# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2015-8327 |
|
|
Exec Code |
2015-12-17 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.2.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via ` (backtick) characters in a print job. |
2 |
CVE-2015-5123 |
416 |
|
DoS Exec Code Mem. Corr. |
2015-07-14 |
2021-09-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015. |
3 |
CVE-2015-5122 |
|
|
DoS Exec Code Mem. Corr. |
2015-07-14 |
2021-09-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. |
4 |
CVE-2015-4147 |
19 |
|
Exec Code |
2015-06-09 |
2018-01-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue. |
5 |
CVE-2015-4022 |
189 |
|
Exec Code Overflow |
2015-06-09 |
2019-04-22 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. |
6 |
CVE-2015-3330 |
20 |
|
DoS Exec Code |
2015-06-09 |
2019-12-27 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." |
7 |
CVE-2015-3329 |
119 |
|
Exec Code Overflow |
2015-06-09 |
2019-12-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. |
8 |
CVE-2015-3247 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-09-08 |
2019-04-22 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors. |
9 |
CVE-2015-3214 |
119 |
|
Exec Code Overflow |
2015-08-31 |
2022-02-20 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. |
10 |
CVE-2015-3209 |
787 |
|
Exec Code Overflow |
2015-06-15 |
2022-02-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in the PCNET controller in QEMU allows remote attackers to execute arbitrary code by sending a packet with TXSTATUS_STARTPACKET set and then a crafted packet with TXSTATUS_DEVICEOWNS set. |
11 |
CVE-2015-2787 |
|
|
Exec Code |
2015-03-30 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. |
12 |
CVE-2015-1863 |
119 |
|
DoS Exec Code Overflow |
2015-04-28 |
2018-10-30 |
5.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
Partial |
Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (crash), read memory, or possibly execute arbitrary code via crafted SSID information in a management frame when creating or updating P2P entries. |
13 |
CVE-2015-1774 |
787 |
|
DoS Exec Code |
2015-04-28 |
2022-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write. |
14 |
CVE-2015-0797 |
|
|
DoS Exec Code |
2015-05-14 |
2020-09-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. |