CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7212 | high | — | 7.5 | 11y ago | Integer overflow in the mozilla::layers::BufferTextureClient::AllocateForSurface function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary … | |||
| CVE-2015-7210 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allows remote attackers to execute arbitrary code by triggering attempted use of a data channel that has b… | |||
| CVE-2015-8125 | high | — | 7.5 | 11y ago | Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7.7 might allow remote attackers to have unspecified impact via a timing attack involving the (1) Symfony/Component/Security/Http/… | |||
| CVE-2015-3276 | high | 7.5 | 7.5 | 11y ago | The nss_parse_ciphers function in libraries/libldap/tls_m.c in OpenLDAP does not properly parse OpenSSL-style multi-keyword mode cipher strings, which might cause a weaker than intended cipher to be … | |||
| CVE-2015-3194 | high | 7.5 | 7.5 | 11y ago | crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before 1.0.2e allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an RSA PSS ASN.… | |||
| CVE-2015-3193 | high | 7.5 | 7.5 | 11y ago | The Montgomery squaring implementation in crypto/bn/asm/x86_64-mont5.pl in OpenSSL 1.0.2 before 1.0.2e on the x86_64 platform, as used by the BN_mod_exp function, mishandles carry propagation and pro… | |||
| CVE-2015-8479 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the AudioOutputDevice::OnDeviceAuthorized function in media/audio/audio_output_device.cc in Google Chrome before 47.0.2526.73 allows attackers to cause a denial of ser… | |||
| CVE-2015-8478 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknow… | |||
| CVE-2015-6781 | high | — | 7.5 | 11y ago | Integer overflow in the FontData::Bound function in data/font_data.cc in Google sfntly, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service or possibly … | |||
| CVE-2015-6778 | high | — | 7.5 | 11y ago | The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, allows remote attackers to cause a denial of service (out-of-bounds memory a… | |||
| CVE-2015-6777 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the ContainerNode::notifyNodeInsertedInternal function in WebKit/Source/core/dom/ContainerNode.cpp in the DOM implementation in Google Chrome before 47.0.2526.73 allow… | |||
| CVE-2015-6775 | high | — | 7.5 | 11y ago | fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified… | |||
| CVE-2015-6774 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the GetLoadTimes function in renderer/loadtimes_extension_bindings.cc in the Extensions implementation in Google Chrome before 47.0.2526.73 allows remote attackers to … | |||
| CVE-2015-6773 | high | — | 7.5 | 11y ago | The convolution implementation in Skia, as used in Google Chrome before 47.0.2526.73, does not properly constrain row lengths, which allows remote attackers to cause a denial of service (out-of-bound… | |||
| CVE-2015-6772 | high | — | 7.5 | 11y ago | The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass … | |||
| CVE-2015-6771 | high | — | 7.5 | 11y ago | js/array.js in Google V8, as used in Google Chrome before 47.0.2526.73, improperly implements certain map and filter operations for arrays, which allows remote attackers to cause a denial of service … | |||
| CVE-2015-6770 | high | — | 7.5 | 11y ago | The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768. | |||
| CVE-2015-6769 | high | — | 7.5 | 11y ago | The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveragin… | |||
| CVE-2015-6768 | high | — | 7.5 | 11y ago | The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6770. | |||
| CVE-2015-6767 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in content/browser/appcache/appcache_dispatcher_host.cc in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers to cause a denial of s… | |||
| CVE-2015-6766 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the AppCache implementation in Google Chrome before 47.0.2526.73 allows remote attackers with renderer access to cause a denial of service or possibly have unspecified… | |||
| CVE-2015-8078 | high | — | 7.5 | 11y ago | Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks… | |||
| CVE-2015-8077 | high | — | 7.5 | 11y ago | Integer overflow in the index_urlfetch function in imap/index.c in Cyrus IMAP 2.3.19, 2.4.18, and 2.5.6 allows remote attackers to have unspecified impact via vectors related to urlfetch range checks… | |||
| CVE-2015-8076 | high | — | 7.5 | 11y ago | The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before 2.3.19, 2.4.x before 2.4.18, 2.5.x before 2.5.4 allows remote attackers to obtain sensitive information or possibly have unspecified … | |||
| CVE-2015-0860 | high | — | 7.5 | 11y ago | Off-by-one error in the extracthalf function in dpkg-deb/extract.c in the dpkg-deb component in Debian dpkg 1.16.x before 1.16.17 and 1.17.x before 1.17.26 allows remote attackers to execute arbitrar… | |||
| CVE-2015-0859 | high | — | 7.5 | 11y ago | The Debian build procedure for the smokeping package in wheezy before 2.6.8-2+deb7u1 and jessie before 2.6.9-1+deb8u1 does not properly configure the way Apache httpd passes arguments to smokeping_cg… | |||
| CVE-2015-8395 | high | — | 7.5 | 11y ago | PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated … | |||
| CVE-2015-8393 | high | 7.5 | 7.5 | 11y ago | pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sen… | |||
| CVE-2015-8392 | high | — | 7.5 | 11y ago | PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified … | |||
| CVE-2015-8388 | high | — | 7.5 | 11y ago | PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overf… | |||
| CVE-2015-8385 | high | — | 7.5 | 11y ago | PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or po… | |||
| CVE-2015-8384 | high | — | 7.5 | 11y ago | PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflo… | |||
| CVE-2015-8381 | high | — | 7.5 | 11y ago | The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'… | |||
| CVE-2015-8380 | high | — | 7.5 | 11y ago | The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibl… | |||
| CVE-2015-2328 | high | — | 7.5 | 11y ago | PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have… | |||
| CVE-2015-2327 | high | — | 7.5 | 11y ago | PCRE before 8.36 mishandles the /(((a\2)|(a*)\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segme… | |||
| CVE-2015-5325 | high | — | 7.5 | 11y ago | Jenkins allows Bypass of Access Restrictions | |||
| CVE-2015-7287 | high | — | 7.5 | 11y ago | CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use the same 001984 default PIN across different customers' installations, which allows remote attackers to execute commands by lever… | |||
| CVE-2015-7036 | high | — | 7.5 | 11y ago | The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via … | |||
| CVE-2015-8220 | high | — | 7.5 | 11y ago | Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline… | |||
| CVE-2015-8219 | high | — | 7.5 | 11y ago | The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a de… | |||
| CVE-2015-8217 | high | — | 7.5 | 11y ago | The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds … | |||
| CVE-2015-8216 | high | — | 7.5 | 11y ago | The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg before 2.8.2 omits certain width and height checks, which allows remote attackers to cause a denial of service (out-of-bounds arr… | |||
| CVE-2015-7816 | high | — | 7.5 | 11y ago | The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) … | |||
| CVE-2015-7815 | high | — | 7.5 | 11y ago | Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter. | |||
| CVE-2015-8126 | high | — | 7.5 | 11y ago | Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x … | |||
| CVE-2015-7905 | high | — | 7.5 | 11y ago | Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors. | |||
| CVE-2015-6554 | high | — | 7.5 | 11y ago | Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data. | |||
| CVE-2015-1302 | high | — | 7.5 | 11y ago | The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended em… | |||
| CVE-2015-7994 | high | — | 7.5 | 11y ago | The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428. | |||
| CVE-2015-7993 | high | — | 7.5 | 11y ago | The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Logi… | |||
| CVE-2015-2213 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the wp_untrash_post_comments function in wp-includes/post.php in WordPress before 4.2.4 allows remote attackers to execute arbitrary SQL commands via a comment that is … | |||
| CVE-2015-4963 | high | — | 7.5 | 11y ago | IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before 8.0.1.3 mishandles WebSEAL HTTPTransformation requests, which allows remote attackers to read or write to arbitrary files via un… | |||
| CVE-2015-8082 | high | — | 7.5 | 11y ago | The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly load the user_logout function, which allows remote attackers to bypass the logout protection me… | |||
| CVE-2015-6855 | high | 7.5 | 7.5 | 11y ago | hw/ide/core.c in QEMU does not properly restrict the commands accepted by an ATAPI device, which allows guest users to cause a denial of service or possibly have unspecified other impact via certain … | |||
| CVE-2015-7200 | high | — | 7.5 | 11y ago | The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related … | |||
| CVE-2015-7199 | high | — | 7.5 | 11y ago | The (1) AddWeightedPathSegLists and (2) SVGPathSegListSMILType::Interpolate functions in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lack status checking, which allows remote attacke… | |||
| CVE-2015-7198 | high | — | 7.5 | 11y ago | Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, allows remote attackers to cause a denial of service (memory corru… | |||
| CVE-2015-7194 | high | — | 7.5 | 11y ago | Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code … | |||
| CVE-2015-7193 | high | — | 7.5 | 11y ago | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 improperly follow the CORS cross-origin request algorithm for the POST method in situations involving an unspecified Content-Type header m… | |||
| CVE-2015-7192 | high | — | 7.5 | 11y ago | The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (a… | |||
| CVE-2015-7188 | high | — | 7.5 | 11y ago | Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to bypass the Same Origin Policy for an IP address origin, and conduct cross-site scripting (XSS) attacks, by appen… | |||
| CVE-2015-7183 | high | — | 7.5 | 11y ago | Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape Portable Runtime (NSPR) in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox be… | |||
| CVE-2015-7181 | high | — | 7.5 | 11y ago | The sec_asn1d_parse_leaf function in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 and other produc… | |||
| CVE-2015-4514 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2015-4513 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote attackers to cause a denial of service (memory corruption and a… | |||
| CVE-2015-7244 | high | — | 7.5 | 11y ago | The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does not require authentication for X11 connections, which allows remote attacke… | |||
| CVE-2015-6867 | high | — | 7.5 | 11y ago | The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not require authentication, which allows remote attackers to execute arbitrary commands via a crafted packet, aka ZDI-CAN-2914. | |||
| CVE-2015-5308 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3… | |||
| CVE-2015-3230 | high | — | 7.5 | 11y ago | 389 Directory Server (formerly Fedora Directory Server) before 1.3.3.12 does not enforce the nsSSL3Ciphers preference when creating an sslSocket, which allows remote attackers to have unspecified imp… | |||
| CVE-2015-6006 | high | — | 7.5 | 11y ago | The AddUserFinding implementation in Medicomp MEDCIN Engine 2.22.20153.x before 2.22.20153.226 might allow remote attackers to execute arbitrary code or cause a denial of service (integer truncation … | |||
| CVE-2015-5668 | high | — | 7.5 | 11y ago | SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5040 | high | — | 7.5 | 11y ago | Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash)… | |||
| CVE-2015-4994 | high | — | 7.5 | 11y ago | Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 IF10 and 9.x before 9.0.1 FP4 IF3 allows remote attackers to execute arbitrary code or cause a denial of service (SMTP daemon crash)… | |||
| CVE-2015-7904 | medium | — | 7.5 | 11y ago | Unrestricted file upload vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary JSP code via vectors invol… | |||
| CVE-2015-7903 | medium | — | 7.5 | 11y ago | SQL injection vulnerability in Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-7901 | medium | — | 7.5 | 11y ago | Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote authenticated users to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2015-3971 | high | — | 7.5 | 11y ago | The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices does not require authentication, which allows remote attackers to read or write to files, or execute arbitrary JASIC code, via a… | |||
| CVE-2015-3968 | high | — | 7.5 | 11y ago | The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has a default password, which makes it easier for remote attackers to read or write to files via a session on TCP port 21. | |||
| CVE-2015-6500 | high | — | 7.5 | 11y ago | Directory traversal vulnerability in ownCloud Server before 8.0.6 and 8.1.x before 8.1.1 allows remote authenticated users to list directory contents and possibly cause a denial of service (CPU consu… | |||
| CVE-2015-7035 | high | — | 7.5 | 11y ago | Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors. | |||
| CVE-2015-7030 | high | — | 7.5 | 11y ago | The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors. | |||
| CVE-2015-7017 | high | — | 7.5 | 11y ago | CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font f… | |||
| CVE-2015-6992 | high | — | 7.5 | 11y ago | CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font f… | |||
| CVE-2015-6975 | high | — | 7.5 | 11y ago | CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes before 12.3.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font f… | |||
| CVE-2015-4795 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Utilities Work and Asset Management component in Oracle Industry Applications 1.9.1.1.2 allows remote attackers to affect confidentiality, integrity, and avail… | |||
| CVE-2015-7299 | high | — | 7.5 | 11y ago | SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter. | |||
| CVE-2015-7876 | high | — | 7.5 | 11y ago | The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver for SQL Server and SQL Azure 7.x-1.x before 7.x-1.4 does not properly escape certain characters, which allows remote attackers to… | |||
| CVE-2015-6845 | high | — | 7.5 | 11y ago | EMC SourceOne Email Supervisor before 7.2 does not properly employ random values for session IDs, which makes it easier for remote attackers to obtain access by guessing an ID. | |||
| CVE-2015-1814 | high | — | 7.5 | 11y ago | Jenkins allows for Privilege Escalation by Remote Authenticated Users | |||
| CVE-2015-7840 | high | — | 7.5 | 11y ago | The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature. | |||
| CVE-2015-7839 | high | — | 7.5 | 11y ago | SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the tracerout… | |||
| CVE-2015-7834 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via unknow… | |||
| CVE-2015-6762 | high | — | 7.5 | 11y ago | The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the… | |||
| CVE-2015-6760 | high | — | 7.5 | 11y ago | The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote attack… | |||
| CVE-2015-6757 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a … | |||
| CVE-2015-6755 | high | — | 7.5 | 11y ago | The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent… | |||
| CVE-2015-6713 | high | — | 7.5 | 11y ago | The Function call implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader D… | |||
| CVE-2015-7372 | high | — | 7.5 | 11y ago | Directory traversal vulnerability in delivery-dev/al.php in Revive Adserver before 3.2.2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the layerstyle para… | |||
| CVE-2015-7369 | high | — | 7.5 | 11y ago | The default Flash cross-domain policy (crossdomain.xml) in Revive Adserver before 3.2.2 does not restrict access cross domain access, which allows remote attackers to conduct cross domain attacks via… |