 7.5 | 7.5 | 10y ago | Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cau… | |||
| CVE-2015-6312 | high | 7.5 | 7.5 | 10y ago | Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device… | |||
| CVE-2015-8523 | high | 7.5 | 7.5 | 10y ago | The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. | |||
| CVE-2015-6260 | high | 7.5 | 7.5 | 10y ago | Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) vi… | |||
| CVE-2015-0718 | high | 7.5 | 7.5 | 10y ago | Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload… | |||
| CVE-2015-7262 | high | 7.5 | 7.5 | 10y ago | QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for th… |