CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 8 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6401 CVE-2015-2389 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1733 and CVE-2015-2411.
6402 CVE-2015-2388 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-1738.
6403 CVE-2015-2385 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2390, CVE-2015-2397, CVE-2015-2404, CVE-2015-2406, and CVE-2015-2422.
6404 CVE-2015-2384 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2383 and CVE-2015-2425.
6405 CVE-2015-2383 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2384 and CVE-2015-2425.
6406 CVE-2015-2380 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, and Word 2013 RT SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
6407 CVE-2015-2379 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
6408 CVE-2015-2377 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
6409 CVE-2015-2376 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Office for Mac 2011, Excel Viewer 2007 SP3, Office Compatibility Pack SP3, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, and Excel Services on SharePoint Server 2013 SP1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
6410 CVE-2015-2373 19 Exec Code 2015-07-14 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The Remote Desktop Protocol (RDP) server service in Microsoft Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a series of crafted packets, aka "Remote Desktop Protocol (RDP) Remote Code Execution Vulnerability."
6411 CVE-2015-2372 119 DoS Exec Code Overflow Mem. Corr. 2015-07-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
6412 CVE-2015-2342 Exec Code 2015-10-12 2018-08-11
10.0
None Remote Low Not required Complete Complete Complete
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.
6413 CVE-2015-2284 264 Exec Code +Priv 2015-03-24 2015-03-25
10.0
None Remote Low Not required Complete Complete Complete
userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before 6.6.5 HotFix1 allows remote attackers to gain privileges and execute arbitrary code via unspecified vectors, related to client session handling.
6414 CVE-2015-2280 78 Exec Code 2017-07-24 2018-10-09
9.0
None Remote Low Single system Complete Complete Complete
snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera with firmware FW_AIC1620W_1.1.0-12_20120709_r1192.pck allows remote authenticated users to execute arbitrary OS commands via shell metacharacters in the mac parameter.
6415 CVE-2015-2279 78 Exec Code 2017-07-24 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac write_pid, write_msn, write_tan, or write_hdv parameter.
6416 CVE-2015-2252 94 Exec Code 2017-06-08 2017-06-20
9.3
None Remote Medium Not required Complete Complete Complete
Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to execute arbitrary code with root privileges via a crafted UDS patch with shell scripts.
6417 CVE-2015-2247 2015-04-10 2015-04-13
8.3
None Local Network Low Not required Complete Complete Complete
Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "injection attack" that blocks and hijacks a Bluetooth signal.
6418 CVE-2015-2233 310 2015-05-12 2016-12-02
8.3
None Local Network Low Not required Complete Complete Complete
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate.
6419 CVE-2015-2180 74 Exec Code 2017-01-30 2018-10-30
9.0
None Remote Low Single system Complete Complete Complete
The DBMail driver in the Password plugin in Roundcube before 1.1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the password.
6420 CVE-2015-2137 Exec Code 2015-08-22 2017-09-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors.
6421 CVE-2015-2135 Exec Code 2015-08-31 2015-09-01
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors.
6422 CVE-2015-2123 +Priv 2015-05-25 2016-12-02
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access.
6423 CVE-2015-2120 +Priv 2015-05-25 2016-12-30
8.7
None Remote Low Single system Complete Partial Complete
Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567.
6424 CVE-2015-2116 DoS Exec Code 2015-04-27 2016-12-02
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authenticated users to execute arbitrary code or cause a denial of service via unknown vectors.
6425 CVE-2015-2113 Exec Code 2015-04-14 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote attackers to execute arbitrary code via unknown vectors.
6426 CVE-2015-2112 Exec Code 2015-04-14 2019-10-09
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP Easy Deploy, as distributed standalone and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540, t5740, and t5740e devices and HP Flexible Thin Client t510, t520, t610, t620, and t820 devices allows remote authenticated users to execute arbitrary code via unknown vectors.
6427 CVE-2015-2110 119 Exec Code Overflow 2015-05-25 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors.
6428 CVE-2015-2052 119 Exec Code Overflow 2015-02-23 2016-12-30
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary code via a long string in a GetDeviceSettings action to the HNAP interface.
6429 CVE-2015-2051 77 Exec Code 2015-02-23 2016-12-30
10.0
None Remote Low Not required Complete Complete Complete
The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 and earlier allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.
6430 CVE-2015-2050 Exec Code 2015-02-23 2017-03-23
10.0
None Remote Low Not required Complete Complete Complete
D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers to execute arbitrary commands via unspecified vectors.
6431 CVE-2015-2049 Exec Code 2015-02-23 2017-09-09
9.0
None Remote Low Single system Complete Complete Complete
Unrestricted file upload vulnerability in D-Link DCS-931L with firmware 1.04 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension.
6432 CVE-2015-2033 287 Exec Code 2015-02-20 2016-11-29
10.0
None Remote Low Not required Complete Complete Complete
Anyterm Daemon in Infoblox Network Automation NetMRI before NETMRI-23483 allows remote attackers to execute arbitrary commands with root privileges via a crafted terminal/anyterm-module request.
6433 CVE-2015-2016 Exec Code 2015-10-03 2015-10-05
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unknown vectors.
6434 CVE-2015-2011 77 Exec Code 2015-10-03 2015-10-05
9.0
None Remote Low Single system Complete Complete Complete
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors.
6435 CVE-2015-1986 77 Exec Code 2015-06-30 2016-12-30
10.0
None Remote Low Not required Complete Complete Complete
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1938.
6436 CVE-2015-1961 284 Exec Code Bypass 2015-07-13 2017-09-21
9.0
None Remote Low Single system Complete Complete Complete
The REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to bypass intended access restrictions and execute arbitrary JavaScript code on the server via an unspecified API call.
6437 CVE-2015-1949 77 Exec Code 2015-06-30 2016-12-27
10.0
None Remote Low Not required Complete Complete Complete
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands with SYSTEM privileges via unspecified vectors.
6438 CVE-2015-1942 20 2015-06-30 2016-12-27
9.3
None Remote Medium Not required Complete Complete Complete
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to write to arbitrary files, and subsequently execute these files, via a crafted TCP packet to an unspecified port.
6439 CVE-2015-1938 77 Exec Code 2015-06-30 2016-12-27
10.0
None Remote Low Not required Complete Complete Complete
The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2015-1986.
6440 CVE-2015-1935 17 DoS Exec Code 2015-07-19 2018-09-26
8.0
None Remote Low Single system Partial Partial Complete
The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.
6441 CVE-2015-1920 284 Exec Code 2015-05-19 2017-01-03
10.0
None Remote Low Not required Complete Complete Complete
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session.
6442 CVE-2015-1903 119 Exec Code Overflow 2015-05-20 2017-01-03
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y.
6443 CVE-2015-1902 119 Exec Code Overflow 2015-05-20 2017-01-03
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSMLA.
6444 CVE-2015-1896 119 Exec Code Overflow 2015-05-24 2016-12-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the FastBackMount process in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.11.1 allows remote attackers to execute arbitrary code via unspecified vectors.
6445 CVE-2015-1885 264 +Priv 2015-04-27 2016-12-21
9.3
None Remote Medium Not required Complete Complete Complete
WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, 8.5 Liberty Profile before 8.5.5.5, and 8.5 Full Profile before 8.5.5.6, when the OAuth grant type requires sending a password, allows remote attackers to gain privileges via unspecified vectors.
6446 CVE-2015-1882 362 Exec Code +Priv 2015-04-27 2016-08-03
8.5
None Remote Medium Single system Complete Complete Complete
Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 allow remote authenticated users to gain privileges by leveraging thread conflicts that result in Java code execution outside the context of the configured EJB Run-as user.
6447 CVE-2015-1845 119 Exec Code Overflow 2015-05-19 2016-08-02
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the EntrReadArch function in unzoo might allow remote attackers to execute arbitrary code via unspecified vectors.
6448 CVE-2015-1842 255 Exec Code 2015-04-10 2016-07-25
10.0
None Remote Low Not required Complete Complete Complete
The puppet manifests in the Red Hat openstack-puppet-modules package before 2014.2.13-2 uses a default password of CHANGEME for the pcsd daemon, which allows remote attackers to execute arbitrary shell commands via unspecified vectors.
6449 CVE-2015-1815 77 Exec Code 2015-03-30 2016-12-30
10.0
None Remote Low Not required Complete Complete Complete
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.
6450 CVE-2015-1804 189 DoS Exec Code 2015-03-20 2016-12-30
8.5
None Remote Medium Single system Complete Complete Complete
The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont before 1.4.9 and 1.5.x before 1.5.1 does not properly perform type conversion for metrics values, which allows remote authenticated users to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via a crafted BDF font file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.