CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0524 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the Gateway Provisioning service in EMC Secure Remote Services Virtual Edition (ESRS VE) 3.02 and 3.03 allows remote attackers to execute arbitrary SQL commands via uns… | |||
| CVE-2015-2243 | high | — | 7.5 | 11y ago | Directory traversal vulnerability in Webshop hun 1.062S allows remote attackers to have unspecified impact via directory traversal sequences in the mappa parameter to index.php. | |||
| CVE-2015-2242 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow remote attackers to execute arbitrary SQL commands via the (1) termid or (2) nyelv_id parameter to index.php. | |||
| CVE-2015-2092 | high | — | 7.5 | 11y ago | The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies Feature Extraction allows remote attackers to execute arbitrary code via a crafted object parameter in the Insert function, related t… | |||
| CVE-2015-2061 | high | — | 7.5 | 11y ago | Heap-based buffer overflow in the browser plugin for PTC Creo View allows remote attackers to execute arbitrary code via vectors involving setting a large buffer to an unspecified attribute. | |||
| CVE-2015-0254 | high | — | 7.5 | 11y ago | XXE in Apache Standard Taglibs | |||
| CVE-2015-2238 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as used in Google Chrome before 41.0.2272.76, allow attackers to cause a denial of service or possibly have other impact via unknown… | |||
| CVE-2015-1232 | high | — | 7.5 | 11y ago | Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or p… | |||
| CVE-2015-1231 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1230 | high | — | 7.5 | 11y ago | The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote a… | |||
| CVE-2015-1228 | high | — | 7.5 | 11y ago | The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not ini… | |||
| CVE-2015-1227 | high | — | 7.5 | 11y ago | The DragImage::create function in platform/DragImage.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not initialize memory for image drawing, which allows remote attackers to have an… | |||
| CVE-2015-1223 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of… | |||
| CVE-2015-1222 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in the ServiceWorkerScriptCacheMap implementation in content/browser/service_worker/service_worker_script_cache_map.cc in Google Chrome before 41.0.2272.76 all… | |||
| CVE-2015-1221 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incor… | |||
| CVE-2015-1219 | high | — | 7.5 | 11y ago | Integer overflow in the SkMallocPixelRef::NewAllocate function in core/SkMallocPixelRef.cpp in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service… | |||
| CVE-2015-1218 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecif… | |||
| CVE-2015-1217 | high | — | 7.5 | 11y ago | The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compil… | |||
| CVE-2015-1216 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.7… | |||
| CVE-2015-1215 | high | — | 7.5 | 11y ago | The filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigg… | |||
| CVE-2015-1214 | high | — | 7.5 | 11y ago | Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to caus… | |||
| CVE-2015-1213 | high | — | 7.5 | 11y ago | The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or … | |||
| CVE-2015-1483 | high | — | 7.5 | 11y ago | Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX allows remote attackers to execute arbitrary JavaScript code via unspecified vectors. | |||
| CVE-2015-0889 | high | — | 7.5 | 11y ago | KENT-WEB Joyful Note before 5.3 allows remote attackers to delete files or write to files, and consequently execute arbitrary code, via vectors involving an article. | |||
| CVE-2015-0836 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of servic… | |||
| CVE-2015-0835 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2015-0823 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly ha… | |||
| CVE-2015-2066 | high | — | 7.5 | 11y ago | SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. | |||
| CVE-2015-1605 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vector… | |||
| CVE-2015-1315 | high | — | 7.5 | 11y ago | Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string… | |||
| CVE-2015-1169 | high | — | 7.5 | 12y ago | Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid passw… | |||
| CVE-2015-1031 | high | — | 7.5 | 12y ago | Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional uncon… | |||
| CVE-2015-1514 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) re… | |||
| CVE-2015-1513 | high | — | 7.5 | 12y ago | SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. | |||
| CVE-2015-1442 | high | — | 7.5 | 12y ago | SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via … | |||
| CVE-2015-1212 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly hav… | |||
| CVE-2015-1211 | high | — | 7.5 | 12y ago | The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.1… | |||
| CVE-2015-1209 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 4… | |||
| CVE-2015-1462 | high | — | 7.5 | 12y ago | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." | |||
| CVE-2015-1461 | high | — | 7.5 | 12y ago | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." | |||
| CVE-2015-1460 | high | — | 7.5 | 12y ago | Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. | |||
| CVE-2015-1455 | high | — | 7.5 | 12y ago | Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain acc… | |||
| CVE-2015-1441 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1405 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1403 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1450 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php. | |||
| CVE-2015-0868 | high | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS before 2.91 allows remote attackers to execute arbitrary code by uploading an executable file. | |||
| CVE-2015-0581 | high | — | 7.5 | 12y ago | The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity de… | |||
| CVE-2015-1182 | high | — | 7.5 | 12y ago | The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows r… | |||
| CVE-2015-1369 | high | — | 7.5 | 12y ago | SQL Injection in sequelize | |||
| CVE-2015-1367 | high | — | 7.5 | 12y ago | SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter. | |||
| CVE-2015-1360 | high | — | 7.5 | 12y ago | Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improper… | |||
| CVE-2015-0231 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execu… | |||
| CVE-2015-1346 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unkno… | |||
| CVE-2015-1205 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1312 | high | — | 7.5 | 12y ago | The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown … | |||
| CVE-2015-1310 | high | — | 7.5 | 12y ago | SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenan… | |||
| CVE-2015-0424 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality, i… | |||
| CVE-2015-0411 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related… | |||
| CVE-2015-0396 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unkno… | |||
| CVE-2015-1055 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/adm… | |||
| CVE-2015-5639 | high | 7.4 | 7.4 | 9y ago | niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | |||
| CVE-2015-2988 | high | 7.4 | 7.4 | 9y ago | Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | |||
| CVE-2015-8870 | high | 7.4 | 7.4 | 10y ago | Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process … | |||
| CVE-2015-8843 | high | 7.4 | 7.4 | 10y ago | The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges… | |||
| CVE-2015-8474 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to … | |||
| CVE-2015-7428 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attac… | |||
| CVE-2015-3272 | high | 7.4 | 7.4 | 10y ago | Moodle open redirect vulnerability | |||
| CVE-2015-8483 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||
| CVE-2015-4956 | high | 7.4 | 7.4 | 10y ago | The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors. | |||
| CVE-2015-8466 | high | 7.4 | 7.4 | 11y ago | Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header. | |||
| CVE-2015-7393 | high | 7.4 | 7.4 | 11y ago | dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.… | |||
| CVE-2015-8400 | high | 7.4 | 7.4 | 11y ago | The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. | |||
| CVE-2015-8331 | high | 7.4 | 7.4 | 11y ago | The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attack… | |||
| CVE-2015-7397 | high | 7.4 | 7.4 | 11y ago | Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phi… | |||
| CVE-2015-8597 | high | 7.4 | 7.4 | 11y ago | Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phi… | |||
| CVE-2015-7410 | high | 7.4 | 7.4 | 11y ago | The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or … | |||
| CVE-2015-1947 | high | 7.4 | 7.4 | 11y ago | Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is… | |||
| CVE-2015-5663 | high | 7.4 | 7.4 | 11y ago | The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the u… | |||
| CVE-2015-8370 | high | 7.4 | 7.4 | 11y ago | Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via … | |||
| CVE-2015-8570 | high | — | 7.4 | 11y ago | The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request. | |||
| CVE-2015-8962 | high | 7.3 | 7.3 | 10y ago | Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and… | |||
| CVE-2015-8955 | high | 7.3 | 7.3 | 10y ago | arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving… | |||
| CVE-2015-8800 | high | 7.3 | 7.3 | 10y ago | Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical S… | |||
| CVE-2015-8865 | high | 7.3 | 7.3 | 10y ago | The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, whi… | |||
| CVE-2015-8560 | high | 7.3 | 7.3 | 10y ago | Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a … | |||
| CVE-2015-8708 | high | 7.3 | 7.3 | 10y ago | Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set c… | |||
| CVE-2015-8614 | high | 7.3 | 7.3 | 10y ago | Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecifie… | |||
| CVE-2015-5329 | high | 7.3 | 7.3 | 10y ago | The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for rem… | |||
| CVE-2015-8837 | high | 7.3 | 7.3 | 10y ago | Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary co… | |||
| CVE-2015-8836 | high | 7.3 | 7.3 | 10y ago | Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other imp… | |||
| CVE-2015-7909 | high | 7.3 | 7.3 | 11y ago | Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attac… | |||
| CVE-2015-8472 | high | 7.3 | 7.3 | 11y ago | Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers t… | |||
| CVE-2015-6836 | high | 7.3 | 7.3 | 11y ago | The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary… | |||
| CVE-2015-6832 | high | 7.3 | 7.3 | 11y ago | Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitra… | |||
| CVE-2015-6831 | high | 7.3 | 7.3 | 11y ago | Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObjec… | |||
| CVE-2015-6527 | high | 7.3 | 7.3 | 11y ago | The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplac… | |||
| CVE-2015-5590 | high | 7.3 | 7.3 | 11y ago | Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of servic… | |||
| CVE-2015-6863 | high | 7.3 | 7.3 | 11y ago | HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | |||
| CVE-2015-6336 | high | 7.3 | 7.3 | 11y ago | Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vect… |