CVEs from 2015
Total
7,267
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
2.2%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5721 | critical | 9.8 | 9.8 | 10y ago | Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_… | |||
| CVE-2015-5719 | critical | 9.8 | 9.8 | 10y ago | app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact a… | |||
| CVE-2015-8949 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login. | |||
| CVE-2015-0573 | critical | 9.8 | 9.8 | 10y ago | drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows at… | |||
| CVE-2015-7029 | critical | 9.8 | 9.8 | 10y ago | Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) vi… | |||
| CVE-2015-7988 | critical | 9.8 | 9.8 | 10y ago | The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vecto… | |||
| CVE-2015-7987 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueFor… | |||
| CVE-2015-7695 | critical | 9.8 | 9.8 | 10y ago | Zend Framework SQL injection vector using null byte for PDO | |||
| CVE-2015-8880 | critical | 9.8 | 9.8 | 10y ago | Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. | |||
| CVE-2015-8876 | critical | 9.8 | 9.8 | 10y ago | Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL… | |||
| CVE-2015-8835 | critical | 9.8 | 9.8 | 10y ago | The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a… | |||
| CVE-2015-6835 | critical | 9.8 | 9.8 | 10y ago | The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or ca… | |||
| CVE-2015-6834 | critical | 9.8 | 9.8 | 10y ago | Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable… | |||
| CVE-2015-5589 | critical | 9.8 | 9.8 | 10y ago | The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows… | |||
| CVE-2015-4643 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply t… | |||
| CVE-2015-4642 | critical | 9.8 | 9.8 | 10y ago | The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2015-4603 | critical | 9.8 | 9.8 | 10y ago | The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpecte… | |||
| CVE-2015-4602 | critical | 9.8 | 9.8 | 10y ago | The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (applicat… | |||
| CVE-2015-4601 | critical | 9.8 | 9.8 | 10y ago | PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1… | |||
| CVE-2015-4600 | critical | 9.8 | 9.8 | 10y ago | The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary … | |||
| CVE-2015-4599 | critical | 9.8 | 9.8 | 10y ago | The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of servic… | |||
| CVE-2015-4116 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a f… | |||
| CVE-2015-6552 | critical | 9.8 | 9.8 | 10y ago | The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.… | |||
| CVE-2015-6550 | critical | 9.8 | 9.8 | 10y ago | bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through… | |||
| CVE-2015-8863 | critical | 9.8 | 9.8 | 10y ago | Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. | |||
| CVE-2015-0857 | critical | 9.8 | 9.8 | 10y ago | Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | |||
| CVE-2015-8812 | critical | 9.8 | 9.8 | 10y ago | drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service … | |||
| CVE-2015-8779 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possib… | |||
| CVE-2015-8778 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the s… | |||
| CVE-2015-7545 | critical | 9.8 | 9.8 | 10y ago | The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed prot… | |||
| CVE-2015-8841 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in the Archive support module in ESET NOD32 before update 11861 allows remote attackers to execute arbitrary code via a large number of languages in an EPOC installation fi… | |||
| CVE-2015-8833 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbit… | |||
| CVE-2015-8710 | critical | 9.8 | 9.8 | 10y ago | The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possi… | |||
| CVE-2015-8522 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability t… | |||
| CVE-2015-8521 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability t… | |||
| CVE-2015-8520 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability t… | |||
| CVE-2015-8519 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability t… | |||
| CVE-2015-7261 | critical | 9.8 | 9.8 | 10y ago | The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a… | |||
| CVE-2015-8277 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with… | |||
| CVE-2015-8805 | critical | 9.8 | 9.8 | 10y ago | The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allo… | |||
| CVE-2015-8804 | critical | 9.8 | 9.8 | 10y ago | x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to… | |||
| CVE-2015-8803 | critical | 9.8 | 9.8 | 10y ago | The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allo… | |||
| CVE-2015-8286 | critical | 9.8 | 9.8 | 10y ago | Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000. | |||
| CVE-2015-8360 | critical | 9.8 | 9.8 | 10y ago | An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. | |||
| CVE-2015-3252 | critical | 9.8 | 9.8 | 10y ago | Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. | |||
| CVE-2015-8787 | critical | 9.8 | 9.8 | 10y ago | The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or… | |||
| CVE-2015-7915 | critical | 9.8 | 9.8 | 11y ago | Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2015-5344 | critical | 9.8 | 9.8 | 11y ago | Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands | |||
| CVE-2015-6319 | critical | 9.8 | 9.8 | 11y ago | SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID… | |||
| CVE-2015-8362 | critical | 9.8 | 9.8 | 11y ago | The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access… | |||
| CVE-2015-6435 | critical | 9.8 | 9.8 | 11y ago | An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows r… | |||
| CVE-2015-6412 | critical | 9.8 | 9.8 | 11y ago | Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug … | |||
| CVE-2015-8617 | critical | 9.8 | 9.8 | 11y ago | Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a … | |||
| CVE-2015-6323 | critical | 9.8 | 9.8 | 11y ago | The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrativ… | |||
| CVE-2015-6314 | critical | 9.8 | 9.8 | 11y ago | Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bu… | |||
| CVE-2015-8611 | critical | 9.8 | 9.8 | 11y ago | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Managem… | |||
| CVE-2015-8098 | critical | 9.8 | 9.8 | 11y ago | F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors relate… | |||
| CVE-2015-7938 | critical | 9.8 | 9.8 | 11y ago | Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. | |||
| CVE-2015-8668 | critical | 9.8 | 9.8 | 11y ago | Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service … | |||
| CVE-2015-7554 | critical | 9.8 | 9.8 | 11y ago | The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field da… | |||
| CVE-2015-5254 | critical | 9.8 | 9.8 | 11y ago | Improper Input Validation in Apache ActiveMQ | |||
| CVE-2015-8261 | critical | 9.8 | 9.8 | 11y ago | The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks vi… | |||
| CVE-2015-6642 | critical | 9.8 | 9.8 | 11y ago | The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors,… | |||
| CVE-2015-6636 | critical | 9.8 | 9.8 | 11y ago | mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, a… | |||
| CVE-2015-5989 | critical | 9.8 | 9.8 | 11y ago | Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStat… | |||
| CVE-2015-5988 | critical | 9.8 | 9.8 | 11y ago | The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | |||
| CVE-2015-7280 | critical | 9.8 | 9.8 | 11y ago | The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative priv… | |||
| CVE-2015-7277 | critical | 9.8 | 9.8 | 11y ago | The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative … | |||
| CVE-2015-6018 | critical | 9.8 | 9.8 | 11y ago | The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | |||
| CVE-2015-6016 | critical | 9.8 | 9.8 | 11y ago | ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows re… | |||
| CVE-2015-5995 | critical | 9.8 | 9.8 | 11y ago | Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Coo… | |||
| CVE-2015-2874 | critical | 9.8 | 9.8 | 11y ago | Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root acc… | |||
| CVE-2015-7792 | critical | 9.8 | 9.8 | 11y ago | Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. | |||
| CVE-2015-7251 | critical | 9.8 | 9.8 | 11y ago | ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | |||
| CVE-2015-6538 | critical | 9.8 | 9.8 | 11y ago | The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access… | |||
| CVE-2015-6537 | critical | 9.8 | 9.8 | 11y ago | SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | |||
| CVE-2015-6792 | critical | 9.8 | 9.8 | 11y ago | The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (applicatio… | |||
| CVE-2015-8969 | critical | 9.8 | 9.8 | 11y ago | Git-fastclone passes user modifiable strings directly to a shell command | |||
| CVE-2015-6764 | critical | 9.8 | 9.8 | 11y ago | The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which al… | |||
| CVE-2015-8394 | critical | 9.8 | 9.8 | 11y ago | PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via … | |||
| CVE-2015-8391 | critical | 9.8 | 9.8 | 11y ago | The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecifie… | |||
| CVE-2015-8390 | critical | 9.8 | 9.8 | 11y ago | PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other im… | |||
| CVE-2015-8389 | critical | 9.8 | 9.8 | 11y ago | PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact… | |||
| CVE-2015-8386 | critical | 9.8 | 9.8 | 11y ago | PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have … | |||
| CVE-2015-8383 | critical | 9.8 | 9.8 | 11y ago | PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted r… | |||
| CVE-2015-7182 | critical | 9.8 | 9.8 | 11y ago | Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 an… | |||
| CVE-2015-0537 | critical | 9.8 | 9.8 | 11y ago | Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0… | |||
| CVE-2015-3253 | critical | 9.8 | 9.8 | 11y ago | Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy | |||
| CVE-2015-1276 | critical | 9.8 | 9.8 | 11y ago | Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial o… | |||
| CVE-2015-8857 | critical | 9.8 | 9.8 | 11y ago | The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possi… | |||
| CVE-2015-0192 | critical | 9.8 | 9.8 | 11y ago | Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via… | |||
| CVE-2015-1820 | critical | 9.8 | 9.8 | 11y ago | REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a respon… | |||
| CVE-2015-8214 | critical | — | 9.7 | 11y ago | A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-… | |||
| CVE-2015-5211 | critical | 9.6 | 9.6 | 9y ago | Files or Directories Accessible to External Parties in org.springframework:spring-core | |||
| CVE-2015-8866 | critical | 9.6 | 9.6 | 10y ago | ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote att… | |||
| CVE-2015-8789 | critical | 9.6 | 9.6 | 11y ago | Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" fo… | |||
| CVE-2015-7939 | critical | 9.6 | 9.6 | 11y ago | Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename. | |||
| CVE-2015-8751 | critical | — | 9.5 | — | multiple issues in jasper | |||
| CVE-2015-6259 | critical | — | 9.4 | 11y ago | The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 all… | |||
| CVE-2015-0554 | critical | — | 9.4 | 12y ago | The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensi… |