CVE Daily
← All years

All CVEs — 2015

Page 4/32.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2015-11-20
Medium

CVE-2015-7771

Cross-site scripting (XSS) vulnerability in the runtime engine in the Newphoria applican framework before 1.13.0 for Android and iOS allows remote attackers to inject arbitrary web script or HTML via…

CVSS: 4.3 CWE: CWE-79
Read more
2015-11-19
High

CVE-2015-8083

An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V200R003C00SPC300 does not properly initialize memory when processing timeout…

CVSS: 7.8 CWE: CWE-119
Read more
Medium

CVE-2015-7984

Multiple cross-site request forgery (CSRF) vulnerabilities in Horde before 5.2.8, Horde Groupware before 5.2.11, and Horde Groupware Webmail Edition before 5.2.11 allow remote attackers to hijack the…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2015-7845

The exception handling mechanism in the CLI Module in Huawei eSpace U1910, U1911, U1930, U1960, U1980, and U1981 unified gateways with software before V100R001C20SPH605 allows remote attackers to cau…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2015-7385

Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard before 2.0.0-rev11 allows remote attackers to inject arbitrary web script or HTML via the uid field in a PGP public key, which is not…

CVSS: 4.3 CWE: CWE-79
Read more
Low

CVE-2015-0794

modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.

CVSS: 3.6 CWE: CWE-59
Read more
Medium

CVE-2014-9756

The psf_fwrite function in file_io.c in libsndfile allows attackers to cause a denial of service (divide-by-zero error and application crash) via unspecified vectors related to the headindex variable.

CVSS: 5.0 CWE: CWE-369
Read more
High

CVE-2015-7910

Exemys Telemetry Web Server relies on an HTTP Location header to indicate that a client is unauthorized, which allows remote attackers to bypass intended access restrictions by disregarding this head…

CVSS: 7.8 CWE: CWE-200
Read more
Medium

CVE-2015-6374

The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2015-6371

Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote authenticated users to read arbitrary files via crafted parameters to unspecified scripts, aka Bug ID CS…

CVSS: 4.0 CWE: CWE-200
Read more
High

CVE-2015-6370

The Management I/O (MIO) component in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows local users to execute arbitrary OS commands as root via crafted CLI inpu…

CVSS: 7.2 CWE: CWE-78
Read more
Medium

CVE-2015-6369

The USB driver in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows physically proximate attackers to cause a denial of service via a crafted USB device that tri…

CVSS: 4.9 CWE: CWE-20
Read more
Medium

CVE-2015-6368

Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to read files via a crafted HTTP request, aka Bug ID CSCux10608.

CVSS: 5.0 CWE: CWE-200
Read more
2015-11-18
Medium

CVE-2015-8090

The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows remote authenticated users to gain privileges, and consequently obtain sensitive information, via an HTTP request.

CVSS: 4.0 CWE: CWE-200
Read more
Medium

CVE-2015-8053

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a diffe…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2015-8052

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 18 and 11 before Update 7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a diffe…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2015-5255

Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before Update 7 and LiveCycle Data Services 3.0.x before 3.0.0.354175, 3.1.x before 3.1.0.354180, 4.5.x before 4.5.1.354177, 4.6.2.x be…

CVSS: 4.3 CWE: CWE-20
Read more
Medium

CVE-2015-8023

The server implementation of the EAP-MSCHAPv2 protocol in the eap-mschapv2 plugin in strongSwan 4.2.12 through 5.x before 5.3.4 does not properly validate local state, which allows remote attackers t…

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2015-7942

The xmlParseConditionalSections function in parser.c in libxml2 does not properly skip intermediary entities when it stops parsing invalid input, which allows context-dependent attackers to cause a d…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2015-7941

libxml2 2.9.2 does not properly stop parsing invalid input, which allows context-dependent attackers to cause a denial of service (out-of-bounds read and libxml2 crash) via crafted XML data to the (1…

CVSS: 4.3 CWE: CWE-119
Read more
Medium

CVE-2015-5999

Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Link DIR-816L Wireless Router with firmware before 2.06.B09_BETA allow remote attackers to hijack the authentication of administrat…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2015-6373

Cross-site request forgery (CSRF) vulnerability in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to hijack the authentication of arbitrary u…

CVSS: 6.8 CWE: CWE-352
Read more
Medium

CVE-2015-6372

Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices allows remote attackers to inject ar…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2015-4852

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protoc…

CVSS: 9.8 CWE: CWE-502
Read more
Low

CVE-2015-6847

The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 stores cleartext NAVISPHERE GUI passwords in a log file, which allows local users to obtain sensitive information by reading this…

CVSS: 2.1 CWE: CWE-200
Read more
Medium

CVE-2015-6357

The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 through 5.4.0.1 does not verify the X.509 certificate of the support.sourcefire.com SSL server, which allows man-in-the-middle at…

CVSS: 6.8 CWE: CWE-20
Read more
Medium

CVE-2015-6330

Cross-site request forgery (CSRF) vulnerability in Cisco Prime Collaboration Assurance 10.5(1) and 10.6 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCus62712.

CVSS: 6.8 CWE: CWE-352
Read more
2015-11-17
Low

CVE-2015-8233

Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x before 7.x-1.4 and 7.x-2.x before 7.x-2.6 for Drupal allows remote administrators with the "Administer themes" permission to inject…

CVSS: 2.6 CWE: CWE-79
Read more
Medium

CVE-2015-8232

The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not properly check access to profiles in certain circumstances, which might allow remote attackers to obtain sensitive information from th…

CVSS: 4.3 CWE: CWE-200
Read more
Critical

CVE-2015-8221

Integer overflow in Google Picasa before 3.9.140 Build 259 allows remote attackers to execute arbitrary code via the CAMF section in a FOVb image, which triggers a heap-based buffer overflow.

CVSS: 10.0 CWE: CWE-119
Read more
High

CVE-2015-8220

Stack-based buffer overflow in the URI handler in DWRCC.exe in SolarWinds DameWare Mini Remote Control before 12.0 HotFix 1 allows remote attackers to execute arbitrary code via a crafted commandline…

CVSS: 7.5 CWE: CWE-119
Read more
Medium

CVE-2015-7998

The administration UI in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler…

CVSS: 5.0 CWE: CWE-200
Read more
Medium

CVE-2015-7997

Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11,…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2015-7996

The Nitro API in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 133.9, 10.5 before Build 58.11, and 10.5.e before Build 56.1505.e on NetScaler Service…

CVSS: 5.0 CWE: CWE-200
Read more
Critical

CVE-2015-7805

Heap-based buffer overflow in libsndfile 1.0.25 allows remote attackers to have unspecified impact via the headindex value in the header in an AIFF file.

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2015-5311

PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets.

CVSS: 5.0 CWE: CWE-20
Read more
Medium

CVE-2015-5276

The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent…

CVSS: 5.0 CWE: CWE-200
Read more
High

CVE-2015-8219

The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before 2.8.2 does not enforce minimum-value and maximum-value constraints on tile coordinates, which allows remote attackers to cause a de…

CVSS: 7.5 CWE: CWE-20
Read more
Medium

CVE-2015-8218

The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg before 2.8.2 does not validate uncompressed runs, which allows remote attackers to cause a denial of service (out-of-bounds array a…

CVSS: 6.8 CWE: CWE-20
Read more
High

CVE-2015-8217

The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg before 2.8.2 does not validate the Chroma Format Indicator, which allows remote attackers to cause a denial of service (out-of-bounds…

CVSS: 7.5 CWE: CWE-20
Read more
2015-11-16
Medium

CVE-2015-8215

net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packe…

CVSS: 5.0 CWE: CWE-20
Read more
Low

CVE-2015-2924

The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit sett…

CVSS: 3.3 CWE: CWE-20
Read more
High

CVE-2015-7897

The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial o…

CVSS: 7.5 CWE: CWE-119
Read more
High

CVE-2015-7815

Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.

CVSS: 7.5 CWE: CWE-22
Read more
Low

CVE-2015-7872

The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.

CVSS: 2.1 CWE: CWE-20
Read more
Medium

CVE-2015-7312

Multiple race conditions in the Advanced Union Filesystem (aufs) aufs3-mmap.patch and aufs4-mmap.patch patches for the Linux kernel 3.x and 4.x allow local users to cause a denial of service (use-aft…

CVSS: 4.4 CWE: CWE-362
Read more
2015-11-15
Medium

CVE-2015-7830

The pcapng_read_if_descr_block function in wiretap/pcapng.c in the pcapng parser in Wireshark 1.12.x before 1.12.8 uses too many levels of pointer indirection, which allows remote attackers to cause…

CVSS: 4.3 CWE: CWE-20
Read more
High

CVE-2015-3977

Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before 1.500.004 for the HART Protocol allows remote authenticated users to execute arbitrary code or cause a denial of service (memory c…

CVSS: 7.7 CWE: CWE-119
Read more
2015-11-14
Medium

CVE-2015-7774

PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows remote authenticated users to execute arbitrary OS commands by leveraging the editor role.

CVSS: 6.5 CWE: CWE-78
Read more
Medium

CVE-2015-7427

IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, 6.0.1.x before 6.0.1.17, 7.x before 7.0.0.10, 7.1.0.x before 7.1.0.7, and 7.2.x before 7.2.0.1 do not set the secure flag for unspe…

CVSS: 5.0 CWE: CWE-200
Read more
Low

CVE-2015-7404

IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.…

CVSS: 1.9 CWE: CWE-200
Read more
Medium

CVE-2015-6365

Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs supersede virtual PPP interface ACLs, which allows remote authenticated users to bypass intended network-traffic restrictions in opportu…

CVSS: 4.0 CWE: CWE-20
Read more
Medium

CVE-2015-6364

Cisco Content Delivery System Manager Software 3.2 on Videoscape Distribution Suite Service Manager allows remote attackers to obtain sensitive information via crafted URLs in REST API requests, aka…

CVSS: 5.0 CWE: CWE-200
Read more
2015-11-13
High

CVE-2015-8126

Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64, 1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x…

CVSS: 7.5 CWE: CWE-120
Read more
High

CVE-2015-7905

Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to execute unspecified code via unknown vectors.

CVSS: 7.5 CWE: CWE-94
Read more
Medium

CVE-2015-6478

Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict access to ActiveX controls, which allows remote attackers to have an unspecified impact via a crafted web site.

CVSS: 6.8 CWE: CWE-284
Read more
Medium

CVE-2015-6366

Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs supersede tunnel-interface ACLs, which allows remote attackers to bypass intended network-traffic restrictions in opportunistic circums…

CVSS: 5.0 CWE: CWE-284
Read more
High

CVE-2015-2698

The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) 1.14 pre-release 2015-09-14 improperly accesses a certain pointer, which allows remote authenticate…

CVSS: 8.5 CWE: CWE-119
Read more
2015-11-12
High

CVE-2015-7820

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privilege…

CVSS: 7.1 CWE: CWE-362
Read more
High

CVE-2015-7817

Race condition in the administration-panel web service in IBM System Networking Switch Center (SNSC) before 7.3.1.5 and Lenovo Switch Center before 8.1.2.0 allows remote attackers to obtain privilege…

CVSS: 7.1 CWE: CWE-362
Read more
High

CVE-2015-6555

Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary Java code by connecting to the console Java port.

CVSS: 8.5 CWE: CWE-94
Read more
High

CVE-2015-6554

Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 allows remote attackers to execute arbitrary OS commands via crafted data.

CVSS: 7.5 CWE: CWE-78
Read more
Low

CVE-2015-6363

Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco FireSIGHT Management Center (MC) 5.4.1.4 and 6.0.1 allow remote authenticated users to inject arbitrary web script or…

CVSS: 3.5 CWE: CWE-79
Read more
Medium

CVE-2015-5441

Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight Management Center before 2.1 and ArcSight Logger before 6.1 allow remote attackers to inject arbitrary web script or HTML via unspec…

CVSS: 4.3 CWE: CWE-79
Read more
2015-11-11
Medium

CVE-2015-6123

Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mis…

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2015-6115

Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass."

CVSS: 4.3 CWE: CWE-200
Read more
Medium

CVE-2015-6112

SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required ext…

CVSS: 5.8 CWE: CWE-20
Read more
Low

CVE-2015-6109

The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driv…

CVSS: 2.1 CWE: CWE-200
Read more
Critical

CVE-2015-6104

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2015-6103

The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and…

CVSS: 9.3 CWE: CWE-20
Read more
Low

CVE-2015-6102

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and…

CVSS: 2.1 CWE: CWE-200
Read more
Medium

CVE-2015-6099

Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka "…

CVSS: 4.3 CWE: CWE-79
Read more
High

CVE-2015-6098

Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privile…

CVSS: 7.2 CWE: CWE-119
Read more
Critical

CVE-2015-6097

Heap-based buffer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted Jou…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2015-6096

The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction wit…

CVSS: 4.3 CWE: CWE-200
Read more
Critical

CVE-2015-6094

Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arb…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6093

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Office…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6092

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code vi…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6091

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Word Viewer allow remote attackers to execute arbitrary code via a crafted Office document, ak…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6089

The Microsoft (1) VBScript and (2) JScript engines, as used in Internet Explorer 8 through 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2015-6088

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass."

CVSS: 4.3 CWE: CWE-200
Read more
Critical

CVE-2015-6087

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2015-6086

Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerabilit…

CVSS: 4.3 CWE: CWE-200
Read more
Critical

CVE-2015-6085

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6084

Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corrupti…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6082

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6081

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6080

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6079

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6078

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6077

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6076

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6075

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6074

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6073

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6072

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6071

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6070

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6069

Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6068

Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6066

Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6065

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-6064

Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Brows…

CVSS: 9.3 CWE: CWE-119
Read more
Medium

CVE-2015-6061

Cross-site scripting (XSS) vulnerability in Microsoft Skype for Business 2016, Lync 2010 and 2013 SP1, Lync 2010 Attendee, and Lync Room System allows remote attackers to inject arbitrary web script…

CVSS: 4.3 CWE: CWE-79
Read more
Critical

CVE-2015-6038

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, and Excel Services on Sha…

CVSS: 9.3 CWE: CWE-119
Read more
Critical

CVE-2015-2427

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne…

CVSS: 9.3 CWE: CWE-119
Read more
High

CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended em…

CVSS: 7.5 CWE: CWE-20
Read more
2015-11-10
Low

CVE-2015-8105

Cross-site scripting (XSS) vulnerability in program/js/app.js in Roundcube webmail before 1.0.7 and 1.1.x before 1.1.3 allows remote authenticated users to inject arbitrary web script or HTML via the…

CVSS: 3.5 CWE: CWE-79
Read more
High

CVE-2015-7994

The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "SQL Login," aka SAP Security Note 2197428.

CVSS: 7.5 CWE: CWE-20
Read more
High

CVE-2015-7993

The Extended Application Services (aka XS or XS Engine) in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to execute arbitrary code via unspecified vectors related to "HTTP Logi…

CVSS: 7.5 CWE: CWE-20
Read more
Medium

CVE-2015-7992

SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to cause a denial of service (memory corruption and indexserver crash) via unspecified vectors to the EXECUTE_SEARCH_RUL…

CVSS: 4.0 CWE: CWE-119
Read more
Medium

CVE-2015-7991

The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers to read web dispatcher and security trace files and possibly obtain passwords via unspecified vector…

CVSS: 5.0 CWE: CWE-200
Read more
Critical

CVE-2015-7828

SAP HANA Database 1.00 SPS10 and earlier do not require authentication, which allows remote attackers to execute arbitrary code or have unspecified other impact via a TrexNet packet to the (1) fcopyd…

CVSS: 10.0 CWE: CWE-20
Read more
Medium

CVE-2015-5214

LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary co…

CVSS: 6.8 CWE: CWE-119
Read more
Medium

CVE-2015-5212

Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2, when the configuration setting "Load printer settings with the document" is enabled, allows remote attackers to cause…

CVSS: 6.8 CWE: CWE-191
Read more
Medium

CVE-2015-4551

LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the stored LinkUpdateMode configuration information in OpenDocument Format files and templates when handling links, which might allow…

CVSS: 4.3 CWE: CWE-200
Read more
Low

CVE-2015-8100

The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for snmpd.conf, which allows local users to obtain sensitive community information by reading this file.

CVSS: 2.1 CWE: CWE-200
Read more
2015-11-09
Medium

CVE-2015-8007

The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demon…

CVSS: 4.0 CWE: CWE-200
Read more
Medium

CVE-2015-8006

Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in the PageTriage extension for MediWiki allows remote attackers to inject arbitrary web script or HTML via the page title.

CVSS: 4.3 CWE: CWE-79
Read more
Medium

CVE-2015-8005

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 uses the thumbnail ImageMagick command line argument, which allows remote attackers to obtain the installation path by reading…

CVSS: 5.0 CWE: CWE-200
Read more