CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1256 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to cause a denial of service or possibly have unspecified other … | |||
| CVE-2015-1253 | high | — | 7.5 | 11y ago | core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaSc… | |||
| CVE-2015-1252 | high | — | 7.5 | 11y ago | common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 does not properly handle wraps, which allows remote attackers to bypass a sandbox protection mechanism or cause a denial of serv… | |||
| CVE-2015-2810 | high | — | 7.5 | 11y ago | Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 20… | |||
| CVE-2015-3427 | high | — | 7.5 | 11y ago | Quassel before 0.12.2 does not properly re-initialize the database session when the PostgreSQL database is restarted, which allows remote attackers to conduct SQL injection attacks via a \ (backslash… | |||
| CVE-2015-2716 | high | — | 7.5 | 11y ago | Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amou… | |||
| CVE-2015-2712 | high | — | 7.5 | 11y ago | The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote at… | |||
| CVE-2015-2709 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2015-2708 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of servic… | |||
| CVE-2015-3055 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a differen… | |||
| CVE-2015-3980 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2097534. | |||
| CVE-2015-3979 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) in SAP CRM allows attackers to execute arbitrary code via unknown vectors, aka SAP Security Note 2097534. | |||
| CVE-2015-1250 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.135 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1243 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the MutationObserver::disconnect function in core/dom/MutationObserver.cpp in the DOM implementation in Blink, as used in Google Chrome before 42.0.2311.135, allows re… | |||
| CVE-2015-0532 | high | — | 7.5 | 11y ago | EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and 6.9.1 before P01 does not properly restrict password resets, which allows remote attackers to obtain access via crafted use of the … | |||
| CVE-2015-1397 | medium | — | 7.5 | 11y ago | SQL injection vulnerability in the getCsvFile function in the Mage_Adminhtml_Block_Widget_Grid class in Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) 1.14.1.0 allows remote admin… | |||
| CVE-2015-2117 | high | — | 7.5 | 11y ago | HP TippingPoint Security Management System (SMS) and TippingPoint Virtual Security Management System (vSMS) before 4.1 patch 3 and 4.2 before patch 1 do not require authentication for JBoss RMI reque… | |||
| CVE-2015-3416 | high | — | 7.5 | 11y ago | The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does not properly handle precision and width values during floating-point conversions, which allows context-dependent attackers to caus… | |||
| CVE-2015-3415 | high | — | 7.5 | 11y ago | The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not properly implement comparison operators, which allows context-dependent attackers to cause a denial of service (invalid free ope… | |||
| CVE-2015-3414 | high | — | 7.5 | 11y ago | SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and appli… | |||
| CVE-2015-3145 | high | — | 7.5 | 11y ago | The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and c… | |||
| CVE-2015-3346 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-3335 | high | — | 7.5 | 11y ago | The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits f… | |||
| CVE-2015-3333 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as used in Google Chrome before 42.0.2311.90, allow attackers to cause a denial of service or possibly have other impact via unknow… | |||
| CVE-2015-1249 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 42.0.2311.90 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1242 | high | — | 7.5 | 11y ago | The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 before 4.2.77.8, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of ser… | |||
| CVE-2015-1238 | high | — | 7.5 | 11y ago | Skia, as used in Google Chrome before 42.0.2311.90, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2015-1237 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived function in content/renderer/render_frame_impl.cc in Google Chrome before 42.0.2311.90 allows remote attackers to cause a denial… | |||
| CVE-2015-0968 | high | — | 7.5 | 11y ago | Unrestricted file upload vulnerability in admin/uploadImage.html in SearchBlox before 8.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension and the im… | |||
| CVE-2015-0845 | high | — | 7.5 | 11y ago | Format string vulnerability in Movable Type Pro, Open Source, and Advanced before 5.2.13 and Pro and Advanced 6.0.x before 6.0.8 allows remote attackers to execute arbitrary code via vectors related … | |||
| CVE-2015-0495 | high | — | 7.5 | 11y ago | Unspecified vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce Platform 3.x and 11.x allows remote attackers to affect confidentialit… | |||
| CVE-2015-1149 | high | — | 7.5 | 11y ago | Integer overflow in the simulator in Swift in Apple Xcode before 6.3 allows context-dependent attackers to cause a denial of service or possibly have unspecified other impact by triggering an incorre… | |||
| CVE-2015-1103 | high | — | 7.5 | 11y ago | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 makes routing changes in response to ICMP_REDIRECT messages, which allows remote attackers to cause a denial of … | |||
| CVE-2015-2782 | high | — | 7.5 | 11y ago | Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive. | |||
| CVE-2015-1317 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents w… | |||
| CVE-2015-1472 | high | — | 7.5 | 11y ago | The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attac… | |||
| CVE-2015-0877 | high | — | 7.5 | 11y ago | Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD Moyuku before 1.03b3 allows remote attackers to execute arbitrary code by uploading a file with a \0 character in its name. | |||
| CVE-2015-0119 | high | — | 7.5 | 11y ago | FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before 6.1.11.1 allows remote attackers to execute arbitrary code by connecting to the Mount port. | |||
| CVE-2015-0225 | high | — | 7.5 | 11y ago | Improper Neutralization of Special Elements used in a Command in Apache Cassandra | |||
| CVE-2015-0903 | high | — | 7.5 | 11y ago | Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows remote attackers to execute arbitrary code via a crafted .hmbook file. | |||
| CVE-2015-1233 | high | — | 7.5 | 11y ago | Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2015-2816 | high | — | 7.5 | 11y ago | The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict access, which allows remote attackers to have unspecified impact via a crafted request, aka SAP Security Note 2134905. | |||
| CVE-2015-0815 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to cause a denial of servic… | |||
| CVE-2015-0814 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 37.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2015-0806 | high | — | 7.5 | 11y ago | The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 attempts to use memset for a memory region of negative length during interaction with the mozilla::layers::BufferT… | |||
| CVE-2015-0805 | high | — | 7.5 | 11y ago | The Off Main Thread Compositing (OMTC) implementation in Mozilla Firefox before 37.0 makes an incorrect memset call during interaction with the mozilla::layers::BufferTextureClient::AllocateForSurfac… | |||
| CVE-2015-0804 | high | — | 7.5 | 11y ago | The HTMLSourceElement::BindToTree function in Mozilla Firefox before 37.0 does not properly constrain a data type after omitting namespace validation during certain tree-binding operations, which all… | |||
| CVE-2015-0803 | high | — | 7.5 | 11y ago | The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before 37.0 does not properly constrain the original data type of a casted value during the setting of a SOURCE element's attributes, w… | |||
| CVE-2015-0801 | high | — | 7.5 | 11y ago | Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privil… | |||
| CVE-2015-0838 | high | — | 7.5 | 11y ago | Buffer overflow in the C implementation of the apply_delta function in _pack.c in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a crafted pack file. | |||
| CVE-2015-2109 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP Operations Orchestration 10.x allows remote attackers to bypass authentication, and obtain sensitive information or modify data, via unknown vectors. | |||
| CVE-2015-2792 | high | — | 7.5 | 11y ago | The WPML plugin before 3.1.9 for WordPress does not properly handle multiple actions in a request, which allows remote attackers to bypass nonce checks and perform arbitrary actions via a request con… | |||
| CVE-2015-2171 | high | — | 7.5 | 11y ago | Slim vulnerable to PHP object injection | |||
| CVE-2015-2787 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execu… | |||
| CVE-2015-2331 | high | — | 7.5 | 11y ago | Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other p… | |||
| CVE-2015-2301 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the phar_rename_archive function in phar_object.c in PHP before 5.5.22 and 5.6.x before 5.6.6 allows remote attackers to cause a denial of service or possibly have uns… | |||
| CVE-2015-1351 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly … | |||
| CVE-2015-2785 | high | — | 7.5 | 11y ago | The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (Byzan… | |||
| CVE-2015-2772 | high | — | 7.5 | 11y ago | SVM in Websense TRITON V-Series appliances before 8.0.0 allows attackers to upload arbitrary files via unspecified vectors. | |||
| CVE-2015-2746 | medium | — | 7.5 | 11y ago | The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticat… | |||
| CVE-2015-2683 | high | — | 7.5 | 11y ago | Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execut… | |||
| CVE-2015-2265 | high | — | 7.5 | 11y ago | The remove_bad_chars function in utils/cups-browsed.c in cups-filters before 1.0.66 allows remote IPP printers to execute arbitrary commands via consecutive shell metacharacters in the (1) model or (… | |||
| CVE-2015-2155 | high | — | 7.5 | 11y ago | The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. | |||
| CVE-2015-0261 | high | — | 7.5 | 11y ago | Integer signedness error in the mobility_opt_print function in the IPv6 mobility printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) or… | |||
| CVE-2015-0818 | high | — | 7.5 | 11y ago | Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and SeaMonkey before 2.33.1 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome pr… | |||
| CVE-2015-0898 | high | — | 7.5 | 11y ago | futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows allows remote attackers to execute arbitrary Perl code via unspecified vectors. | |||
| CVE-2015-2564 | medium | — | 7.5 | 11y ago | SQL injection vulnerability in client-edit.php in ProjectSend (formerly cFTP) r561 allows remote authenticated users to execute arbitrary SQL commands via the id parameter to users-edit.php. | |||
| CVE-2015-2563 | high | — | 7.5 | 11y ago | SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 0.9.9 and 1.2.3 allows remote attackers to execute arbitrary SQL commands via the order_by parameter. NOTE: The cat parameter vector… | |||
| CVE-2015-0292 | high | — | 7.5 | 11y ago | Integer underflow in the EVP_DecodeUpdate function in crypto/evp/encode.c in the base64-decoding implementation in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h allows remote a… | |||
| CVE-2015-2352 | high | — | 7.5 | 11y ago | The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not properly check the encoding of input to the var_export function, which allows attackers to have an unspecified impact via unknown… | |||
| CVE-2015-2292 | medium | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remo… | |||
| CVE-2015-0778 | high | — | 7.5 | 11y ago | osc before 0.151.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a _service file. | |||
| CVE-2015-0982 | high | — | 7.5 | 11y ago | Buffer overflow in an unspecified DLL in Schneider Electric Pelco DS-NVs before 7.8.90 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2015-0981 | high | — | 7.5 | 11y ago | The SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to bypass authentication and read or write to arbitrary database fields via unspecified vectors. | |||
| CVE-2015-0525 | high | — | 7.5 | 11y ago | The Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | |||
| CVE-2015-0524 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via uns… | |||
| CVE-2015-2243 | high | — | 7.5 | 11y ago | Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php. | |||
| CVE-2015-2242 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php. | |||
| CVE-2015-2092 | high | — | 7.5 | 11y ago | The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related t… | |||
| CVE-2015-2061 | high | — | 7.5 | 11y ago | Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute. | |||
| CVE-2015-0254 | high | — | 7.5 | 11y ago | XXE in Apache Standard Taglibs | |||
| CVE-2015-2238 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown… | |||
| CVE-2015-1232 | high | — | 7.5 | 11y ago | Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or p… | |||
| CVE-2015-1231 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1230 | high | — | 7.5 | 11y ago | The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote a… | |||
| CVE-2015-1228 | high | — | 7.5 | 11y ago | The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not ini… | |||
| CVE-2015-1227 | high | — | 7.5 | 11y ago | The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an… | |||
| CVE-2015-1223 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of… | |||
| CVE-2015-1222 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 all… | |||
| CVE-2015-1221 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incor… | |||
| CVE-2015-1219 | high | — | 7.5 | 11y ago | Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service… | |||
| CVE-2015-1218 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecif… | |||
| CVE-2015-1217 | high | — | 7.5 | 11y ago | The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compil… | |||
| CVE-2015-1216 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.7… | |||
| CVE-2015-1215 | high | — | 7.5 | 11y ago | The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigg… | |||
| CVE-2015-1214 | high | — | 7.5 | 11y ago | Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to caus… | |||
| CVE-2015-1213 | high | — | 7.5 | 11y ago | The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or … | |||
| CVE-2015-1483 | high | — | 7.5 | 11y ago | Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. | |||
| CVE-2015-2199 | medium | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] paramet… | |||
| CVE-2015-0889 | high | — | 7.5 | 11y ago | KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article. |