Latest CVE Feed
-
9.3
HIGHCVE-2015-1728
Microsoft Windows Media Player 10 through 12 allows remote attackers to execute arbitrary code via a crafted DataObject on a web site, aka "Windows Media Player RCE via DataObject Vulnerability."... Read more
Affected Products : windows_media_player- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1727
Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows l... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1726
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1725
Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows l... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1724
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1723
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1722
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1721
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain p... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
7.2
HIGHCVE-2015-1720
Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
2.1
LOWCVE-2015-1719
The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to obtain... Read more
- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
9.3
HIGHCVE-2015-1687
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."... Read more
Affected Products : internet_explorer- Published: Jun. 10, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4148
The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4147
The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized ... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4026
The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with un... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4025
PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unex... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4024
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data ... Read more
Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus mac_os_x linux php solaris system_management_homepage +2 more products- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-4022
Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
5.0
MEDIUMCVE-2015-4021
The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial ... Read more
- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
6.8
MEDIUMCVE-2015-3330
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possib... Read more
Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus mac_os_x linux php solaris enterprise_linux_hpc_node +1 more products- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025
-
7.5
HIGHCVE-2015-3329
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, o... Read more
Affected Products : enterprise_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_server_eus mac_os_x linux php solaris enterprise_linux_hpc_node +1 more products- Published: Jun. 09, 2015
- Modified: Apr. 12, 2025