CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-4487 | high | — | 7.5 | 11y ago | The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corrup… | |||
| CVE-2015-4475 | high | — | 7.5 | 11y ago | The mozilla::AudioSink function in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 mishandles inconsistent sample formats within MP3 audio data, which allows remote attackers to execute … | |||
| CVE-2015-5685 | high | — | 7.5 | 11y ago | The lazy_bdecode function in BitTorrent DHT bootstrap server (bootstrap-dht ) allows remote attackers to execute arbitrary code via a crafted packet, related to "improper indexing." | |||
| CVE-2015-2059 | high | — | 7.5 | 11y ago | The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 c… | |||
| CVE-2015-1867 | high | — | 7.5 | 11y ago | Pacemaker before 1.1.13 does not properly evaluate added nodes, which allows remote read-only users to gain privileges via an acl command. | |||
| CVE-2015-4634 | high | — | 7.5 | 11y ago | SQL injection vulnerability in graphs.php in Cacti before 0.8.8e allows remote attackers to execute arbitrary SQL commands via the local_graph_id parameter. | |||
| CVE-2015-1818 | high | — | 7.5 | 11y ago | XML external entity (XXE) vulnerability in the dashbuilder import facility (DocumentBuilders in org.jboss.dashboard.export.ImportManagerImpl) in Red Hat JBoss BPM Suite before 6.1.2 allows remote att… | |||
| CVE-2015-5618 | high | — | 7.5 | 11y ago | Chiyu BF-630 and BF-630W fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify (a) Voice Time Set configuration settings via a request to voice… | |||
| CVE-2015-2871 | high | — | 7.5 | 11y ago | Chiyu BF-660C fingerprint access-control devices allow remote attackers to bypass authentication and (1) read or (2) modify communication configuration settings via a request to net.htm, a different … | |||
| CVE-2015-2979 | high | — | 7.5 | 11y ago | Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2015-2977 | high | — | 7.5 | 11y ago | Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors. | |||
| CVE-2015-1289 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1284 | high | — | 7.5 | 11y ago | The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows … | |||
| CVE-2015-1280 | high | — | 7.5 | 11y ago | SkPictureShader.cpp in Skia, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by levera… | |||
| CVE-2015-1279 | high | — | 7.5 | 11y ago | Integer overflow in the CJBig2_Image::expand function in fxcodec/jbig2/JBig2_Image.cpp in PDFium, as used in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service (h… | |||
| CVE-2015-1277 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by… | |||
| CVE-2015-1272 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the GPU process implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by l… | |||
| CVE-2015-4554 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in TIBCO Spotfire Client and Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire… | |||
| CVE-2015-5378 | high | 7.5 | 7.5 | 11y ago | Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. | |||
| CVE-2015-2972 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in Sysphonic Thetis before 2.3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1831 | high | — | 7.5 | 11y ago | Incomplete exclude pattern in Apache Struts | |||
| CVE-2015-4745 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2015-4727 | high | — | 7.5 | 11y ago | Unspecified vulnerability in Oracle Virtualization Sun Ray Software before 5.4.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Cons… | |||
| CVE-2015-2663 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, and 6.3.0 through 6.3.7 allows remote authenticated users to affect confide… | |||
| CVE-2015-2636 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vec… | |||
| CVE-2015-2606 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2015-2605 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2015-2604 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2015-2603 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2015-2602 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, inte… | |||
| CVE-2015-4446 | high | — | 7.5 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 o… | |||
| CVE-2015-3279 | high | — | 7.5 | 11y ago | Integer overflow in filter/texttopdf.c in texttopdf in cups-filters before 1.0.71 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted line si… | |||
| CVE-2015-3258 | high | — | 7.5 | 11y ago | Heap-based buffer overflow in the WriteProlog function in filter/texttopdf.c in texttopdf in cups-filters before 1.0.70 allows remote attackers to cause a denial of service (crash) or possibly execut… | |||
| CVE-2015-1561 | medium | — | 7.5 | 11y ago | Centreon Command Injection | |||
| CVE-2015-1793 | medium | 6.5 | 7.5 | 11y ago | The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative … | |||
| CVE-2015-3126 | high | — | 7.5 | 11y ago | Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Ad… | |||
| CVE-2015-5380 | high | — | 7.5 | 11y ago | The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in Google V8, as used in Node.js before 0.12.6, io.js before 1.8.3 and 2.x before 2.3.3, and other products, does not verify that th… | |||
| CVE-2015-5457 | high | — | 7.5 | 11y ago | PivotX before 2.3.11 does not validate the new file extension when renaming a file with multiple extensions, which allows remote attackers to execute arbitrary code by uploading a crafted file, as de… | |||
| CVE-2015-5453 | medium | — | 7.5 | 11y ago | Watchguard XCS 9.2 and 10.0 before build 150522 allow remote authenticated users to execute arbitrary commands via shell metacharacters in the id parameter to ADMIN/mailqueue.spl. | |||
| CVE-2015-2849 | high | — | 7.5 | 11y ago | SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attacker… | |||
| CVE-2015-4648 | high | — | 7.5 | 11y ago | Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX control in ipropsapivideo in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allows remote attackers to execute arbitra… | |||
| CVE-2015-2743 | high | — | 7.5 | 11y ago | PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary … | |||
| CVE-2015-2728 | high | — | 7.5 | 11y ago | The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as… | |||
| CVE-2015-3717 | high | — | 7.5 | 11y ago | Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service… | |||
| CVE-2015-3674 | high | — | 7.5 | 11y ago | afpserver in Apple OS X before 10.10.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-1916 | high | 7.5 | 7.5 | 11y ago | Unspecified vulnerability in IBM Java 8 before SR1 allows remote attackers to cause a denial of service via unknown vectors related to SSL/TLS and the Secure Socket Extension provider. | |||
| CVE-2015-5068 | high | — | 7.5 | 11y ago | XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security … | |||
| CVE-2015-5067 | high | — | 7.5 | 11y ago | The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Notes … | |||
| CVE-2015-4208 | high | — | 7.5 | 11y ago | Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors i… | |||
| CVE-2015-4726 | high | — | 7.5 | 11y ago | PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config['basedir'] parameter. | |||
| CVE-2015-5147 | high | — | 7.5 | 11y ago | Stack-based buffer overflow in the header_anchor function in the HTML renderer in Redcarpet before 3.3.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via … | |||
| CVE-2015-4678 | high | — | 7.5 | 11y ago | SQL injection vulnerability in Persian Car CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter to the default URI. | |||
| CVE-2015-4675 | high | — | 7.5 | 11y ago | Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted size value for the username field. | |||
| CVE-2015-4654 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the EQ Event Calendar component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to eqfullevent. | |||
| CVE-2015-4454 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id par… | |||
| CVE-2015-4342 | high | — | 7.5 | 11y ago | SQL injection vulnerability in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via unspecified vectors involving a cdef id. | |||
| CVE-2015-4607 | high | — | 7.5 | 11y ago | Unrestricted file upload vulnerability in the Frontend User Upload (feupload) extension 0.5.0 and earlier for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an execu… | |||
| CVE-2015-4606 | high | — | 7.5 | 11y ago | Unrestricted file upload vulnerability in the Job Fair (jobfair) extension before 1.0.1 for TYPO3, when using Apache with mod_mime, allows remote attackers to execute arbitrary code by uploading a fi… | |||
| CVE-2015-4118 | medium | — | 7.5 | 11y ago | SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server par… | |||
| CVE-2015-3209 | high | — | 7.5 | 11y ago | Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_… | |||
| CVE-2015-2962 | high | — | 7.5 | 11y ago | CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via unspecified vectors. | |||
| CVE-2015-2956 | high | — | 7.5 | 11y ago | SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-2955 | high | — | 7.5 | 11y ago | Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2015-1789 | high | 7.5 | 7.5 | 11y ago | The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote attackers to cause a denial of service … | |||
| CVE-2015-4147 | high | — | 7.5 | 11y ago | The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to… | |||
| CVE-2015-4026 | high | — | 7.5 | 11y ago | The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass i… | |||
| CVE-2015-4025 | high | — | 7.5 | 11y ago | PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extensio… | |||
| CVE-2015-4022 | high | — | 7.5 | 11y ago | Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to… | |||
| CVE-2015-3329 | high | — | 7.5 | 11y ago | Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary c… | |||
| CVE-2015-3307 | high | — | 7.5 | 11y ago | The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) o… | |||
| CVE-2015-4109 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or … | |||
| CVE-2015-3648 | high | — | 7.5 | 11y ago | Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the de… | |||
| CVE-2015-3200 | high | 7.5 | 7.5 | 11y ago | mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a N… | |||
| CVE-2015-2959 | high | — | 7.5 | 11y ago | Zoho NetFlow Analyzer build 10250 and earlier does not check for administrative authorization, which allows remote attackers to obtain sensitive information, modify passwords, or remove accounts by l… | |||
| CVE-2015-3905 | high | — | 7.5 | 11y ago | Buffer overflow in the set_cs_start function in t1disasm.c in t1utils before 1.39 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font f… | |||
| CVE-2015-2999 | medium | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 allow remote administrators to execute arbitrary SQL commands via the (1) groupFilter parameter in an AssetDetails report to /ge… | |||
| CVE-2015-2994 | medium | — | 7.5 | 11y ago | Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid Help Desk before 15.2 allows remote administrators to execute arbitrary code by uploading a file with a .jsp extension, then access… | |||
| CVE-2015-4038 | medium | — | 7.5 | 11y ago | The WP Membership plugin 1.2.3 for WordPress allows remote authenticated users to gain administrator privileges via an iv_membership_update_user_settings action to wp-admin/admin-ajax.php. | |||
| CVE-2015-4161 | high | — | 7.5 | 11y ago | SAP Afaria does not properly restrict access to unspecified functionality, which allows remote attackers to obtain sensitive information, gain privileges, or have other unspecified impact via unknown… | |||
| CVE-2015-4160 | high | — | 7.5 | 11y ago | SQL injection vulnerability in SAP ASE Database Platform allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes: 2152278. | |||
| CVE-2015-4159 | high | — | 7.5 | 11y ago | SQL injection vulnerability in SAP HANA Web-based Development Workbench allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Notes 2153892. | |||
| CVE-2015-2282 | high | — | 7.5 | 11y ago | Stack-based buffer overflow in the LZC decompression implementation (CsObjectInt::CsDecomprLZC function in vpa106cslzc.cpp) in SAP MaxDB 7.5 and 7.6, Netweaver Application Server ABAP, Netweaver Appl… | |||
| CVE-2015-1937 | high | — | 7.5 | 11y ago | IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or w… | |||
| CVE-2015-0754 | high | — | 7.5 | 11y ago | Cisco Finesse 10.5(1) allows remote authenticated users to obtain sensitive information or cause a denial of service (CPU and memory consumption) via a crafted XML document, aka Bug ID CSCut95810. | |||
| CVE-2015-4066 | medium | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_arti… | |||
| CVE-2015-4064 | medium | — | 7.5 | 11y ago | SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post pa… | |||
| CVE-2015-4062 | medium | — | 7.5 | 11y ago | SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 paramet… | |||
| CVE-2015-0986 | high | — | 7.5 | 11y ago | Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus before 2.8 allow remote attackers to insert assembly-code lines via vectors involving a regkey (1) set or (2) get command. | |||
| CVE-2015-4092 | high | — | 7.5 | 11y ago | Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, aka SAP Secu… | |||
| CVE-2015-4091 | high | — | 7.5 | 11y ago | XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 allows remote attackers to send TCP requests to intranet servers or possibly have unspecified other impact via an XML request to t… | |||
| CVE-2015-2945 | high | — | 7.5 | 11y ago | mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code … | |||
| CVE-2015-0120 | high | — | 7.5 | 11y ago | Buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 has unspecified impact and remote attack vectors. | |||
| CVE-2015-4018 | medium | — | 7.5 | 11y ago | SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands vi… | |||
| CVE-2015-1188 | high | — | 7.5 | 11y ago | The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unkn… | |||
| CVE-2015-3910 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as used in Google Chrome before 43.0.2357.65, allow attackers to cause a denial of service or possibly have other impact via unknow… | |||
| CVE-2015-1262 | high | — | 7.5 | 11y ago | platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google Chrome before 43.0.2357.65, does not initialize a certain width field, which allows remote attackers to cause a denial of service… | |||
| CVE-2015-1260 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in content/renderer/media/user_media_client_impl.cc in the WebRTC implementation in Google Chrome before 43.0.2357.65 allow remote attackers to cause a denial … | |||
| CVE-2015-1259 | high | — | 7.5 | 11y ago | PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unk… | |||
| CVE-2015-1258 | high | — | 7.5 | 11y ago | Google Chrome before 43.0.2357.65 relies on libvpx code that was not built with an appropriate --size-limit value, which allows remote attackers to trigger a negative value for a size field, and cons… | |||
| CVE-2015-1257 | high | — | 7.5 | 11y ago | platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, does not properly handle an insufficient number of values in an feColorMa… |