CVEs from 2015
Total
7,271
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
2.2%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1763 | high | — | 8.5 | 11y ago | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014 does not prevent use of uninitialized memory in certain attempts to execute virtual functions, which allows remo… | |||
| CVE-2015-0550 | high | — | 8.5 | 11y ago | Directory traversal vulnerability in EMC Documentum Thumbnail Server 6.7SP1 before P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P01 allows remote attackers to bypass intende… | |||
| CVE-2015-2993 | high | — | 8.5 | 11y ago | SysAid Help Desk before 15.2 does not properly restrict access to certain functionality, which allows remote attackers to (1) create administrator accounts via a crafted request to /createnewaccount … | |||
| CVE-2015-4004 | high | — | 8.5 | 11y ago | The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or caus… | |||
| CVE-2015-4133 | high | — | 8.5 | 11y ago | Unrestricted file upload vulnerability in admin/scripts/FileUploader/php.php in the ReFlex Gallery plugin before 3.1.4 for WordPress allows remote attackers to execute arbitrary PHP code by uploading… | |||
| CVE-2015-2843 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_l… | |||
| CVE-2015-1882 | high | — | 8.5 | 11y ago | Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in… | |||
| CVE-2015-2562 | high | — | 8.5 | 11y ago | Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_categor… | |||
| CVE-2015-1804 | high | — | 8.5 | 11y ago | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticate… | |||
| CVE-2015-1803 | high | — | 8.5 | 11y ago | The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly handle character bitmaps it cannot read, which allows remote authenticated u… | |||
| CVE-2015-1802 | high | — | 8.5 | 11y ago | The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 allows remote authenticated users to cause a denial of service (out-of-bounds write and crash)… | |||
| CVE-2015-2208 | high | — | 8.5 | 11y ago | The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the object parameter. | |||
| CVE-2015-2065 | high | — | 8.5 | 11y ago | SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL comman… | |||
| CVE-2015-1592 | high | — | 8.5 | 11y ago | Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and … | |||
| CVE-2015-1587 | high | — | 8.5 | 11y ago | Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file w… | |||
| CVE-2015-1499 | high | — | 8.5 | 11y ago | The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | |||
| CVE-2015-1172 | high | — | 8.5 | 11y ago | Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code … | |||
| CVE-2015-0307 | high | — | 8.5 | 12y ago | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27… | |||
| CVE-2015-7551 | high | 8.4 | 8.4 | 10y ago | The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles … | |||
| CVE-2015-6566 | high | 8.4 | 8.4 | 11y ago | zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | |||
| CVE-2015-6862 | high | 8.4 | 8.4 | 11y ago | HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors. | |||
| CVE-2015-6860 | high | 8.4 | 8.4 | 11y ago | HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859. | |||
| CVE-2015-7430 | high | 8.4 | 8.4 | 11y ago | The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecif… | |||
| CVE-2015-6850 | high | 8.4 | 8.4 | 11y ago | EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | |||
| CVE-2015-8973 | high | 8.3 | 8.3 | 9y ago | xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to… | |||
| CVE-2015-7521 | high | 8.3 | 8.3 | 11y ago | High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service | |||
| CVE-2015-8765 | high | 8.3 | 8.3 | 11y ago | Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a craft… | |||
| CVE-2015-8663 | high | 8.3 | 8.3 | 11y ago | The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds ar… | |||
| CVE-2015-8661 | high | 8.3 | 8.3 | 11y ago | The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote at… | |||
| CVE-2015-6481 | high | 8.3 | 8.3 | 11y ago | The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login se… | |||
| CVE-2015-6480 | high | 8.3 | 8.3 | 11y ago | The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrate… | |||
| CVE-2015-6547 | high | — | 8.3 | 11y ago | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified v… | |||
| CVE-2015-2904 | high | — | 8.3 | 11y ago | Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interfa… | |||
| CVE-2015-5611 | high | — | 8.3 | 11y ago | Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA) from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehi… | |||
| CVE-2015-2233 | high | — | 8.3 | 11y ago | Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and ex… | |||
| CVE-2015-0675 | high | — | 8.3 | 11y ago | The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication m… | |||
| CVE-2015-2247 | high | — | 8.3 | 11y ago | Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "in… | |||
| CVE-2015-0008 | high | — | 8.3 | 12y ago | The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows… | |||
| CVE-2015-8813 | high | 8.2 | 8.2 | 9y ago | Umbraco CMS vulnerable to CSRF | |||
| CVE-2015-1000002 | high | 8.2 | 8.2 | 10y ago | Open Proxy in filedownload v1.4 wordpress plugin | |||
| CVE-2015-8550 | high | 8.2 | 8.2 | 10y ago | Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend… | |||
| CVE-2015-8397 | high | 8.2 | 8.2 | 11y ago | The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from proces… | |||
| CVE-2015-6133 | high | — | 8.2 | 11y ago | Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a c… | |||
| CVE-2015-6132 | high | — | 8.2 | 11y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandl… | |||
| CVE-2015-6128 | high | — | 8.2 | 11y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Libra… | |||
| CVE-2015-5889 | high | — | 8.2 | 11y ago | rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables. | |||
| CVE-2015-3760 | high | — | 8.2 | 11y ago | dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-3246 | high | — | 8.2 | 11y ago | libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (incon… | |||
| CVE-2015-3673 | high | — | 8.2 | 11y ago | Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory … | |||
| CVE-2015-2219 | high | — | 8.2 | 11y ago | Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to th… | |||
| CVE-2015-1318 | high | — | 8.2 | 11y ago | The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). | |||
| CVE-2015-0002 | high | — | 8.2 | 12y ago | The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold a… | |||
| CVE-2015-3637 | high | 8.1 | 8.1 | 9y ago | SQL injection vulnerability in phpMyBackupPro when run in multi-user mode before 2.5 allows remote attackers to execute arbitrary SQL commands via the username and password parameters. | |||
| CVE-2015-5246 | high | 8.1 | 8.1 | 9y ago | The LDAP Authentication functionality in Foreman might allow remote attackers with knowledge of old passwords to gain access via vectors involving the password lifetime period in Active Directory. | |||
| CVE-2015-5263 | high | 8.1 | 8.1 | 9y ago | pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's TLS certificate signatures when retrieving the server's public key upon registration. | |||
| CVE-2015-4075 | high | 8.1 | 8.1 | 9y ago | The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task. | |||
| CVE-2015-3314 | high | 8.1 | 8.1 | 9y ago | SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5. | |||
| CVE-2015-5948 | high | 8.1 | 8.1 | 9y ago | Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947. | |||
| CVE-2015-5947 | high | 8.1 | 8.1 | 9y ago | SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. | |||
| CVE-2015-3206 | high | 8.1 | 8.1 | 9y ago | The checkPassword function in python-kerberos does not authenticate the KDC it attempts to communicate with, which allows remote attackers to cause a denial of service (bad response), or have other u… | |||
| CVE-2015-7887 | high | 8.1 | 8.1 | 9y ago | NetApp SnapCenter Server 1.0 allows remote authenticated users to list and delete backups. | |||
| CVE-2015-0839 | high | 8.1 | 8.1 | 9y ago | The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes it easier for man-in-the-middle attackers to execute arbitrary code by leveraging use of a short GPG key id from a keyserver to ve… | |||
| CVE-2015-5152 | high | 8.1 | 8.1 | 9y ago | Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests to HTTPS when the require_ssl setting is set to true, which allows remote attackers to obtain user credentials via a man-in-the-… | |||
| CVE-2015-5232 | high | 8.1 | 8.1 | 9y ago | Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 10.4.0.0.197. | |||
| CVE-2015-6817 | high | 8.1 | 8.1 | 9y ago | PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username. | |||
| CVE-2015-8764 | high | 8.1 | 8.1 | 9y ago | Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through 3.0.8, which triggers a buffer overflow. | |||
| CVE-2015-8763 | high | 8.1 | 8.1 | 9y ago | The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attackers to have unspecified impact via a crafted (1) commit or (2) confirm message, which triggers an out-of-bounds read. | |||
| CVE-2015-8983 | high | 8.1 | 8.1 | 9y ago | Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (applicatio… | |||
| CVE-2015-8982 | high | 8.1 | 8.1 | 9y ago | Integer overflow in the strxfrm function in the GNU C Library (aka glibc or libc6) before 2.21 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary co… | |||
| CVE-2015-7599 | high | 8.1 | 8.1 | 9y ago | Integer overflow in the _authenticate function in svc_auth.c in Wind River VxWorks 5.5 through 6.9.4.1, when the Remote Procedure Call (RPC) protocol is enabled, allows remote attackers to cause a de… | |||
| CVE-2015-8960 | high | 8.1 | 8.1 | 10y ago | The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute t… | |||
| CVE-2015-5348 | high | 8.1 | 8.1 | 10y ago | Apache Camel can allow remote attackers to execute arbitrary commands | |||
| CVE-2015-7999 | high | 8.1 | 8.1 | 10y ago | Multiple SQL injection vulnerabilities in the Administration Web UI servlets in Citrix Command Center before 5.1 Build 36.7 and 5.2 before Build 44.11 allow remote authenticated users to execute arbi… | |||
| CVE-2015-6184 | high | 8.1 | 8.1 | 10y ago | The CAttrArray object implementation in Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and memory corruption) … | |||
| CVE-2015-5346 | high | 8.1 | 8.1 | 10y ago | Improper Neutralization of Input During Web Page Generation in Apache Tomcat | |||
| CVE-2015-7547 | high | 8.1 | 8.1 | 10y ago | Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a den… | |||
| CVE-2015-7914 | high | 8.1 | 8.1 | 11y ago | Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote attackers to bypass authentication by leveraging knowledge of a password hash without knowledge of the associated password. | |||
| CVE-2015-6467 | high | 8.1 | 8.1 | 11y ago | Advantech WebAccess before 8.1 allows remote attackers to execute arbitrary code via vectors involving a browser plugin. | |||
| CVE-2015-3947 | high | 8.1 | 8.1 | 11y ago | SQL injection vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-7754 | high | 8.1 | 8.1 | 11y ago | Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. | |||
| CVE-2015-7283 | high | 8.1 | 8.1 | 11y ago | The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 has a default password of 1234 for the admin account, which allows remote attackers to obtain administrative pr… | |||
| CVE-2015-5600 | high | 8.1 | 8.1 | 11y ago | The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it ea… | |||
| CVE-2015-2142 | high | 8.0 | 8.0 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote authenticated users to (1) hijack the authentication of users for requests that caus… | |||
| CVE-2015-8356 | high | 8.0 | 8.0 | 9y ago | Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to adm… | |||
| CVE-2015-0864 | high | 8.0 | 8.0 | 9y ago | Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | |||
| CVE-2015-0863 | high | 8.0 | 8.0 | 9y ago | GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary cod… | |||
| CVE-2015-0721 | high | 8.0 | 8.0 | 10y ago | Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended A… | |||
| CVE-2015-8798 | high | 8.0 | 8.0 | 10y ago | Directory traversal vulnerability in the Management Server in Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for … | |||
| CVE-2015-8152 | high | 8.0 | 8.0 | 10y ago | Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6-MP4 allows remote authenticated users to hijack the authentication of administrators for… | |||
| CVE-2015-5018 | high | 8.0 | 8.0 | 11y ago | IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before 8.0.1.3 IF3, and Security Access Manager 9.0 before 9.0.0.0 IF1, allows remote authenticated users to execute arbitrary OS command… | |||
| CVE-2015-7284 | high | 8.0 | 8.0 | 11y ago | Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 allows remote attackers to hijack the authentication of arbitrary users. | |||
| CVE-2015-6020 | high | 8.0 | 8.0 | 11y ago | ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to obtain administrative privileges by leveraging access to the user account. | |||
| CVE-2015-7925 | high | 8.0 | 8.0 | 11y ago | Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware … | |||
| CVE-2015-4545 | high | 8.0 | 8.0 | 11y ago | EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account … | |||
| CVE-2015-1935 | high | — | 8.0 | 11y ago | The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service… | |||
| CVE-2015-8666 | high | 7.9 | 7.9 | 9y ago | Heap-based buffer overflow in QEMU, when built with the Q35-chipset-based PC system emulator. | |||
| CVE-2015-5287 | medium | — | 7.9 | 11y ago | The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain permissions to gain privileges via a symlink attack on a file with a predictable na… | |||
| CVE-2015-5693 | high | — | 7.9 | 11y ago | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands via vectors related to "traffi… | |||
| CVE-2015-5692 | high | — | 7.9 | 11y ago | admin_messages.php in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary code by uploading… | |||
| CVE-2015-4034 | high | — | 7.9 | 11y ago | The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a seri… |