CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0782 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the ScheduleQuery method of the schedule class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via unspecifi… | |||
| CVE-2015-0781 | critical | 9.8 | 9.8 | 9y ago | Directory traversal vulnerability in the doPost method of the Rtrlet class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to upload and execute arbitrary files via unspecif… | |||
| CVE-2015-0780 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the GetReRequestData method of the GetStoredResult class in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary SQL commands via… | |||
| CVE-2015-6941 | critical | 9.8 | 9.8 | 9y ago | win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs. | |||
| CVE-2015-7853 | critical | 9.8 | 9.8 | 9y ago | The datalen parameter in the refclock driver in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a negative… | |||
| CVE-2015-7705 | critical | 9.8 | 9.8 | 9y ago | The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 allows remote attackers to have unspecified impact via a large number of crafted requests. | |||
| CVE-2015-5244 | critical | 9.8 | 9.8 | 9y ago | The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. | |||
| CVE-2015-9107 | critical | 9.8 | 9.8 | 9y ago | Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption algorithm to protect the credential used to access the monitored devices. The implemented algorithm doesn't use a per-system key o… | |||
| CVE-2015-2560 | critical | 9.8 | 9.8 | 9y ago | Manage Engine Desktop Central 9 before build 90135 allows remote attackers to change passwords of users with the Administrator role via an addOrModifyUser operation to servlets/DCOperationsServlet. | |||
| CVE-2015-1174 | critical | 9.8 | 9.8 | 9y ago | Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 and earlier allows remote attackers to hijack web sessions via a session id. | |||
| CVE-2015-3278 | critical | 9.8 | 9.8 | 9y ago | The cipherstring parsing code in nss_compat_ossl while in multi-keyword mode does not match the expected set of ciphers for a given cipher combination, which allows attackers to have unspecified impa… | |||
| CVE-2015-8009 | critical | 9.8 | 9.8 | 9y ago | The MWOAuthDataStore::lookup_token function in Extension:OAuth for MediaWiki 1.25.x before 1.25.3, 1.24.x before 1.24.4, and before 1.23.11 does not properly validate the signature when checking the … | |||
| CVE-2015-3886 | critical | 9.8 | 9.8 | 9y ago | libinfinity before 0.6.6-1 does not validate expired SSL certificates, which allows remote attackers to have unspecified impact via unknown vectors. | |||
| CVE-2015-1778 | critical | 9.8 | 9.8 | 9y ago | Opendaylight will authenticate any username and password combination | |||
| CVE-2015-7326 | critical | 9.8 | 9.8 | 9y ago | XML External Entity (XXE) vulnerability in Milton Webdav before 2.7.0.3. | |||
| CVE-2015-5473 | critical | 9.8 | 9.8 | 9y ago | Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addD… | |||
| CVE-2015-9059 | critical | 9.8 | 9.8 | 9y ago | picocom before 2.0 has a command injection vulnerability in the 'send and receive file' command because the command line is executed by /bin/sh unsafely. | |||
| CVE-2015-8271 | critical | 9.8 | 9.8 | 9y ago | The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote RTMP Media servers to execute arbitrary code. | |||
| CVE-2015-6674 | critical | 9.8 | 9.8 | 9y ago | Buffer underflow vulnerability in the Debian inspircd package before 2.0.5-1+deb7u1 for wheezy and before 2.0.16-1 for jessie and sid. NOTE: This issue exists as an additional issue from an incomplet… | |||
| CVE-2015-7826 | critical | 9.8 | 9.8 | 9y ago | botan 1.11.x before 1.11.22 improperly handles wildcard matching against hostnames, which might allow remote attackers to have unspecified impact via a valid X.509 certificate, as demonstrated by acc… | |||
| CVE-2015-7292 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the havok_write function in drivers/staging/havok/havok.c in Amazon Fire OS before 2016-01-15 allows attackers to cause a denial of service (panic) or possibly have uns… | |||
| CVE-2015-7273 | critical | 9.8 | 9.8 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has XXE. | |||
| CVE-2015-7272 | critical | 9.8 | 9.8 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 before 2.21.21.21 allows attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via … | |||
| CVE-2015-7271 | critical | 9.8 | 9.8 | 9y ago | Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 has a format string issue in racadm getsystinfo. | |||
| CVE-2015-7264 | critical | 9.8 | 9.8 | 9y ago | The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a certain field to two bytes, which allows hijacking and injection attacks. | |||
| CVE-2015-2888 | critical | 9.8 | 9.8 | 9y ago | Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass authentication, related to the MySnapCam web service. | |||
| CVE-2015-2887 | critical | 9.8 | 9.8 | 9y ago | iBaby M3S has a password of admin for the backdoor admin account. | |||
| CVE-2015-2885 | critical | 9.8 | 9.8 | 9y ago | Lens Peek-a-View has a password of 2601hx for the backdoor admin account, a password of user for the backdoor user account, and a password of guest for the backdoor guest account. | |||
| CVE-2015-2882 | critical | 9.8 | 9.8 | 9y ago | Philips In.Sight B120/37 has a password of b120root for the backdoor root account, a password of /ADMIN/ for the backdoor admin account, a password of merlin for the backdoor mg3500 account, a passwo… | |||
| CVE-2015-2881 | critical | 9.8 | 9.8 | 9y ago | Gynoii has a password of guest for the backdoor guest account and a password of 12345 for the backdoor admin account. | |||
| CVE-2015-8965 | critical | 9.8 | 9.8 | 9y ago | Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows remote attackers to execute arbitrary Java code that exists in the classpath, such as test code or administration code. The issue e… | |||
| CVE-2015-8626 | critical | 9.8 | 9.8 | 9y ago | The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which ma… | |||
| CVE-2015-5729 | critical | 9.8 | 9.8 | 9y ago | The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain … | |||
| CVE-2015-4166 | critical | 9.8 | 9.8 | 9y ago | Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key. | |||
| CVE-2015-0855 | critical | 9.8 | 9.8 | 9y ago | The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path. | |||
| CVE-2015-8954 | critical | 9.8 | 9.8 | 9y ago | The MemcmpLowercase function in Suricata before 2.0.6 improperly excludes the first byte from comparisons, which might allow remote attackers to bypass intrusion-prevention functionality via a crafte… | |||
| CVE-2015-8981 | critical | 9.8 | 9.8 | 9y ago | Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors related to m_offsets.size. | |||
| CVE-2015-8771 | critical | 9.8 | 9.8 | 9y ago | The generate_smb_nt_hash function in include/functions.inc in GOsa allows remote attackers to execute arbitrary commands via a crafted password. | |||
| CVE-2015-8768 | critical | 9.8 | 9.8 | 9y ago | click/install.py in click does not require files in package filesystem tarballs to start with ./ (dot slash), which allows remote attackers to install an alternate security policy and gain privileges… | |||
| CVE-2015-8608 | critical | 9.8 | 9.8 | 9y ago | The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive lette… | |||
| CVE-2015-8972 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large inp… | |||
| CVE-2015-8212 | critical | 9.8 | 9.8 | 10y ago | CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows remote attackers to execute arbitrary code via crafted arguments, which are handled by a non-CGI aware pr… | |||
| CVE-2015-3188 | critical | 9.8 | 9.8 | 10y ago | Apache Storm remote code execution vulnerability | |||
| CVE-2015-2868 | critical | 9.8 | 9.8 | 10y ago | An exploitable remote code execution vulnerability exists in the Trane ComfortLink II firmware version 2.0.2 in DSS service. An attacker who can connect to the DSS service on the Trane ComfortLink II… | |||
| CVE-2015-2867 | critical | 9.8 | 9.8 | 10y ago | A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 service allows remote attackers to take complete control of the system. | |||
| CVE-2015-3210 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)… | |||
| CVE-2015-1000011 | critical | 9.8 | 9.8 | 10y ago | Blind SQL Injection in wordpress plugin dukapress v2.5.9 | |||
| CVE-2015-1000003 | critical | 9.8 | 9.8 | 10y ago | Blind SQL Injection in filedownload v1.4 wordpress plugin | |||
| CVE-2015-1000001 | critical | 9.8 | 9.8 | 10y ago | Remote file upload vulnerability in fast-image-adder v1.1 Wordpress plugin | |||
| CVE-2015-1000000 | critical | 9.8 | 9.8 | 10y ago | Remote file upload vulnerability in mailcwp v1.99 wordpress plugin | |||
| CVE-2015-8871 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the opj_j2k_write_mco function in j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have unspecified impact via unknown vectors. | |||
| CVE-2015-5721 | critical | 9.8 | 9.8 | 10y ago | Malware Information Sharing Platform (MISP) before 2.3.90 allows remote attackers to conduct PHP object injection attacks via crafted serialized data, related to TemplatesController.php and populate_… | |||
| CVE-2015-5719 | critical | 9.8 | 9.8 | 10y ago | app/Controller/TemplatesController.php in Malware Information Sharing Platform (MISP) before 2.3.92 does not properly restrict filenames under the tmp/files/ directory, which has unspecified impact a… | |||
| CVE-2015-8949 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login. | |||
| CVE-2015-0573 | critical | 9.8 | 9.8 | 10y ago | drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows at… | |||
| CVE-2015-7029 | critical | 9.8 | 9.8 | 10y ago | Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before 7.7.7 misparses DNS data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) vi… | |||
| CVE-2015-7988 | critical | 9.8 | 9.8 | 10y ago | The handle_regservice_request function in mDNSResponder before 625.41.2 allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via unspecified vecto… | |||
| CVE-2015-7987 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in mDNSResponder before 625.41.2 allow remote attackers to read or write to out-of-bounds memory locations via vectors involving the (1) GetValueForIPv4Addr, (2) GetValueFor… | |||
| CVE-2015-7695 | critical | 9.8 | 9.8 | 10y ago | Zend Framework SQL injection vector using null byte for PDO | |||
| CVE-2015-8880 | critical | 9.8 | 9.8 | 10y ago | Double free vulnerability in the format printer in PHP 7.x before 7.0.1 allows remote attackers to have an unspecified impact by triggering an error. | |||
| CVE-2015-8876 | critical | 9.8 | 9.8 | 10y ago | Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows remote attackers to cause a denial of service (NULL… | |||
| CVE-2015-8835 | critical | 9.8 | 9.8 | 10y ago | The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not properly retrieve keys, which allows remote attackers to cause a… | |||
| CVE-2015-5589 | critical | 9.8 | 9.8 | 10y ago | The phar_convert_to_other function in ext/phar/phar_object.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 does not validate a file pointer before a close operation, which allows… | |||
| CVE-2015-4643 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply t… | |||
| CVE-2015-4642 | critical | 9.8 | 9.8 | 10y ago | The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted… | |||
| CVE-2015-4603 | critical | 9.8 | 9.8 | 10y ago | The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpecte… | |||
| CVE-2015-4602 | critical | 9.8 | 9.8 | 10y ago | The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (applicat… | |||
| CVE-2015-4601 | critical | 9.8 | 9.8 | 10y ago | PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1… | |||
| CVE-2015-4600 | critical | 9.8 | 9.8 | 10y ago | The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary … | |||
| CVE-2015-4599 | critical | 9.8 | 9.8 | 10y ago | The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of servic… | |||
| CVE-2015-4116 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a f… | |||
| CVE-2015-6552 | critical | 9.8 | 9.8 | 10y ago | The management-services protocol implementation in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.… | |||
| CVE-2015-6550 | critical | 9.8 | 9.8 | 10y ago | bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through 7.6.0.4, 7.6.1.x through 7.6.1.2, and 7.7.x before 7.7.2 and NetBackup Appliance through 2.5.4, 2.6.0.x through 2.6.0.4, 2.6.1.x through… | |||
| CVE-2015-8863 | critical | 9.8 | 9.8 | 10y ago | Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow. | |||
| CVE-2015-0857 | critical | 9.8 | 9.8 | 10y ago | Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file. | |||
| CVE-2015-8812 | critical | 9.8 | 9.8 | 10y ago | drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service … | |||
| CVE-2015-8779 | critical | 9.8 | 9.8 | 10y ago | Stack-based buffer overflow in the catopen function in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possib… | |||
| CVE-2015-8778 | critical | 9.8 | 9.8 | 10y ago | Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the s… | |||
| CVE-2015-7545 | critical | 9.8 | 9.8 | 10y ago | The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed prot… | |||
| CVE-2015-8841 | critical | 9.8 | 9.8 | 10y ago | Heap-based buffer overflow in the Archive support module in ESET NOD32 before update 11861 allows remote attackers to execute arbitrary code via a large number of languages in an EPOC installation fi… | |||
| CVE-2015-8833 | critical | 9.8 | 9.8 | 10y ago | Use-after-free vulnerability in the create_smp_dialog function in gtk-dialog.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 4.0.2 for Pidgin allows remote attackers to execute arbit… | |||
| CVE-2015-8710 | critical | 9.8 | 9.8 | 10y ago | The htmlParseComment function in HTMLparser.c in libxml2 allows attackers to obtain sensitive information, cause a denial of service (out-of-bounds heap memory access and application crash), or possi… | |||
| CVE-2015-8522 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability t… | |||
| CVE-2015-8521 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability t… | |||
| CVE-2015-8520 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability t… | |||
| CVE-2015-8519 | critical | 9.8 | 9.8 | 10y ago | Buffer overflow in the server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before 6.1.12.2 allows remote attackers to execute arbitrary code via a crafted command, a different vulnerability t… | |||
| CVE-2015-7261 | critical | 9.8 | 9.8 | 10y ago | The FTP service in QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage Station before 2.0.1, has hardcoded credentials, which makes it easier for remote attackers to obtain access via a… | |||
| CVE-2015-8277 | critical | 9.8 | 9.8 | 10y ago | Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in Flexera FlexNet Publisher before 11.13.1.2 Security Update 1 allow remote attackers to execute arbitrary code via a crafted packet with… | |||
| CVE-2015-8805 | critical | 9.8 | 9.8 | 10y ago | The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allo… | |||
| CVE-2015-8804 | critical | 9.8 | 9.8 | 10y ago | x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-384 NIST elliptic curve, which allows attackers to… | |||
| CVE-2015-8803 | critical | 9.8 | 9.8 | 10y ago | The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not properly handle carry propagation and produces incorrect output in its implementation of the P-256 NIST elliptic curve, which allo… | |||
| CVE-2015-8286 | critical | 9.8 | 9.8 | 10y ago | Zhuhai RaySharp firmware has a hardcoded root password, which makes it easier for remote attackers to obtain access via a session on TCP port 23 or 9000. | |||
| CVE-2015-8360 | critical | 9.8 | 9.8 | 10y ago | An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x before 5.10.0 allows remote attackers to execute arbitrary Java code via serialized data to the JMS port. | |||
| CVE-2015-3252 | critical | 9.8 | 9.8 | 10y ago | Apache CloudStack before 4.5.2 does not properly preserve VNC passwords when migrating KVM virtual machines, which allows remote attackers to gain access by connecting to the VNC server. | |||
| CVE-2015-8787 | critical | 9.8 | 9.8 | 11y ago | The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c in the Linux kernel before 4.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or… | |||
| CVE-2015-7915 | critical | 9.8 | 9.8 | 11y ago | Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network. | |||
| CVE-2015-5344 | critical | 9.8 | 9.8 | 11y ago | Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands | |||
| CVE-2015-6319 | critical | 9.8 | 9.8 | 11y ago | SQL injection vulnerability in the web-based management interface on Cisco RV220W devices allows remote attackers to execute arbitrary SQL commands via a crafted header in an HTTP request, aka Bug ID… | |||
| CVE-2015-8362 | critical | 9.8 | 9.8 | 11y ago | The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access… | |||
| CVE-2015-6435 | critical | 9.8 | 9.8 | 11y ago | An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows r… |