CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6151 CVE-2015-1497 94 2 Exec Code 2015-02-16 2017-09-02
10.0
None Remote Low Not required Complete Complete Complete
radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, 8.1, 9.0, and 9.1 allows remote attackers to execute arbitrary commands via a crafted request to TCP port 3465.
6152 CVE-2015-1474 189 DoS Overflow +Priv Mem. Corr. 2015-02-15 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values.
6153 CVE-2015-1469 264 +Priv 2015-02-03 2015-02-04
9.0
None Remote Low Single system Complete Complete Complete
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP response, a different vulnerability than CVE-2015-0929 and CVE-2015-0930.
6154 CVE-2015-1449 119 Exec Code Overflow 2015-02-02 2015-02-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the integrated web server on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to execute arbitrary code via unspecified vectors.
6155 CVE-2015-1448 264 Bypass 2015-02-02 2015-02-04
10.0
None Remote Low Not required Complete Complete Complete
The integrated management service on Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, WIN52xx devices with firmware before SS4.4.4624.35, WIN70xx devices with firmware before BS4.4.4621.32, and WIN72xx devices with firmware before BS4.4.4621.32 allows remote attackers to bypass authentication and perform administrative actions via unspecified vectors.
6156 CVE-2015-1445 113 2017-08-28 2017-09-07
9.0
None Remote Low Single system Complete Complete Complete
HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30.
6157 CVE-2015-1443 20 Exec Code 2017-08-28 2017-09-06
9.0
None Remote Low Single system Complete Complete Complete
The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allows remote attackers to execute arbitrary code.
6158 CVE-2015-1421 DoS 2015-03-16 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
6159 CVE-2015-1418 200 Exec Code +Info 2018-02-05 2018-04-06
9.3
None Remote Medium Not required Complete Complete Complete
The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch file, because a '!' character can be passed to the ed program.
6160 CVE-2015-1416 264 Exec Code 2018-02-05 2018-03-13
9.3
None Remote Medium Not required Complete Complete Complete
Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow remote attackers to execute arbitrary shell commands via a crafted patch file.
6161 CVE-2015-1329 416 Exec Code 2017-09-20 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in oxide-qt in Ubuntu 15.04 and 14.04 LTS might allow remote attackers to execute arbitrary code.
6162 CVE-2015-1326 20 2019-04-22 2019-04-27
9.3
None Remote Medium Not required Complete Complete Complete
python-dbusmock before version 0.15.1 AddTemplate() D-Bus method call or DBusTestCase.spawn_server_template() method could be tricked into executing malicious code if an attacker supplies a .pyc file.
6163 CVE-2015-1311 94 2015-01-22 2018-12-10
10.0
None Remote Low Not required Complete Complete Complete
The Extended Application Services (XS) in SAP HANA allows remote attackers to inject arbitrary ABAP code via unspecified vectors, aka SAP Note 2098906. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
6164 CVE-2015-1290 119 DoS Exec Code Overflow Mem. Corr. 2018-01-09 2018-02-02
9.3
None Remote Medium Not required Complete Complete Complete
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
6165 CVE-2015-1188 264 2015-05-20 2015-05-21
10.0
None Remote Low Not required Complete Complete Complete
The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors.
6166 CVE-2015-1187 287 Exec Code 2017-09-21 2017-10-05
10.0
None Remote Low Not required Complete Complete Complete
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.
6167 CVE-2015-1171 119 Exec Code Overflow 2015-08-28 2015-08-31
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
6168 CVE-2015-1158 254 2015-06-26 2017-09-22
10.0
None Remote Low Not required Complete Complete Complete
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
6169 CVE-2015-1132 20 +Priv 2015-04-10 2015-09-17
10.0
None Remote Low Not required Complete Complete Complete
fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135.
6170 CVE-2015-1066 189 Exec Code 2015-03-12 2015-09-11
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 allows attackers to execute arbitrary code in a privileged context via a crafted app.
6171 CVE-2015-1061 94 Exec Code 2015-03-12 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and Apple TV before 7.1 allows attackers to execute arbitrary code in a privileged context via a crafted app that leverages "type confusion" during serialized-object handling.
6172 CVE-2015-1007 119 Exec Code Overflow 2019-03-25 2019-04-04
9.3
None Remote Medium Not required Complete Complete Complete
A specially crafted configuration file could be used to cause a stack-based buffer overflow condition in the OPCTest.exe, which may allow remote code execution on Opto 22 PAC Project Professional versions prior to R9.4008, PAC Project Basic versions prior to R9.4008, PAC Display Basic versions prior to R9.4g, PAC Display Professional versions prior to R9.4g, OptoOPCServer version R9.4c and prior that were installed by PAC Project installer, versions prior to R9.4008, and OptoDataLink version R9.4d and prior that were installed by PAC Project installer, versions prior to R9.4008. Opto 22 suggests upgrading to the new product version as soon as possible.
6173 CVE-2015-1006 119 Exec Code Overflow 2019-05-10 2019-05-10
10.0
None Remote Low Not required Complete Complete Complete
A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible.
6174 CVE-2015-1001 119 Exec Code Overflow 2015-10-24 2015-10-26
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka eWebServer) before 2.02 allow remote attackers to execute arbitrary code via a long field in an HTTP request.
6175 CVE-2015-0984 22 Dir. Trav. 2015-03-30 2016-04-06
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the FTP server on Honeywell Excel Web XL1000C50 52 I/O, XL1000C100 104 I/O, XL1000C500 300 I/O, XL1000C1000 600 I/O, XL1000C50U 52 I/O UUKL, XL1000C100U 104 I/O UUKL, XL1000C500U 300 I/O UUKL, and XL1000C1000U 600 I/O UUKL controllers before 2.04.01 allows remote attackers to read files under the web root, and consequently obtain administrative login access, via a crafted pathname.
6176 CVE-2015-0980 20 Exec Code 2015-03-13 2015-03-16
9.0
None Remote Low Not required Partial Partial Complete
Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string specifiers in a request.
6177 CVE-2015-0979 119 Exec Code Overflow 2015-03-13 2015-03-16
9.0
None Remote Low Not required Partial Partial Complete
Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet.
6178 CVE-2015-0977 78 Exec Code 2015-02-26 2015-02-27
10.0
None Remote Low Not required Complete Complete Complete
Network Vision IntraVue before 2.3.0a14 on Windows allows remote attackers to execute arbitrary OS commands via unspecified vectors.
6179 CVE-2015-0932 264 2015-04-04 2015-04-15
10.0
None Remote Low Not required Complete Complete Complete
The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.
6180 CVE-2015-0930 255 2015-02-03 2015-02-04
10.0
None Remote Low Not required Complete Complete Complete
The web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a100 has a hardcoded administrative password, which makes it easier for remote attackers to obtain access via an HTTP session.
6181 CVE-2015-0929 284 Bypass 2015-02-03 2015-02-04
10.0
None Remote Low Not required Complete Complete Complete
time.htm in the web interface on SerVision HVG Video Gateway devices with firmware before 2.2.26a78 allows remote attackers to bypass authentication and obtain administrative access by leveraging a cookie received in an HTTP response.
6182 CVE-2015-0925 94 Exec Code 2015-01-22 2015-01-23
9.0
None Remote Low Single system Complete Complete Complete
The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.
6183 CVE-2015-0857 77 Exec Code 2016-05-06 2016-05-09
10.0
None Remote Low Not required Complete Complete Complete
Cool Projects TarDiff allows remote attackers to execute arbitrary commands via shell metacharacters in the name of a (1) tar file or (2) file within a tar file.
6184 CVE-2015-0855 94 Exec Code 2017-03-23 2017-04-03
10.0
None Remote Low Not required Complete Complete Complete
The _mediaLibraryPlayCb function in mainwindow.py in pitivi before 0.95 allows attackers to execute arbitrary code via shell metacharacters in a file path.
6185 CVE-2015-0854 19 Exec Code 2016-12-29 2017-01-03
9.3
None Remote Medium Not required Complete Complete Complete
App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Show in Folder" action.
6186 CVE-2015-0853 20 Exec Code 2017-09-06 2017-09-11
9.3
None Remote Medium Not required Complete Complete Complete
svn-workbench 1.6.2 and earlier on a system with xeyes installed allows local users to execute arbitrary commands by using the "Command Shell" menu item while in the directory trunk/$(xeyes).
6187 CVE-2015-0850 20 Exec Code 2015-06-02 2015-06-03
10.0
None Remote Low Not required Complete Complete Complete
The Git plugin for FusionForge before 6.0rc4 allows remote attackers to execute arbitrary code via an unspecified parameter when creating a secondary Git repository.
6188 CVE-2015-0786 119 Exec Code Overflow 2017-08-09 2017-08-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecified vectors.
6189 CVE-2015-0779 22 Exec Code Dir. Trav. 2015-06-07 2015-06-08
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
6190 CVE-2015-0721 264 Bypass 2016-10-06 2017-07-29
9.0
None Remote Low Single system Complete Complete Complete
Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492.
6191 CVE-2015-0713 264 Exec Code 2015-05-24 2015-05-26
9.0
Admin Remote Low Single system Complete Complete Complete
The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855.
6192 CVE-2015-0702 434 Exec Code 2015-04-20 2017-01-06
9.0
None Remote Low Single system Complete Complete Complete
Unrestricted file upload vulnerability in the Custom Prompts upload implementation in Cisco Unified MeetingPlace 8.6(1.9) allows remote authenticated users to execute arbitrary code by using the languageShortName parameter to upload a file that provides shell access, aka Bug ID CSCus95712.
6193 CVE-2015-0701 20 Exec Code 2015-05-06 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Cisco UCS Central Software before 1.3(1a) allows remote attackers to execute arbitrary commands via a crafted HTTP request, aka Bug ID CSCut46961.
6194 CVE-2015-0691 78 Exec Code 2015-04-16 2017-01-06
9.3
None Remote Medium Not required Complete Complete Complete
A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001.
6195 CVE-2015-0653 287 Bypass 2015-03-12 2019-06-11
10.0
None Remote Low Not required Complete Complete Complete
The management interface in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway before X7.2.4, X8 before X8.1.2, and X8.2 before X8.2.2 and Cisco TelePresence Conductor before X2.3.1 and XC2.4 before XC2.4.1 allows remote attackers to bypass authentication via crafted login parameters, aka Bug IDs CSCur02680 and CSCur05556.
6196 CVE-2015-0635 20 DoS Bypass 2015-03-26 2015-10-01
9.0
None Remote Low Not required Partial Partial Complete
The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Autonomic Networking Registration Authority (ANRA) responses, and consequently bypass intended device and node access restrictions or cause a denial of service (disrupted domain access), via crafted AN messages, aka Bug ID CSCup62191.
6197 CVE-2015-0589 20 Exec Code 2015-02-07 2017-09-07
9.0
None Remote Low Single system Complete Complete Complete
The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug ID CSCuj40460.
6198 CVE-2015-0575 326 2017-08-18 2017-08-21
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration.
6199 CVE-2015-0574 20 2017-08-18 2018-04-18
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient.
6200 CVE-2015-0573 476 DoS 2016-08-07 2016-08-11
10.0
None Remote Low Not required Complete Complete Complete
drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via a crafted application that makes a TSC_GET_CARD_STATUS ioctl call.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.