Latest CVE Feed
-
7.2
HIGHCVE-2015-1722
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and... Read more
- EPSS Score: %3.96
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1721
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain p... Read more
- EPSS Score: %8.14
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1720
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and... Read more
- EPSS Score: %1.12
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2015-1719
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain... Read more
- EPSS Score: %2.36
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2015-1687
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."... Read more
Affected Products : internet_explorer- EPSS Score: %29.54
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4148
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized... Read more
- EPSS Score: %9.54
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4147
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized ... Read more
- EPSS Score: %38.06
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4026
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with un... Read more
- EPSS Score: %4.92
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4025
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unex... Read more
- EPSS Score: %2.81
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4024
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data ... Read more
Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus mac_os_x linux php solaris system_management_homepage +2 more products- EPSS Score: %66.29
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4022
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow... Read more
- EPSS Score: %7.87
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4021
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial ... Read more
- EPSS Score: %25.30
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-3330
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possib... Read more
Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus mac_os_x linux php solaris enterprise_linux_hpc_node +1 more products- EPSS Score: %24.17
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-3329
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, o... Read more
Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus mac_os_x linux php solaris enterprise_linux_hpc_node +1 more products- EPSS Score: %26.34
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-3307
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted t... Read more
- EPSS Score: %9.63
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
5.8
MEDIUMCVE-2015-2783
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value ... Read more
- EPSS Score: %6.76
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2015-4427
Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, ... Read more
Affected Products : ektron_content_management_system- EPSS Score: %0.18
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.... Read more
- EPSS Score: %6.77
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4109
Multiple SQL injection vulnerabilities in the ratings module in the Users Ultra plugin before 1.5.16 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) data_target or (2) data_vote parameter in a rating_vote (wp_ajax_nopriv... Read more
Affected Products : usersultra- EPSS Score: %0.88
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-4080
The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to (1) obtain sensitive information by sniffing the network and (2) obtain access to the device by encrypting messages.... Read more
Affected Products : smartsocket- EPSS Score: %0.67
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025