CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0836 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of servic… | |||
| CVE-2015-0835 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2015-0823 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used in Mozilla Firefox before 36.0, might allow remote attackers to trigger problematic Developer Console information or possibly ha… | |||
| CVE-2015-2066 | high | — | 7.5 | 11y ago | SQL injection vulnerability in DLGuard 4.5 allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php. | |||
| CVE-2015-1605 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset Manager (aka Quest Workspace Asset Manager) before 9.5 allow remote attackers to execute arbitrary SQL commands via unspecified vector… | |||
| CVE-2015-1315 | high | — | 7.5 | 11y ago | Buffer overflow in the charset_to_intern function in unix/unix.c in Info-Zip UnZip 6.10b allows remote attackers to execute arbitrary code via a crafted string, as demonstrated by converting a string… | |||
| CVE-2015-1169 | high | — | 7.5 | 12y ago | Apereo Central Authentication Service (CAS) Server before 3.5.3 allows remote attackers to conduct LDAP injection attacks via a crafted username, as demonstrated by using a wildcard and a valid passw… | |||
| CVE-2015-1031 | high | — | 7.5 | 12y ago | Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow remote attackers to have unspecified impact via vectors related to (1) the unmap function in list.c or (2) "two additional uncon… | |||
| CVE-2015-1514 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 allow (1) remote attackers to execute arbitrary SQL commands via the device ID REST parameter (PATH_INFO) to /ajax.php or (2) re… | |||
| CVE-2015-1513 | high | — | 7.5 | 12y ago | SQL injection vulnerability in SIPhone Enterprise PBX allows remote attackers to execute arbitrary SQL commands via the Username. | |||
| CVE-2015-1442 | high | — | 7.5 | 12y ago | SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via … | |||
| CVE-2015-1212 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly hav… | |||
| CVE-2015-1211 | high | — | 7.5 | 12y ago | The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.1… | |||
| CVE-2015-1209 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 4… | |||
| CVE-2015-1481 | medium | — | 7.5 | 12y ago | Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account. | |||
| CVE-2015-1479 | medium | — | 7.5 | 12y ago | SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via … | |||
| CVE-2015-1462 | high | — | 7.5 | 12y ago | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." | |||
| CVE-2015-1461 | high | — | 7.5 | 12y ago | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." | |||
| CVE-2015-1460 | high | — | 7.5 | 12y ago | Huawei Quidway switches with firmware before V200R005C00SPC300 allows remote attackers to gain privileges via a crafted packet. | |||
| CVE-2015-1455 | high | — | 7.5 | 12y ago | Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain acc… | |||
| CVE-2015-1441 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before 2.6.5, and 2.7.x before 2.7.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1405 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Content Rating Extbase extension 2.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1403 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Content Rating extension 1.0.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-1450 | high | — | 7.5 | 12y ago | SQL injection vulnerability in Restaurant Biller allows remote attackers to execute arbitrary SQL commands via the cid parameter in a category action to index.php. | |||
| CVE-2015-0868 | high | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS before 2.91 allows remote attackers to execute arbitrary code by uploading an executable file. | |||
| CVE-2015-1423 | medium | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php. | |||
| CVE-2015-0581 | high | — | 7.5 | 12y ago | The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity de… | |||
| CVE-2015-1182 | high | — | 7.5 | 12y ago | The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows r… | |||
| CVE-2015-1369 | high | — | 7.5 | 12y ago | SQL Injection in sequelize | |||
| CVE-2015-1367 | high | — | 7.5 | 12y ago | SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote attackers to execute arbitrary SQL commands via the lastcatbot parameter. | |||
| CVE-2015-1360 | high | — | 7.5 | 12y ago | Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data that is improper… | |||
| CVE-2015-0231 | high | — | 7.5 | 12y ago | Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execu… | |||
| CVE-2015-1346 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unkno… | |||
| CVE-2015-1205 | high | — | 7.5 | 12y ago | Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1312 | high | — | 7.5 | 12y ago | The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown … | |||
| CVE-2015-1310 | high | — | 7.5 | 12y ago | SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. NOTE: the provenan… | |||
| CVE-2015-0424 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality, i… | |||
| CVE-2015-0411 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related… | |||
| CVE-2015-0396 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unkno… | |||
| CVE-2015-1059 | medium | — | 7.5 | 12y ago | Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it… | |||
| CVE-2015-1055 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/adm… | |||
| CVE-2015-5639 | high | 7.4 | 7.4 | 9y ago | niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | |||
| CVE-2015-2988 | high | 7.4 | 7.4 | 9y ago | Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | |||
| CVE-2015-8870 | high | 7.4 | 7.4 | 10y ago | Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process … | |||
| CVE-2015-8843 | high | 7.4 | 7.4 | 10y ago | The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges… | |||
| CVE-2015-8474 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to … | |||
| CVE-2015-7428 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attac… | |||
| CVE-2015-3272 | high | 7.4 | 7.4 | 10y ago | Moodle open redirect vulnerability | |||
| CVE-2015-8483 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||
| CVE-2015-4956 | high | 7.4 | 7.4 | 10y ago | The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors. | |||
| CVE-2015-8466 | high | 7.4 | 7.4 | 11y ago | Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header. | |||
| CVE-2015-7393 | high | 7.4 | 7.4 | 11y ago | dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.… | |||
| CVE-2015-8400 | high | 7.4 | 7.4 | 11y ago | The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. | |||
| CVE-2015-8331 | high | 7.4 | 7.4 | 11y ago | The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attack… | |||
| CVE-2015-7397 | high | 7.4 | 7.4 | 11y ago | Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phi… | |||
| CVE-2015-8597 | high | 7.4 | 7.4 | 11y ago | Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phi… | |||
| CVE-2015-7410 | high | 7.4 | 7.4 | 11y ago | The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or … | |||
| CVE-2015-1947 | high | 7.4 | 7.4 | 11y ago | Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is… | |||
| CVE-2015-5663 | high | 7.4 | 7.4 | 11y ago | The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the u… | |||
| CVE-2015-8370 | high | 7.4 | 7.4 | 11y ago | Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via … | |||
| CVE-2015-8570 | high | — | 7.4 | 11y ago | The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request. | |||
| CVE-2015-3623 | medium | — | 7.4 | 11y ago | XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML d… | |||
| CVE-2015-1833 | medium | — | 7.4 | 11y ago | Improper Input Validation in Apache Jackrabbit | |||
| CVE-2015-3083 | medium | — | 7.4 | 11y ago | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Ad… | |||
| CVE-2015-3082 | medium | — | 7.4 | 11y ago | Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Ad… | |||
| CVE-2015-2791 | medium | — | 7.4 | 11y ago | The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/men… | |||
| CVE-2015-1577 | medium | — | 7.4 | 12y ago | Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter. | |||
| CVE-2015-8962 | high | 7.3 | 7.3 | 10y ago | Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and… | |||
| CVE-2015-8955 | high | 7.3 | 7.3 | 10y ago | arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving… | |||
| CVE-2015-8800 | high | 7.3 | 7.3 | 10y ago | Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical S… | |||
| CVE-2015-8865 | high | 7.3 | 7.3 | 10y ago | The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, whi… | |||
| CVE-2015-8560 | high | 7.3 | 7.3 | 10y ago | Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a … | |||
| CVE-2015-8708 | high | 7.3 | 7.3 | 10y ago | Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set c… | |||
| CVE-2015-8614 | high | 7.3 | 7.3 | 10y ago | Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecifie… | |||
| CVE-2015-5329 | high | 7.3 | 7.3 | 10y ago | The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for rem… | |||
| CVE-2015-8837 | high | 7.3 | 7.3 | 10y ago | Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary co… | |||
| CVE-2015-8836 | high | 7.3 | 7.3 | 10y ago | Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other imp… | |||
| CVE-2015-7909 | high | 7.3 | 7.3 | 11y ago | Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attac… | |||
| CVE-2015-8472 | high | 7.3 | 7.3 | 11y ago | Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers t… | |||
| CVE-2015-6836 | high | 7.3 | 7.3 | 11y ago | The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary… | |||
| CVE-2015-6832 | high | 7.3 | 7.3 | 11y ago | Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitra… | |||
| CVE-2015-6831 | high | 7.3 | 7.3 | 11y ago | Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObjec… | |||
| CVE-2015-6527 | high | 7.3 | 7.3 | 11y ago | The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplac… | |||
| CVE-2015-5590 | high | 7.3 | 7.3 | 11y ago | Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of servic… | |||
| CVE-2015-6863 | high | 7.3 | 7.3 | 11y ago | HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | |||
| CVE-2015-6336 | high | 7.3 | 7.3 | 11y ago | Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vect… | |||
| CVE-2015-8607 | high | 7.3 | 7.3 | 11y ago | The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to byp… | |||
| CVE-2015-8769 | high | 7.3 | 7.3 | 11y ago | SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-2895 | high | 7.3 | 7.3 | 11y ago | Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input. | |||
| CVE-2015-7788 | high | 7.3 | 7.3 | 11y ago | ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2015-8662 | high | 7.3 | 7.3 | 11y ago | The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which al… | |||
| CVE-2015-1836 | high | 7.3 | 7.3 | 11y ago | High severity vulnerability that affects org.apache.hbase:hbase | |||
| CVE-2015-1772 | high | 7.3 | 7.3 | 11y ago | Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service | |||
| CVE-2015-6934 | high | 7.3 | 7.3 | 11y ago | Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow… | |||
| CVE-2015-8387 | high | 7.3 | 7.3 | 11y ago | PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impa… | |||
| CVE-2015-2915 | high | — | 7.3 | 11y ago | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote … | |||
| CVE-2015-1098 | high | 7.3 | 7.3 | 11y ago | iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | |||
| CVE-2015-5164 | high | 7.2 | 7.2 | 9y ago | The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code… | |||
| CVE-2015-9234 | high | 7.2 | 7.2 | 9y ago | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. | |||
| CVE-2015-9227 | high | 7.2 | 7.2 | 9y ago | PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL i… |