CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5551 CVE-2015-5094 119 DoS Exec Code Overflow Mem. Corr. 2015-07-15 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5087, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115.
5552 CVE-2015-5093 119 Exec Code Overflow 2015-07-15 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.
5553 CVE-2015-5087 119 DoS Exec Code Overflow Mem. Corr. 2015-07-15 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3095, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, and CVE-2015-5115.
5554 CVE-2015-5086 254 Bypass 2015-07-15 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, and CVE-2015-5085.
5555 CVE-2015-5085 254 Bypass 2015-07-15 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, and CVE-2015-5086.
5556 CVE-2015-5082 77 Exec Code 2015-09-28 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi.
5557 CVE-2015-5080 77 Exec Code 2015-07-16 2016-12-07
9.0
None Remote Low Single system Complete Complete Complete
The Management Interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.1 before 10.1.132.8, 10.5 before Build 56.15, and 10.5.e before Build 56.1505.e allows remote authenticated users to execute arbitrary shell commands via shell metacharacters in the filter parameter to rapi/ipsec_logs.
5558 CVE-2015-5053 284 DoS +Priv 2015-11-24 2015-11-25
10.0
None Remote Low Not required Complete Complete Complete
The host memory mapping path feature in the NVIDIA GPU graphics driver R346 before 346.87 and R352 before 352.41 for Linux and R352 before 352.46 for GRID vGPU and vSGA does not properly restrict access to third-party device IO memory, which allows attackers to gain privileges, cause a denial of service (resource consumption), or possibly have unspecified other impact via unknown vectors related to the follow_pfn kernel-mode API call.
5559 CVE-2015-5014 20 2015-10-25 2015-10-26
9.3
None Remote Medium Not required Complete Complete Complete
IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 IF10 allows man-in-the-middle attackers to obtain access by spoofing an executable file during a client upload operation.
5560 CVE-2015-4947 119 Exec Code Overflow 2015-09-15 2016-12-21
9.0
None Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the Administration Server in IBM HTTP Server 6.1.0.x through 6.1.0.47, 7.0.0.x before 7.0.0.39, 8.0.0.x before 8.0.0.12, and 8.5.x before 8.5.5.7, as used in WebSphere Application Server and other products, allows remote authenticated users to execute arbitrary code via unspecified vectors.
5561 CVE-2015-4935 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4934.
5562 CVE-2015-4934 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, and CVE-2015-4935.
5563 CVE-2015-4933 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4934, and CVE-2015-4935.
5564 CVE-2015-4932 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935.
5565 CVE-2015-4931 119 Exec Code Overflow 2015-08-03 2016-12-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4932, CVE-2015-4933, CVE-2015-4934, and CVE-2015-4935.
5566 CVE-2015-4930 77 Exec Code 2015-10-03 2016-11-28
9.0
None Remote Low Single system Complete Complete Complete
IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges by leveraging admin access.
5567 CVE-2015-4915 2015-10-21 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Management.
5568 CVE-2015-4901 2015-10-21 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX.
5569 CVE-2015-4883 2015-10-21 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4860.
5570 CVE-2015-4881 2015-10-21 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4835.
5571 CVE-2015-4863 2015-10-21 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
5572 CVE-2015-4860 2015-10-21 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI, a different vulnerability than CVE-2015-4883.
5573 CVE-2015-4844 2015-10-21 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
5574 CVE-2015-4843 2015-10-21 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
5575 CVE-2015-4839 2015-10-21 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4798.
5576 CVE-2015-4835 2015-10-21 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA, a different vulnerability than CVE-2015-4881.
5577 CVE-2015-4821 2015-10-21 2016-12-23
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web.
5578 CVE-2015-4805 2015-10-21 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Serialization.
5579 CVE-2015-4798 2015-10-21 2016-12-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4839.
5580 CVE-2015-4796 2015-10-21 2016-12-23
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4888.
5581 CVE-2015-4794 2015-10-21 2016-12-23
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
5582 CVE-2015-4760 2015-07-16 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
5583 CVE-2015-4736 2015-07-16 2018-01-04
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
5584 CVE-2015-4733 2015-07-16 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
5585 CVE-2015-4732 2015-07-16 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and Java SE Embedded 7u75 and 8u33 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2015-2590.
5586 CVE-2015-4731 2015-07-16 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java SE Embedded 7u75; and Java SE Embedded 8u33 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JMX.
5587 CVE-2015-4718 78 Exec Code 2015-10-21 2015-10-22
9.0
None Remote Low Single system Complete Complete Complete
The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 allows remote authenticated users to execute arbitrary SMB commands via a ; (semicolon) character in a file.
5588 CVE-2015-4716 22 Exec Code Dir. Trav. 2015-10-21 2016-12-07
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the routing component in ownCloud Server before 7.0.6 and 8.0.x before 8.0.4, when running on Windows, allows remote attackers to reinstall the application or execute arbitrary code via unspecified vectors.
5589 CVE-2015-4674 345 Exec Code 2015-08-06 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows relies on unsigned installer files that are retrieved without use of SSL, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.
5590 CVE-2015-4650 264 Exec Code +Priv 2017-10-16 2017-11-01
10.0
None Remote Low Not required Complete Complete Complete
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors.
5591 CVE-2015-4649 284 +Priv 2017-08-29 2017-08-31
9.0
None Remote Low Single system Complete Complete Complete
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than CVE-2015-3654.
5592 CVE-2015-4642 78 Exec Code 2016-05-16 2017-09-21
10.0
None Remote Low Not required Complete Complete Complete
The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 on Windows allows remote attackers to execute arbitrary OS commands via a crafted string to an application that accepts command-line arguments for a call to the PHP system function.
5593 CVE-2015-4603 Exec Code 2016-05-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
5594 CVE-2015-4602 DoS Exec Code 2016-05-16 2019-04-22
10.0
None Remote Low Not required Complete Complete Complete
The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
5595 CVE-2015-4601 DoS Exec Code 2016-05-16 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
PHP before 5.6.7 might allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in (1) ext/soap/php_encoding.c, (2) ext/soap/php_http.c, and (3) ext/soap/soap.c, a different issue than CVE-2015-4600.
5596 CVE-2015-4600 DoS Exec Code 2016-05-16 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an unexpected data type, related to "type confusion" issues in the (1) SoapClient::__getLastRequest, (2) SoapClient::__getLastResponse, (3) SoapClient::__getLastRequestHeaders, (4) SoapClient::__getLastResponseHeaders, (5) SoapClient::__getCookies, and (6) SoapClient::__setCookie methods.
5597 CVE-2015-4599 DoS Exec Code +Info 2016-05-16 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information, cause a denial of service (application crash), or possibly execute arbitrary code via an unexpected data type, related to a "type confusion" issue.
5598 CVE-2015-4545 264 Bypass 2015-12-21 2016-11-28
9.0
Admin Remote Low Single system Complete Complete Complete
EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 before 7.2.1.1 allows remote authenticated administrators to bypass a SmartLock root-login restriction by creating a root account and establishing a login session.
5599 CVE-2015-4544 264 2015-09-03 2016-12-21
9.0
None Remote Low Single system Complete Complete Complete
EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 does not properly verify authorization for dm_job object access, which allows remote authenticated users to obtain superuser privileges via crafted object operations. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-4626.
5600 CVE-2015-4534 20 Exec Code 2015-08-20 2017-09-20
9.0
None Remote Low Single system Complete Complete Complete
Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02 allows remote authenticated users to execute arbitrary code by forging a signature for a query string that lacks the method_verb parameter.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.