CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
6.0%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5698 | high | — | 7.5 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified… | |||
| CVE-2015-4555 | high | — | 7.5 | 11y ago | Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows … | |||
| CVE-2015-4498 | high | — | 7.5 | 11y ago | The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a craft… | |||
| CVE-2015-5432 | high | — | 7.5 | 11y ago | HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or m… | |||
| CVE-2015-5429 | high | — | 7.5 | 11y ago | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-… | |||
| CVE-2015-5428 | high | — | 7.5 | 11y ago | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-… | |||
| CVE-2015-5427 | high | — | 7.5 | 11y ago | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-… | |||
| CVE-2015-5404 | high | — | 7.5 | 11y ago | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via u… | |||
| CVE-2015-5409 | high | — | 7.5 | 11y ago | Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||
| CVE-2015-5424 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885. | |||
| CVE-2015-5423 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884. | |||
| CVE-2015-5422 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883. | |||
| CVE-2015-5421 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881. | |||
| CVE-2015-5420 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880. | |||
| CVE-2015-5419 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879. | |||
| CVE-2015-5418 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877. | |||
| CVE-2015-5417 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876. | |||
| CVE-2015-5416 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875. | |||
| CVE-2015-6659 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. | |||
| CVE-2015-6525 | high | — | 7.5 | 11y ago | Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspec… | |||
| CVE-2015-4535 | high | — | 7.5 | 11y ago | Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote a… | |||
| CVE-2015-0536 | high | 7.5 | 7.5 | 11y ago | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are ena… | |||
| CVE-2015-0535 | high | 7.5 | 7.5 | 11y ago | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remot… | |||
| CVE-2015-0534 | high | 7.5 | 7.5 | 11y ago | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce cert… | |||
| CVE-2015-0533 | high | 7.5 | 7.5 | 11y ago | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger… | |||
| CVE-2015-5621 | high | 7.5 | 7.5 | 11y ago | The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote at… | |||
| CVE-2015-6519 | high | — | 7.5 | 11y ago | SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php. | |||
| CVE-2015-5504 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5502 | high | — | 7.5 | 11y ago | The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspeci… | |||
| CVE-2015-5501 | high | — | 7.5 | 11y ago | The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to writ… | |||
| CVE-2015-4426 | high | — | 7.5 | 11y ago | SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. | |||
| CVE-2015-6513 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_… | |||
| CVE-2015-5681 | high | — | 7.5 | 11y ago | Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extensi… | |||
| CVE-2015-5599 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name paramet… | |||
| CVE-2015-5779 | high | — | 7.5 | 11y ago | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulne… | |||
| CVE-2015-5776 | high | — | 7.5 | 11y ago | Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of… | |||
| CVE-2015-5775 | high | — | 7.5 | 11y ago | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted fon… | |||
| CVE-2015-5750 | high | — | 7.5 | 11y ago | Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode ch… | |||
| CVE-2015-3804 | high | — | 7.5 | 11y ago | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted fon… | |||
| CVE-2015-3798 | high | — | 7.5 | 11y ago | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application … | |||
| CVE-2015-3797 | high | — | 7.5 | 11y ago | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application … | |||
| CVE-2015-3796 | high | — | 7.5 | 11y ago | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application … | |||
| CVE-2015-3783 | high | — | 7.5 | 11y ago | SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||
| CVE-2015-3773 | high | — | 7.5 | 11y ago | The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||
| CVE-2015-4492 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a Sh… | |||
| CVE-2015-4489 | high | — | 7.5 | 11y ago | The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possib… | |||
| CVE-2015-4488 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified im… | |||
| CVE-2015-4487 | high | — | 7.5 | 11y ago | The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corrup… | |||
| CVE-2015-4475 | high | — | 7.5 | 11y ago | The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute … | |||
| CVE-2015-5685 | high | — | 7.5 | 11y ago | The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing." | |||
| CVE-2015-2059 | high | — | 7.5 | 11y ago | The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 c… | |||
| CVE-2015-1867 | high | — | 7.5 | 11y ago | Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. | |||
| CVE-2015-4634 | high | — | 7.5 | 11y ago | SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | |||
| CVE-2015-1818 | high | — | 7.5 | 11y ago | XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote att… | |||
| CVE-2015-5618 | high | — | 7.5 | 11y ago | Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice… | |||
| CVE-2015-2871 | high | — | 7.5 | 11y ago | Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different … | |||
| CVE-2015-2979 | high | — | 7.5 | 11y ago | Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2015-2977 | high | — | 7.5 | 11y ago | Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors. | |||
| CVE-2015-1289 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1284 | high | — | 7.5 | 11y ago | The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows … | |||
| CVE-2015-1280 | high | — | 7.5 | 11y ago | SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by levera… | |||
| CVE-2015-1279 | high | — | 7.5 | 11y ago | Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (h… | |||
| CVE-2015-1277 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by… | |||
| CVE-2015-1272 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by l… | |||
| CVE-2015-4554 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire… | |||
| CVE-2015-5378 | high | 7.5 | 7.5 | 11y ago | Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. | |||
| CVE-2015-2972 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1831 | high | — | 7.5 | 11y ago | Incomplete exclude pattern in Apache Struts | |||
| CVE-2015-4745 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2015-4727 | high | — | 7.5 | 11y ago | Unspecified vulnerability in Oracle Virtualization Sun Ray Software before 5.4.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Cons… | |||
| CVE-2015-2663 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, and 6.3.0 through 6.3.7 allows remote authenticated users to affect confide… | |||
| CVE-2015-2636 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vec… | |||
| CVE-2015-2606 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2015-2605 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2015-2604 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2015-2603 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2015-2602 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2015-4446 | high | — | 7.5 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-3279 | high | — | 7.5 | 11y ago | Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line si… | |||
| CVE-2015-3258 | high | — | 7.5 | 11y ago | Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execut… | |||
| CVE-2015-1560 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the isUserAdmin function in include/common/common-Func.php in Centreon (formerly Merethis Centreon) 2.5.4 and earlier (fixed in Centreon web 2.7.0) allows remote attack… | |||
| CVE-2015-1793 | medium | 6.5 | 7.5 | 11y ago | The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative … | |||
| CVE-2015-3126 | high | — | 7.5 | 11y ago | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Ad… | |||
| CVE-2015-5380 | high | — | 7.5 | 11y ago | The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that th… | |||
| CVE-2015-4614 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in includes/Function.php in the Easy2Map plugin before 1.2.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the mapName parameter in… | |||
| CVE-2015-5457 | high | — | 7.5 | 11y ago | PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as de… | |||
| CVE-2015-5453 | medium | — | 7.5 | 11y ago | Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. | |||
| CVE-2015-5452 | high | — | 7.5 | 11y ago | SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before build 150522 allows remote attackers to execute arbitrary SQL commands via the sid cookie, as demonstrated by a request to borderpost… | |||
| CVE-2015-2866 | high | — | 7.5 | 11y ago | SQL injection vulnerability on the Grandstream GXV3611_HD camera with firmware before 1.0.3.9 beta allows remote attackers to execute arbitrary SQL commands by attempting to establish a TELNET sessio… | |||
| CVE-2015-2849 | high | — | 7.5 | 11y ago | SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attacker… | |||
| CVE-2015-4648 | high | — | 7.5 | 11y ago | Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitra… | |||
| CVE-2015-2743 | high | — | 7.5 | 11y ago | PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary … | |||
| CVE-2015-2728 | high | — | 7.5 | 11y ago | The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as… | |||
| CVE-2015-3717 | high | — | 7.5 | 11y ago | Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service… | |||
| CVE-2015-3674 | high | — | 7.5 | 11y ago | afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-1916 | high | 7.5 | 7.5 | 11y ago | Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider. | |||
| CVE-2015-5353 | high | — | 7.5 | 11y ago | Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the tab parameter to admin/. | |||
| CVE-2015-5148 | high | — | 7.5 | 11y ago | SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search. | |||
| CVE-2015-5068 | high | — | 7.5 | 11y ago | XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security … | |||
| CVE-2015-5067 | high | — | 7.5 | 11y ago | The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes … |