Latest CVE Feed
-
7.2
HIGHCVE-2015-1724
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1723
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1722
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1721
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain p... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1720
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2015-1719
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2015-1687
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."... Read more
Affected Products : internet_explorer- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4148
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4147
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized ... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4026
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with un... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4025
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unex... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4024
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data ... Read more
Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus mac_os_x linux php solaris system_management_homepage +2 more products- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4022
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4021
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial ... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-3330
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possib... Read more
Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus mac_os_x linux php solaris enterprise_linux_hpc_node +1 more products- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-3329
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, o... Read more
Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus mac_os_x linux php solaris enterprise_linux_hpc_node +1 more products- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-3307
The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted t... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
5.8
MEDIUMCVE-2015-2783
ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (buffer over-read and application crash) via a crafted length value ... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
3.5
LOWCVE-2015-4427
Multiple cross-site scripting (XSS) vulnerabilities in Test/WorkArea/workarea.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.114) allow remote authenticated users to inject arbitrary web script or HTML via the (1) page, ... Read more
Affected Products : ektron_content_management_system- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
10.0
HIGHCVE-2015-4335
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025