CVEs from 2015
Total
7,267
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
2.2%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0273 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialize… | |||
| CVE-2015-2785 | high | — | 7.5 | 11y ago | The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (Byzan… | |||
| CVE-2015-2772 | high | — | 7.5 | 11y ago | SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vectors. | |||
| CVE-2015-2683 | high | — | 7.5 | 11y ago | Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execut… | |||
| CVE-2015-2265 | high | — | 7.5 | 11y ago | The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (… | |||
| CVE-2015-2155 | high | — | 7.5 | 11y ago | The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2015-0261 | high | — | 7.5 | 11y ago | Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or… | |||
| CVE-2015-0818 | high | — | 7.5 | 11y ago | Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome pr… | |||
| CVE-2015-2679 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before 0.0.2 allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php or (2) username parameter t… | |||
| CVE-2015-0898 | high | — | 7.5 | 11y ago | futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors. | |||
| CVE-2015-2563 | high | — | 7.5 | 11y ago | SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector… | |||
| CVE-2015-0292 | high | — | 7.5 | 11y ago | Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote a… | |||
| CVE-2015-2352 | high | — | 7.5 | 11y ago | The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown… | |||
| CVE-2015-2281 | high | — | 7.5 | 11y ago | Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message… | |||
| CVE-2015-2314 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the WPML plugin before 3.1.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the lang parameter in the HTTP Referer header in a wp-link-ajax… | |||
| CVE-2015-0778 | high | — | 7.5 | 11y ago | osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. | |||
| CVE-2015-0982 | high | — | 7.5 | 11y ago | Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2015-0981 | high | — | 7.5 | 11y ago | The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors. | |||
| CVE-2015-2237 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.ph… | |||
| CVE-2015-0525 | high | — | 7.5 | 11y ago | The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2015-0524 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via uns… | |||
| CVE-2015-1875 | high | — | 7.5 | 11y ago | SQL injection vulnerability in a2billing/customer/iridium_threed.php in Elastix 2.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the transactionID parameter. | |||
| CVE-2015-2183 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in the administrative backend in ZeusCart 4 allow remote administrators to execute arbitrary SQL commands via the id parameter in a (1) disporders detail or (2)… | |||
| CVE-2015-2243 | high | — | 7.5 | 11y ago | Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php. | |||
| CVE-2015-2242 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php. | |||
| CVE-2015-2097 | high | — | 7.5 | 11y ago | Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in… | |||
| CVE-2015-2094 | high | — | 7.5 | 11y ago | Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) P… | |||
| CVE-2015-2092 | high | — | 7.5 | 11y ago | The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related t… | |||
| CVE-2015-2061 | high | — | 7.5 | 11y ago | Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute. | |||
| CVE-2015-0254 | high | — | 7.5 | 11y ago | XXE in Apache Standard Taglibs | |||
| CVE-2015-2238 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown… | |||
| CVE-2015-1232 | high | — | 7.5 | 11y ago | Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or p… | |||
| CVE-2015-1231 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1230 | high | — | 7.5 | 11y ago | The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote a… | |||
| CVE-2015-1228 | high | — | 7.5 | 11y ago | The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not ini… | |||
| CVE-2015-1227 | high | — | 7.5 | 11y ago | The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an… | |||
| CVE-2015-1223 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of… | |||
| CVE-2015-1222 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 all… | |||
| CVE-2015-1221 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incor… | |||
| CVE-2015-1219 | high | — | 7.5 | 11y ago | Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service… | |||
| CVE-2015-1218 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecif… | |||
| CVE-2015-1217 | high | — | 7.5 | 11y ago | The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compil… | |||
| CVE-2015-1216 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.7… | |||
| CVE-2015-1215 | high | — | 7.5 | 11y ago | The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigg… | |||
| CVE-2015-1214 | high | — | 7.5 | 11y ago | Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to caus… | |||
| CVE-2015-1213 | high | — | 7.5 | 11y ago | The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or … | |||
| CVE-2015-1483 | high | — | 7.5 | 11y ago | Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. | |||
| CVE-2015-2216 | high | — | 7.5 | 11y ago | SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme 4.x for WordPress allows remote attackers to execute arbitrary SQL commands via the prod_id parameter. | |||
| CVE-2015-2196 | high | — | 7.5 | 11y ago | SQL injection vulnerability in Spider Event Calendar 1.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the cat_id parameter in a spiderbigcalendar_month action to wp-a… | |||
| CVE-2015-0889 | high | — | 7.5 | 11y ago | KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article. | |||
| CVE-2015-2102 | high | — | 7.5 | 11y ago | SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter. | |||
| CVE-2015-2090 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the s… | |||
| CVE-2015-0836 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of servic… | |||
| CVE-2015-0835 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2015-0823 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly ha… | |||
| CVE-2015-2070 | high | — | 7.5 | 11y ago | SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed. | |||
| CVE-2015-2066 | high | — | 7.5 | 11y ago | SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. | |||
| CVE-2015-1605 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vector… | |||
| CVE-2015-1315 | high | — | 7.5 | 11y ago | Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string… | |||
| CVE-2015-1471 | high | — | 7.5 | 11y ago | SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI. | |||
| CVE-2015-1576 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.… | |||
| CVE-2015-1518 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. | |||
| CVE-2015-1169 | high | — | 7.5 | 12y ago | Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid passw… | |||
| CVE-2015-1031 | high | — | 7.5 | 12y ago | Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional uncon… | |||
| CVE-2015-1514 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) re… | |||
| CVE-2015-1513 | high | — | 7.5 | 12y ago | SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. | |||
| CVE-2015-1467 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to pr… | |||
| CVE-2015-1442 | high | — | 7.5 | 12y ago | SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via … | |||
| CVE-2015-1212 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly hav… | |||
| CVE-2015-1211 | high | — | 7.5 | 12y ago | The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.1… | |||
| CVE-2015-1209 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 4… | |||
| CVE-2015-1477 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/… | |||
| CVE-2015-1476 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) pa… | |||
| CVE-2015-1462 | high | — | 7.5 | 12y ago | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." | |||
| CVE-2015-1461 | high | — | 7.5 | 12y ago | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." | |||
| CVE-2015-1460 | high | — | 7.5 | 12y ago | Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. | |||
| CVE-2015-1455 | high | — | 7.5 | 12y ago | Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain acc… | |||
| CVE-2015-1441 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1428 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authe… | |||
| CVE-2015-1405 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1403 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1400 | high | — | 7.5 | 12y ago | SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||
| CVE-2015-1450 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php. | |||
| CVE-2015-0868 | high | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS before 2.91 allows remote attackers to execute arbitrary code by uploading an executable file. | |||
| CVE-2015-0581 | high | — | 7.5 | 12y ago | The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity de… | |||
| CVE-2015-1375 | high | — | 7.5 | 12y ago | pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files. | |||
| CVE-2015-1182 | high | — | 7.5 | 12y ago | The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows r… | |||
| CVE-2015-1372 | high | — | 7.5 | 12y ago | SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. | |||
| CVE-2015-1371 | high | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct… | |||
| CVE-2015-1369 | high | — | 7.5 | 12y ago | SQL Injection in sequelize | |||
| CVE-2015-1367 | high | — | 7.5 | 12y ago | SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter. | |||
| CVE-2015-1364 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username … | |||
| CVE-2015-1362 | high | — | 7.5 | 12y ago | Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file. | |||
| CVE-2015-1360 | high | — | 7.5 | 12y ago | Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improper… | |||
| CVE-2015-0231 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execu… | |||
| CVE-2015-1346 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unkno… | |||
| CVE-2015-1205 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1312 | high | — | 7.5 | 12y ago | The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown … | |||
| CVE-2015-1310 | high | — | 7.5 | 12y ago | SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenan… | |||
| CVE-2015-0424 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality, i… |