CVEs from 2015
Total
7,313
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
17.9%
% with KEV
0.6%
% with exploit
0.8%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2015-0555 | medium | — | 6.8 | 11y ago | Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to… | |
| CVE-2015-2048 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |
| CVE-2015-2039 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for re… | |
| CVE-2015-0880 | medium | — | 6.8 | 11y ago | Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of an attachment. | |
| CVE-2015-1614 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Image Metadata Cruncher plugin for WordPress allow remote attackers to hijack the authentication of administrators for requests that … | |
| CVE-2015-1501 | medium | — | 6.8 | 11y ago | The factory.loadExtensionFactory function in TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via a UNC path to a crafte… | |
| CVE-2015-1500 | medium | — | 6.8 | 11y ago | Multiple stack-based buffer overflows in the TSUnicodeGraphEditorControl in SolarWinds Server and Application Monitor (SAM) allow remote attackers to execute arbitrary code via unspecified vectors to… | |
| CVE-2015-1495 | medium | — | 6.8 | 11y ago | Multiple stack-based buffer overflows in Motorola Scanner SDK allow remote attackers to execute arbitrary code via a crafted string to the Open method in (1) IOPOSScanner.ocx or (2) IOPOSScale.ocx. | |
| CVE-2015-1585 | medium | — | 6.8 | 11y ago | Fat Free CRM Cross-Site Request Forgery vulnerability | |
| CVE-2015-0931 | medium | — | 6.8 | 11y ago | Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a crafted XSLT document,… | |
| CVE-2015-1581 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) … | |
| CVE-2015-1580 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1)… | |
| CVE-2015-1559 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in administrator.php in Epignosis eFront Open Source Edition before 3.6.15.3 build 18022 allow remote attackers to hijack the authentication… | |
| CVE-2015-1432 | medium | — | 6.8 | 12y ago | The message_options function in includes/ucp/ucp_pm_options.php in phpBB before 3.0.13 does not properly validate the form key, which allows remote attackers to conduct CSRF attacks and change the fu… | |
| CVE-2015-1568 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the GD Infinite Scroll module before 7.x-1.4 for Drupal allows remote attackers to hijack the authentication of users with the "edit gd infinite scr… | |
| CVE-2015-1049 | medium | — | 6.8 | 12y ago | The web server on Siemens SCALANCE X-200IRT switches with firmware before 5.2.0 allows remote attackers to hijack sessions via unspecified vectors. | |
| CVE-2015-0596 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj67163. | |
| CVE-2015-0926 | medium | — | 6.8 | 12y ago | Labtech before 100.237 on Linux uses world-writable permissions for root-executed scripts, which allows local users to gain privileges by modifying a script file. | |
| CVE-2015-1424 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newus… | |
| CVE-2015-1374 | medium | — | 6.8 | 12y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in ferretCMS 1.0.4-alpha allow remote attackers to hijack the authentication of administrators for requests that conduct (1) cr… | |
| CVE-2015-1361 | medium | — | 6.8 | 12y ago | platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which mi… | |
| CVE-2015-1359 | medium | — | 6.8 | 12y ago | Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly h… | |
| CVE-2015-0232 | medium | — | 6.8 | 12y ago | The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (… | |
| CVE-2015-0435 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated us… | |
| CVE-2015-0390 | medium | — | 6.8 | 12y ago | Unspecified vulnerability in the MICROS Retail component in Oracle Retail Applications Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, and 6.5.2 allows remote attackers to affe… | |
| CVE-2015-0588 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in Cisco Unified Communications Domain Manager (UCDM) 10 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuo77055. | |
| CVE-2015-0920 | medium | — | 6.8 | 12y ago | Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct… | |
| CVE-2015-3321 | medium | 6.7 | 6.7 | 9y ago | Services and files in Lenovo Fingerprint Manager before 8.01.42 have incorrect ACLs, which allows local users to invalidate local checks and gain privileges via standard filesystem operations. | |
| CVE-2015-5191 | medium | 6.7 | 6.7 | 9y ago | VMware Tools prior to 10.0.9 contains multiple file system races in libDeployPkg, related to the use of hard-coded paths under /tmp. Successful exploitation of this issue may result in a local privil… | |
| CVE-2015-4045 | medium | 6.7 | 6.7 | 9y ago | The sudoers file in the asset discovery scanner in AlienVault OSSIM before 5.0.1 allows local users to gain privileges via a crafted nmap script. | |
| CVE-2015-4056 | medium | 6.7 | 6.7 | 9y ago | The System Library in VCE Vision Intelligent Operations before 2.6.5 does not properly implement cryptography, which makes it easier for local users to discover credentials by leveraging administrati… | |
| CVE-2015-7024 | medium | 6.7 | 6.7 | 11y ago | Untrusted search path vulnerability in Apple OS X before 10.11.1 allows local users to bypass intended Gatekeeper restrictions and gain privileges via a Trojan horse program that is loaded from an un… | |
| CVE-2015-8660 | medium | 6.7 | 6.7 | 11y ago | The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and m… | |
| CVE-2015-6851 | medium | 6.7 | 6.7 | 11y ago | EMC RSA SecurID Web Agent before 8.0 allows physically proximate attackers to bypass the privacy-screen protection mechanism by leveraging an unattended workstation and running DOM Inspector. | |
| CVE-2015-7331 | medium | 6.6 | 6.6 | 10y ago | The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows remote attackers to execute arbitrary code via vectors involving the --server argument. | |
| CVE-2015-7117 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |
| CVE-2015-7092 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted TXXX frame within an ID3 t… | |
| CVE-2015-7091 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |
| CVE-2015-7090 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |
| CVE-2015-7089 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |
| CVE-2015-7088 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |
| CVE-2015-7087 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |
| CVE-2015-7086 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |
| CVE-2015-7085 | medium | 6.6 | 6.6 | 11y ago | Apple QuickTime before 7.7.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file, a different vulnerabili… | |
| CVE-2015-6643 | medium | 6.6 | 6.6 | 11y ago | Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka … | |
| CVE-2015-8328 | medium | — | 6.6 | 11y ago | Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows allows local users to obtain sensitive… | |
| CVE-2015-7869 | medium | — | 6.6 | 11y ago | Multiple integer overflows in the kernel mode driver for the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows and R304 before 304.131, R340 before … | |
| CVE-2015-4837 | medium | — | 6.6 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Security. | |
| CVE-2015-6322 | medium | — | 6.6 | 11y ago | The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 through 4.1(8) allows local users to bypass intended access restrictions and move arbitrary files by leveraging the lack of source-… | |
| CVE-2015-4505 | medium | — | 6.6 | 11y ago | updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows allows local users to write to arbitrary files by conducting a junction attack and waiting for an update operati… | |
| CVE-2015-2594 | medium | — | 6.6 | 11y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and 4.3.30 allows local users to affect confidentiality, integrity… | |
| CVE-2015-3436 | medium | — | 6.6 | 11y ago | provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-loc… | |
| CVE-2015-0665 | medium | — | 6.6 | 11y ago | The Hostscan module in Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows local users to write to arbitrary files via crafted IPC messages, aka Bug ID CSCus79173. | |
| CVE-2015-0663 | medium | — | 6.6 | 11y ago | Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does not properly implement access control for IPC messages, which allows local users to write to arbitrary files via crafted messages,… | |
| CVE-2015-4082 | medium | 6.5 | 6.5 | 4y ago | attic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive informa… | |
| CVE-2015-8470 | medium | 6.5 | 6.5 | 9y ago | The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cook… | |
| CVE-2015-1239 | medium | 6.5 | 6.5 | 9y ago | Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a craf… | |
| CVE-2015-5327 | medium | 6.5 | 6.5 | 9y ago | Out-of-bounds memory read in the x509_decode_time function in x509_cert_parser.c in Linux kernels 4.3-rc1 and after. | |
| CVE-2015-2927 | medium | 6.5 | 6.5 | 9y ago | node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause a denial of service (bandwidth consumption). | |
| CVE-2015-5248 | medium | 6.5 | 6.5 | 9y ago | Reflected file download vulnerability in Red Hat Feedhenry Enterprise Mobile Application Platform. | |
| CVE-2015-4684 | medium | 6.5 | 6.5 | 9y ago | Multiple directory traversal vulnerabilities in Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allow (1) remote authenticated users to read arbitrary files via a .. (dot dot) in the Modi… | |
| CVE-2015-4682 | medium | 6.5 | 6.5 | 9y ago | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows remote authenticated users to obtain the installation path via an HTTP POST request to PlcmRmWeb/JConfigManager. | |
| CVE-2015-3419 | medium | 6.5 | 6.5 | 9y ago | vBulletin 5.x through 5.1.6 allows remote authenticated users to bypass authorization checks and inject private messages into conversations via vectors related to an input validation failure. | |
| CVE-2015-0110 | medium | 6.5 | 6.5 | 9y ago | IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and WebSphere Lombardi Edition (aka WLE) 7.2.x allow remote authenticated users to bypass intended access restrictions on internal servi… | |
| CVE-2015-5695 | medium | 6.5 | 6.5 | 9y ago | Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might… | |
| CVE-2015-7896 | medium | 6.5 | 6.5 | 9y ago | LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. | |
| CVE-2015-0783 | medium | 6.5 | 6.5 | 9y ago | The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable. | |
| CVE-2015-7855 | medium | 6.5 | 6.5 | 9y ago | The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a l… | |
| CVE-2015-7850 | medium | 6.5 | 6.5 | 9y ago | ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. | |
| CVE-2015-7702 | medium | 6.5 | 6.5 | 9y ago | The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomple… | |
| CVE-2015-0194 | medium | 6.5 | 6.5 | 9y ago | XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and IBM Sterling File Gateway 2.1 and 2.2 allows remote attackers to read arbitrary files via a crafted XML data. | |
| CVE-2015-5187 | medium | 6.5 | 6.5 | 9y ago | Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic. | |
| CVE-2015-4463 | medium | 6.5 | 6.5 | 9y ago | The file_manager component in eFront CMS before 3.6.15.5 allows remote authenticated users to bypass intended file-upload restrictions by appending a crafted parameter to the file URL. | |
| CVE-2015-4462 | medium | 6.5 | 6.5 | 9y ago | Absolute path traversal vulnerability in the file_manager component of eFront CMS before 3.6.15.5 allows remote authenticated users to read arbitrary files via a full pathname in the "Upload file fro… | |
| CVE-2015-7780 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in ManageEngine Firewall Analyzer before 8.0. | |
| CVE-2015-3254 | medium | 6.5 | 6.5 | 9y ago | The client libraries in Apache Thrift before 0.9.3 might allow remote authenticated users to cause a denial of service (infinite recursion) via vectors involving the skip function. | |
| CVE-2015-8538 | medium | 6.5 | 6.5 | 9y ago | dwarf_leb.c in libdwarf allows attackers to cause a denial of service (SIGSEGV). | |
| CVE-2015-7514 | medium | 6.5 | 6.5 | 9y ago | OpenStack Ironic 4.2.0 through 4.2.1 does not "clean" the disk after use, which allows remote authenticated users to obtain sensitive information. | |
| CVE-2015-3830 | medium | 6.5 | 6.5 | 9y ago | The stock Android browser address bar in all Android operating systems suffers from Address Bar Spoofing, which allows remote attackers to trick a victim by displaying a malicious page for legitimate… | |
| CVE-2015-1207 | medium | 6.5 | 6.5 | 9y ago | Double-free vulnerability in libavformat/mov.c in FFMPEG in Google Chrome 41.0.2251.0 allows remote attackers to cause a denial of service (memory corruption and crash) via a crafted .m4a file. | |
| CVE-2015-1834 | medium | 6.5 | 6.5 | 9y ago | A path traversal vulnerability was identified in the Cloud Foundry component Cloud Controller that affects cf-release versions prior to v208 and Pivotal Cloud Foundry Elastic Runtime versions prior t… | |
| CVE-2015-5382 | medium | 6.5 | 6.5 | 9y ago | program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via the _alt parameter when uploading a vCard. | |
| CVE-2015-0107 | medium | 6.5 | 6.5 | 9y ago | IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Sol… | |
| CVE-2015-8959 | medium | 6.5 | 6.5 | 9y ago | coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (CPU consumption) via a crafted DDS file. | |
| CVE-2015-8958 | medium | 6.5 | 6.5 | 9y ago | coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted SUN file. | |
| CVE-2015-8957 | medium | 6.5 | 6.5 | 9y ago | Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote attackers to cause a denial of service (application crash) via a crafted SUN file. | |
| CVE-2015-8345 | medium | 6.5 | 6.5 | 9y ago | The eepro100 emulator in QEMU qemu-kvm blank allows local guest users to cause a denial of service (application crash and infinite loop) via vectors involving the command block list. | |
| CVE-2015-8283 | medium | 6.5 | 6.5 | 9y ago | Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00. | |
| CVE-2015-8272 | medium | 6.5 | 6.5 | 9y ago | RTMPDump 2.4 allows remote attackers to trigger a denial of service (NULL pointer dereference and process crash). | |
| CVE-2015-8613 | medium | 6.5 | 6.5 | 9y ago | Stack-based buffer overflow in the megasas_ctrl_get_info function in QEMU, when built with SCSI MegaRAID SAS HBA emulation support, allows local guest users to cause a denial of service (QEMU instanc… | |
| CVE-2015-8568 | medium | 6.5 | 6.5 | 9y ago | Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC emulator support, allows local guest users to cause a denial of service (host memory consumption) by trying to activate the vmxne… | |
| CVE-2015-8504 | medium | 6.5 | 6.5 | 9y ago | Qemu, when built with VNC display driver support, allows remote attackers to cause a denial of service (arithmetic exception and application crash) via crafted SetPixelFormat messages from a client. | |
| CVE-2015-8670 | medium | 6.5 | 6.5 | 9y ago | Huawei LogCenter V100R001C10 could allow an authenticated attacker to add abnormal device information to the log collection module, causing denial of service. | |
| CVE-2015-8896 | medium | 6.5 | 6.5 | 9y ago | Integer truncation issue in coders/pict.c in ImageMagick before 7.0.5-0 allows remote attackers to cause a denial of service (application crash) via a crafted .pict file. | |
| CVE-2015-4409 | medium | 6.5 | 6.5 | 9y ago | Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request… | |
| CVE-2015-4408 | medium | 6.5 | 6.5 | 9y ago | Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request… | |
| CVE-2015-4407 | medium | 6.5 | 6.5 | 9y ago | Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request… | |
| CVE-2015-8903 | medium | 6.5 | 6.5 | 9y ago | The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted VICAR file. | |
| CVE-2015-8902 | medium | 6.5 | 6.5 | 9y ago | The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted PDB file. | |
| CVE-2015-8901 | medium | 6.5 | 6.5 | 9y ago | ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a denial of service (infinite loop) via a crafted MIFF file. |