CVEs from 2015
Total
7,267
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
2.2%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-8895 | high | 7.5 | 7.5 | 9y ago | Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later allows remote attackers to cause a denial of service (application crash) via a crafted length value, which triggers a buffer overflo… | |||
| CVE-2015-8990 | high | 7.5 | 7.5 | 9y ago | Detection bypass vulnerability in Intel Security Advanced Threat Defense (ATD) 3.4.6 and earlier allows malware samples to bypass ATD detection via renaming the malware. | |||
| CVE-2015-2330 | high | 7.5 | 7.5 | 9y ago | Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows remote attackers to view a secure HTTP request, including, for example, secure cookies. | |||
| CVE-2015-8994 | high | 7.5 | 7.5 | 9y ago | An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28 or 7.x after 7.0.13, the issue is resolved in a n… | |||
| CVE-2015-4057 | high | 7.5 | 7.5 | 9y ago | The "Plug-in for VMware vCenter" in VCE Vision Intelligent Operations before 2.6.5 sends a cleartext HTTP response upon a request for the Settings screen, which allows remote attackers to discover th… | |||
| CVE-2015-8979 | high | 7.5 | 7.5 | 9y ago | Stack-based buffer overflow in the parsePresentationContext function in storescp in DICOM dcmtk-3.6.0 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a long … | |||
| CVE-2015-8544 | high | 7.5 | 7.5 | 9y ago | NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before 7.1.3P1 allows remote attackers to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-8977 | high | 7.5 | 7.5 | 10y ago | MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allow remote attackers to obtain the installation path via vectors involving error log files. | |||
| CVE-2015-7979 | high | 7.5 | 7.5 | 10y ago | NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to cause a denial of service (client-server association tear down) by sending broadcast packets with invalid authentication to a bro… | |||
| CVE-2015-7978 | high | 7.5 | 7.5 | 10y ago | NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers to cause a denial of service (stack exhaustion) via an ntpdc relist command, which triggers recursive traversal of the restriction… | |||
| CVE-2015-8860 | high | 7.5 | 7.5 | 10y ago | The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. | |||
| CVE-2015-8858 | high | 7.5 | 7.5 | 10y ago | The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)." | |||
| CVE-2015-8855 | high | 7.5 | 7.5 | 10y ago | The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | |||
| CVE-2015-8854 | high | 7.5 | 7.5 | 10y ago | The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline r… | |||
| CVE-2015-8315 | high | 7.5 | 7.5 | 10y ago | The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | |||
| CVE-2015-4626 | high | 7.5 | 7.5 | 10y ago | B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft. | |||
| CVE-2015-6574 | high | 7.5 | 7.5 | 10y ago | The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. | |||
| CVE-2015-3418 | high | 7.5 | 7.5 | 10y ago | The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutI… | |||
| CVE-2015-3217 | high | 7.5 | 7.5 | 10y ago | PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expr… | |||
| CVE-2015-8978 | high | 7.5 | 7.5 | 10y ago | In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with th… | |||
| CVE-2015-5162 | high | 7.5 | 7.5 | 10y ago | The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; Glance before 11.0.1 and 12.0.0; and Nova before 12.0.4 and 13.0.0 does not properly limit qemu-img calls, which might allow attack… | |||
| CVE-2015-2080 | high | 7.5 | 7.5 | 10y ago | Jetty vulnerable to exposure of sensitive information to unauthenticated remote users | |||
| CVE-2015-1000012 | high | 7.5 | 7.5 | 10y ago | Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin | |||
| CVE-2015-1000010 | high | 7.5 | 7.5 | 10y ago | Remote file download in simple-image-manipulator v1.0 wordpress plugin | |||
| CVE-2015-1000007 | high | 7.5 | 7.5 | 10y ago | Remote file download vulnerability in wptf-image-gallery v1.03 | |||
| CVE-2015-1000006 | high | 7.5 | 7.5 | 10y ago | Remote file download vulnerability in recent-backups v0.7 wordpress plugin | |||
| CVE-2015-1000005 | high | 7.5 | 7.5 | 10y ago | Remote file download vulnerability in candidate-application-form v1.0 wordpress plugin | |||
| CVE-2015-6393 | high | 7.5 | 7.5 | 10y ago | Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) v… | |||
| CVE-2015-6392 | high | 7.5 | 7.5 | 10y ago | Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted I… | |||
| CVE-2015-8930 | high | 7.5 | 7.5 | 10y ago | bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself. | |||
| CVE-2015-8921 | high | 7.5 | 7.5 | 10y ago | The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file. | |||
| CVE-2015-8919 | high | 7.5 | 7.5 | 10y ago | The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) … | |||
| CVE-2015-8918 | high | 7.5 | 7.5 | 10y ago | The archive_string_append function in archive_string.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted cab files, related to "overlapping memcpy." | |||
| CVE-2015-8917 | high | 7.5 | 7.5 | 10y ago | bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file. | |||
| CVE-2015-8948 | high | 7.5 | 7.5 | 10y ago | idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read. | |||
| CVE-2015-8022 | high | 7.5 | 7.5 | 10y ago | The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, and Link Controller 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.1; B… | |||
| CVE-2015-3854 | high | 7.5 | 7.5 | 10y ago | packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.sto… | |||
| CVE-2015-5738 | high | 7.5 | 7.5 | 10y ago | The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for rem… | |||
| CVE-2015-1977 | high | 7.5 | 7.5 | 10y ago | Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.4… | |||
| CVE-2015-0899 | high | 7.5 | 7.5 | 10y ago | Improper Input Validation in Apache Struts | |||
| CVE-2015-8899 | high | 7.5 | 7.5 | 10y ago | Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally. | |||
| CVE-2015-6289 | high | 7.5 | 7.5 | 10y ago | Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka… | |||
| CVE-2015-8289 | high | 7.5 | 7.5 | 10y ago | The password-recovery feature on NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with firmware 1.0.0.49 and earlier allows remote attackers to discover the cleartext administrator pass… | |||
| CVE-2015-8268 | high | 7.5 | 7.5 | 10y ago | The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 on Linux allows remote attackers to read arbitrary files via unspecified vectors. | |||
| CVE-2015-8806 | high | 7.5 | 7.5 | 10y ago | Denial of service or RCE from libxml2 and libxslt | |||
| CVE-2015-8853 | high | 7.5 | 7.5 | 10y ago | The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 … | |||
| CVE-2015-8879 | high | 7.5 | 7.5 | 10y ago | The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 mishandles driver behavior for SQL_WVARCHAR columns, which allows remote attackers to cause a denial of service (application cra… | |||
| CVE-2015-8877 | high | 7.5 | 7.5 | 10y ago | The gdImageScaleTwoPass function in gd_interpolation.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in PHP before 5.6.12, uses inconsistent allocate and free approaches, which allows … | |||
| CVE-2015-8867 | high | 7.5 | 7.5 | 10y ago | The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 incorrectly relies on the deprecated RAND_pseudo_bytes function, w… | |||
| CVE-2015-7558 | high | 7.5 | 7.5 | 10y ago | librsvg DoS via Cyclic References | |||
| CVE-2015-7557 | high | 7.5 | 7.5 | 10y ago | The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg before 2.40.7 allows context-dependent attackers to cause a denial of service (out-of-bounds heap read) via an odd number of elemen… | |||
| CVE-2015-8874 | high | 7.5 | 7.5 | 10y ago | Stack consumption vulnerability in GD in PHP before 5.6.12 allows remote attackers to cause a denial of service via a crafted imagefilltoborder call. | |||
| CVE-2015-8873 | high | 7.5 | 7.5 | 10y ago | Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to cause a denial of service (segmentation fault) … | |||
| CVE-2015-6838 | high | 7.5 | 7.5 | 10y ago | The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility o… | |||
| CVE-2015-6837 | high | 7.5 | 7.5 | 10y ago | The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13, when libxml2 before 2.9.2 is used, does not consider the possibility o… | |||
| CVE-2015-4644 | high | 7.5 | 7.5 | 10y ago | The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgsql) extension in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not validate token extraction for table nam… | |||
| CVE-2015-4605 | high | 7.5 | 7.5 | 10y ago | The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly restrict a certain offset value, … | |||
| CVE-2015-4604 | high | 7.5 | 7.5 | 10y ago | The mget function in softmagic.c in file 5.x, as used in the Fileinfo component in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, does not properly maintain a certain pointer relatio… | |||
| CVE-2015-7827 | high | 7.5 | 7.5 | 10y ago | Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for remote attackers to conduct million-message attacks by measuring time differences, related to decoding of PKCS#1 padding. | |||
| CVE-2015-5727 | high | 7.5 | 7.5 | 10y ago | The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, related to a length field. | |||
| CVE-2015-5726 | high | 7.5 | 7.5 | 10y ago | The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before 1.11.19 allows remote attackers to cause a denial of service (application crash) via an empty BIT STRING in ASN.1 data. | |||
| CVE-2015-8746 | high | 7.5 | 7.5 | 10y ago | fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 does not properly initialize memory for migration recovery operations, which allows remote NFS servers to cause a denial of servic… | |||
| CVE-2015-8852 | high | 7.5 | 7.5 | 10y ago | Varnish 3.x before 3.0.7, when used in certain stacked installations, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a header line terminated… | |||
| CVE-2015-6360 | high | 7.5 | 7.5 | 10y ago | The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. | |||
| CVE-2015-5271 | high | 7.5 | 7.5 | 10y ago | The TripleO Heat templates (tripleo-heat-templates) do not properly order the Identity Service (keystone) before the OpenStack Object Storage (Swift) staticweb middleware in the swiftproxy pipeline w… | |||
| CVE-2015-8676 | high | 7.5 | 7.5 | 10y ago | Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and S5300LI Campus series switches with software V200R001C00 before V200R001SPH018, V200R002C00 before V200R003SPH011, and V200R003C… | |||
| CVE-2015-8554 | high | 7.5 | 7.5 | 10y ago | Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using the qemu-xen-traditional (aka qemu-dm) device model, allows local x86 HVM guest administrators to gain privileges by leveraging a s… | |||
| CVE-2015-3146 | high | 7.5 | 7.5 | 10y ago | The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in package_cb.c in libssh before 0.6.5 do not properly validate state, which allows remote attackers to cause a denial of service (… | |||
| CVE-2015-8080 | high | 7.5 | 7.5 | 10y ago | Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x before 2.8.24 and 3.0.x before 3.0.6 allows context-dependent attackers with permission to run Lua code in a Redis session to ca… | |||
| CVE-2015-5303 | high | 7.5 | 7.5 | 10y ago | The TripleO Heat templates (tripleo-heat-templates), when deployed via the commandline interface, allow remote attackers to spoof OpenStack Networking metadata requests by leveraging knowledge of the… | |||
| CVE-2015-8240 | high | 7.5 | 7.5 | 10y ago | The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and BIG-IP PEM before 11.4.1 HF10, 11.5.x before 11.5.4, and 11.6.x before 11.6.0 HF6 a… | |||
| CVE-2015-5229 | high | 7.5 | 7.5 | 10y ago | The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of s… | |||
| CVE-2015-6313 | high | 7.5 | 7.5 | 10y ago | Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; Mobility Services Engine (MSE) 8710; Multiparty Media 310, 320, and 820; and Virtual Machine (VM) devices allows remote attackers to cau… | |||
| CVE-2015-6312 | high | 7.5 | 7.5 | 10y ago | Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) 8710, Multiparty Media 310 and 320, and Virtual Machine (VM) devices allows remote attackers to cause a denial of service (device… | |||
| CVE-2015-8523 | high | 7.5 | 7.5 | 10y ago | The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to cause a denial of service (service crash) via crafted packets to a TCP port. | |||
| CVE-2015-6260 | high | 7.5 | 7.5 | 10y ago | Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) vi… | |||
| CVE-2015-0718 | high | 7.5 | 7.5 | 10y ago | Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload… | |||
| CVE-2015-7262 | high | 7.5 | 7.5 | 10y ago | QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, allows remote authenticated users to gain privileges by registering an executable file, and then waiting for th… | |||
| CVE-2015-6036 | high | 7.5 | 7.5 | 10y ago | QNAP Signage Station before 2.0.1 allows remote attackers to bypass authentication, and consequently upload files, via a spoofed HTTP request. | |||
| CVE-2015-5267 | high | 7.5 | 7.5 | 10y ago | Moodle uses predictable password-recovery tokens | |||
| CVE-2015-8149 | high | 7.5 | 7.5 | 10y ago | The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to cause a denial of service (heap memory corruption and service outage) via crafted request… | |||
| CVE-2015-8148 | high | 7.5 | 7.5 | 10y ago | The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows remote attackers to obtain sensitive information about administrator accounts via a modified request. | |||
| CVE-2015-5042 | high | 7.5 | 7.5 | 10y ago | IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers… | |||
| CVE-2015-5012 | high | 7.5 | 7.5 | 10y ago | The SSH implementation on IBM Security Access Manager for Web appliances 7.0 before 7.0.0 FP19, 8.0 before 8.0.1.3 IF3, and 9.0 before 9.0.0.0 IF1 does not properly restrict the set of MAC algorithms… | |||
| CVE-2015-5010 | high | 7.5 | 7.5 | 10y ago | IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before 8.0.1.3 IF4, and 9.0 before 9.0.0.1 IF1 does not have a lockout mechanism for invalid login attempts, which makes it easier for r… | |||
| CVE-2015-8630 | high | 7.5 | 7.5 | 10y ago | The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal functions in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.4 and 1.14.x before 1.… | |||
| CVE-2015-6398 | high | 7.5 | 7.5 | 10y ago | Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with … | |||
| CVE-2015-8269 | high | 7.5 | 7.5 | 11y ago | The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an accou… | |||
| CVE-2015-7546 | high | 7.5 | 7.5 | 11y ago | The identity service in OpenStack Identity (Keystone) before 2015.1.3 (Kilo) and 8.0.x before 8.0.2 (Liberty) and keystonemiddleware (formerly python-keystoneclient) before 1.5.4 (Kilo) and Liberty b… | |||
| CVE-2015-7539 | high | 7.5 | 7.5 | 11y ago | Jenkins does not Verify Checksums for Plugin Files | |||
| CVE-2015-8265 | high | 7.5 | 7.5 | 11y ago | Huawei Mobile WiFi E5151 routers with software before E5151s-2TCPU-V200R001B146D27SP00C00 and E5186 routers with software before V200R001B310D01SP00C00 allow DNS query packets using the static source… | |||
| CVE-2015-8773 | high | 7.5 | 7.5 | 11y ago | Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total Protection allows attackers to cause a denial of service (system crash) via a long vault GUID in an ioctl … | |||
| CVE-2015-8770 | high | 7.5 | 7.5 | 11y ago | Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain pe… | |||
| CVE-2015-7464 | high | 7.5 | 7.5 | 11y ago | Report Builder in IBM Jazz Reporting Service (JRS) 5.x before 5.0.2-Rational-CLM-ifix011 and 6.0 before 6.0.0-Rational-CLM-ifix005 allows remote attackers to cause a denial of service (Report Builder… | |||
| CVE-2015-6421 | high | 7.5 | 7.5 | 11y ago | cifs-ao in the CIFS optimization functionality on Cisco Wide Area Application Service (WAAS) and Virtual WAAS (vWAAS) devices 5.x before 5.3.5d and 5.4 and 5.5 before 5.5.3 allows remote attackers to… | |||
| CVE-2015-8618 | high | 7.5 | 7.5 | 11y ago | Incorrect calculation affecting RSA computations in math/big | |||
| CVE-2015-7581 | high | 7.5 | 7.5 | 11y ago | actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in Ruby on Rails 4.x before 4.2.5.1 and 5.x before 5.0.0.beta1.1 allows remote attackers to cause a denial of service (superfluous c… | |||
| CVE-2015-6925 | high | 7.5 | 7.5 | 11y ago | wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. | |||
| CVE-2015-5516 | high | 7.5 | 7.5 | 11y ago | Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x b… | |||
| CVE-2015-6833 | high | 7.5 | 7.5 | 11y ago | Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. (dot dot) in a … |