| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
101 |
CVE-2015-3053 |
416 |
|
Exec Code |
2015-05-13 |
2017-01-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3054, CVE-2015-3055, CVE-2015-3059, and CVE-2015-3075. |
|
102 |
CVE-2015-3052 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-05-13 |
2017-01-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. |
|
103 |
CVE-2015-3051 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-05-13 |
2017-01-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3050, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. |
|
104 |
CVE-2015-3050 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-05-13 |
2017-01-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3049, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. |
|
105 |
CVE-2015-3049 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-05-13 |
2017-01-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3046, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. |
|
106 |
CVE-2015-3048 |
119 |
|
Exec Code Overflow |
2015-05-13 |
2017-01-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unknown vectors. |
|
107 |
CVE-2015-3047 |
|
|
DoS |
2015-05-13 |
2017-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. |
|
108 |
CVE-2015-3046 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-05-13 |
2017-01-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-9161, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3056, CVE-2015-3057, CVE-2015-3070, and CVE-2015-3076. |
|
109 |
CVE-2015-3036 |
119 |
|
Exec Code Overflow |
2015-05-21 |
2016-12-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005. |
|
110 |
CVE-2015-3013 |
74 |
|
Bypass |
2015-05-08 |
2019-02-07 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 allows remote authenticated users to bypass the file blacklist and upload arbitrary files via a file path with UTF-8 encoding, as demonstrated by uploading a .htaccess file. |
|
111 |
CVE-2015-2946 |
119 |
|
Exec Code Overflow |
2015-05-25 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the Open CAD Format Council SXF common library before 3.30 allows remote attackers to execute arbitrary code via a crafted CAD file. |
|
112 |
CVE-2015-2945 |
94 |
|
Exec Code |
2015-05-25 |
2015-05-27 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does not properly restrict URLs, which allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted request, as exploited in the wild in May 2015. |
|
113 |
CVE-2015-2853 |
|
|
|
2015-05-30 |
2016-12-03 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Session fixation vulnerability in the WebUI component in Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800, and SV3800 3.6.x through 3.8.x before 3.8.4 allows remote attackers to hijack web sessions by providing a session ID. |
|
114 |
CVE-2015-2851 |
264 |
|
|
2015-05-30 |
2016-12-03 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename. |
|
115 |
CVE-2015-2845 |
78 |
|
Exec Code |
2015-05-12 |
2018-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO. |
|
116 |
CVE-2015-2844 |
78 |
|
Exec Code |
2015-05-12 |
2018-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO. |
|
117 |
CVE-2015-2843 |
89 |
|
Exec Code Sql |
2015-05-12 |
2018-10-09 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/. |
|
118 |
CVE-2015-2842 |
|
|
Exec Code |
2015-05-12 |
2018-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/. |
|
119 |
CVE-2015-2829 |
|
|
DoS |
2015-05-12 |
2017-01-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.5 Build 53.9 through 55.8 and 10.5.e Build 53-9010.e allow remote attackers to cause a denial of service (reboot) via unspecified vectors. |
|
120 |
CVE-2015-2810 |
189 |
|
DoS Overflow |
2015-05-15 |
2016-12-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom Office HanWord processor, as used in Hwp 2014 VP before 9.1.0.2342, HanWord Viewer 2007 and Viewer 2010 8.5.6.1158, and HwpViewer 2014 VP 9.1.0.2186, allows remote attackers to cause a denial of service (crash) and possibly "influence the program's execution flow" via a document with a large paragraph size, which triggers heap corruption. |
|
121 |
CVE-2015-2717 |
189 |
|
DoS Exec Code Overflow |
2015-05-14 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in libstagefright in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and out-of-bounds read) via an MP4 video file containing invalid metadata. |
|
122 |
CVE-2015-2716 |
119 |
|
Exec Code Overflow |
2015-05-14 |
2021-07-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283. |
|
123 |
CVE-2015-2715 |
362 |
|
DoS Exec Code Mem. Corr. |
2015-05-14 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Race condition in the nsThreadManager::RegisterCurrentThread function in Mozilla Firefox before 38.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and heap memory corruption) by leveraging improper Media Decoder Thread creation at the time of a shutdown. |
|
124 |
CVE-2015-2713 |
|
|
DoS Exec Code Mem. Corr. |
2015-05-14 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in the SetBreaks function in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a document containing crafted text in conjunction with a Cascading Style Sheets (CSS) token sequence containing properties related to vertical text. |
|
125 |
CVE-2015-2712 |
119 |
|
Exec Code Overflow +Info |
2015-05-14 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The asm.js implementation in Mozilla Firefox before 38.0 does not properly determine heap lengths during identification of cases in which bounds checking may be safely skipped, which allows remote attackers to trigger out-of-bounds write operations and possibly execute arbitrary code, or trigger out-of-bounds read operations and possibly obtain sensitive information from process memory, via crafted JavaScript. |
|
126 |
CVE-2015-2710 |
119 |
|
Exec Code Overflow |
2015-05-14 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in the SVGTextFrame class in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code via crafted SVG graphics data in conjunction with a crafted Cascading Style Sheets (CSS) token sequence. |
|
127 |
CVE-2015-2709 |
|
|
DoS Exec Code Mem. Corr. |
2015-05-14 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
128 |
CVE-2015-2708 |
|
|
DoS Exec Code Mem. Corr. |
2015-05-14 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. |
|
129 |
CVE-2015-2704 |
74 |
|
|
2015-05-18 |
2016-12-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
realmd allows remote attackers to inject arbitrary configurations in to sssd.conf and smb.conf via a newline character in an LDAP response. |
|
130 |
CVE-2015-2694 |
264 |
|
Bypass |
2015-05-25 |
2020-01-21 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.2 do not properly track whether a client's request has been validated, which allows remote attackers to bypass an intended preauthentication requirement by providing (1) zero bytes of data or (2) an arbitrary realm name, related to plugins/preauth/otp/main.c and plugins/preauth/pkinit/pkinit_srv.c. |
|
131 |
CVE-2015-2668 |
399 |
|
DoS |
2015-05-12 |
2017-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. |
|
132 |
CVE-2015-2667 |
|
|
+Priv |
2015-05-18 |
2016-12-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory. |
|
133 |
CVE-2015-2666 |
119 |
|
Overflow +Priv |
2015-05-27 |
2016-12-31 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd. |
|
134 |
CVE-2015-2248 |
352 |
|
CSRF |
2015-05-01 |
2018-03-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark. |
|
135 |
CVE-2015-2234 |
362 |
|
+Priv |
2015-05-12 |
2017-01-03 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses world-writable permissions for the update files directory, which allows local users to gain privileges by writing to an update file after the signature is validated. |
|
136 |
CVE-2015-2233 |
310 |
|
|
2015-05-12 |
2016-12-03 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and execute arbitrary files via a crafted certificate. |
|
137 |
CVE-2015-2222 |
399 |
|
DoS |
2015-05-12 |
2017-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. |
|
138 |
CVE-2015-2221 |
399 |
|
DoS |
2015-05-12 |
2017-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. |
|
139 |
CVE-2015-2219 |
264 |
|
+Priv |
2015-05-12 |
2016-12-03 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to the System Update service (SUService.exe) through an unspecified named pipe. |
|
140 |
CVE-2015-2170 |
399 |
|
DoS |
2015-05-12 |
2017-01-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. |
|
141 |
CVE-2015-2123 |
|
|
+Priv |
2015-05-25 |
2016-12-03 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in HP NonStop Safeguard Security Software H06.x, L15.02, and J06.x before J06.19 allows remote authenticated users to gain privileges by leveraging Expand access. |
|
142 |
CVE-2015-2122 |
399 |
|
DoS |
2015-05-25 |
2016-12-03 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a denial of service via network traffic to the REST port. |
|
143 |
CVE-2015-2121 |
200 |
|
+Info |
2015-05-25 |
2016-12-03 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
HP Network Virtualization for LoadRunner and Performance Center 8.61 and 11.52 allows remote attackers to read arbitrary files via a crafted filename in a URL to the (1) HttpServlet or (2) NetworkEditorController component, aka ZDI-CAN-2569. |
|
144 |
CVE-2015-2120 |
|
|
+Priv |
2015-05-25 |
2016-12-31 |
8.7 |
None |
Remote |
Low |
??? |
Complete |
Partial |
Complete |
|
Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x before 11.24.391, and 11.3x before 11.30.521 allows remote authenticated users to gain privileges via unknown vectors, aka ZDI-CAN-2567. |
|
145 |
CVE-2015-2110 |
119 |
|
Exec Code Overflow |
2015-05-25 |
2019-10-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in HP LoadRunner 11.52 allows remote attackers to execute arbitrary code via unspecified vectors. |
|
146 |
CVE-2015-1937 |
284 |
|
|
2015-05-30 |
2016-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and 1.2.2.x through 1.2.2.2 does not require authentication for the ceilometer NoSQL database, which allows remote attackers to read or write to arbitrary database records, and consequently obtain administrator privileges, via a session on port 27017. |
|
147 |
CVE-2015-1921 |
|
|
|
2015-05-25 |
2016-08-17 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. |
|
148 |
CVE-2015-1920 |
284 |
|
Exec Code |
2015-05-20 |
2017-01-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 before 7.0.0.39, 8.0 before 8.0.0.11, and 8.5 before 8.5.5.6 allows remote attackers to execute arbitrary code by sending crafted instructions in a management-port session. |
|
149 |
CVE-2015-1909 |
200 |
|
+Info |
2015-05-25 |
2015-05-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The XML parser in the Reference Data Management component in the server in IBM InfoSphere Master Data Management (MDM) 10.1 before IF1, 11.0 before FP3, 11.3, and 11.4 before FP2 allows remote attackers to read arbitrary files, and consequently obtain administrative access, via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. |
|
150 |
CVE-2015-1903 |
119 |
|
Exec Code Overflow |
2015-05-20 |
2019-10-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and 9.0 before 9.0.1 FP3 IF3 allows remote attackers to execute arbitrary code via a crafted BMP image, aka SPR KLYH9TSN3Y. |
