Skip to main content
CVE-2015-7645 HIGH POC KEV PATCH THREAT Act Now

Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows and OS X and 11.x through 11.2.202.535 on Linux allows remote attackers to execute arbitrary code via a crafted SWF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Adobe Microsoft RCE
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
85.3%
Threat
7.1
CVE-2015-7630 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK &. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.9%.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD
CVSS 2.0
10.0
EPSS
20.9%
CVE-2015-6763 HIGH POC This Week

Multiple unspecified vulnerabilities in Google Chrome before 46.0.2490.71 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Chrome
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
9.2%
CVE-2015-7838 CRITICAL Act Now

ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows remote attackers to upload and execute arbitrary files via unspecified vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.4% and no vendor patch available.

Information Disclosure Storage Manager
NVD
CVSS 2.0
10.0
EPSS
16.4%
CVE-2015-7629 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 19.9%.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 2.0
9.3
EPSS
19.9%
CVE-2015-7633 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK &. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 12.4%.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD
CVSS 2.0
10.0
EPSS
12.4%
CVE-2015-7634 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK &. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.2%.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD
CVSS 2.0
10.0
EPSS
11.2%
CVE-2015-7627 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK &. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.2%.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD
CVSS 2.0
10.0
EPSS
11.2%
CVE-2015-7644 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Air Air Sdk +2
NVD
CVSS 2.0
10.0
EPSS
8.7%
CVE-2015-7840 HIGH Act Now

The command line management console (CMC) in SolarWinds Log and Event Manager (LEM) before 6.2.0 allows remote attackers to execute arbitrary code via unspecified vectors involving the ping feature. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 19.5% and no vendor patch available.

RCE Privilege Escalation Log And Event Manager
NVD
CVSS 2.0
7.5
EPSS
19.5%
CVE-2015-7632 CRITICAL PATCH Act Now

Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213,. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Adobe Buffer Overflow RCE Microsoft Flash Player +3
NVD
CVSS 2.0
9.3
EPSS
7.0%
CVE-2015-7643 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 2.0
9.3
EPSS
5.7%
CVE-2015-7631 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable.

Adobe RCE Microsoft Flash Player Air +2
NVD
CVSS 2.0
9.3
EPSS
5.7%
CVE-2015-7730 CRITICAL Act Now

SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and BusinessObjects XI (BOXI) 3.1 R3 allow remote attackers to cause a denial of service (out-of-bounds read and listener crash) via a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service SAP Buffer Overflow Businessobjects Businessobjects Edge +1
NVD
CVSS 2.0
10.0
EPSS
1.9%
CVE-2015-7361 CRITICAL Act Now

FortiOS 5.2.3, when configured to use High Availability (HA) and the dedicated management interface is enabled, does not require authentication for access to the ZebOS shell on the HA dedicated. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. No vendor patch available.

Fortinet Authentication Bypass Fortios
NVD
CVSS 2.0
9.3
EPSS
0.7%
CVE-2015-7839 HIGH This Week

SolarWinds Log and Event Manager (LEM) allows remote attackers to execute arbitrary commands on managed computers via a request to services/messagebroker/nonsecurestreamingamf involving the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Log And Event Manager
NVD
CVSS 2.0
7.5
EPSS
8.6%
CVE-2015-6757 HIGH This Week

Use-after-free vulnerability in content/browser/service_worker/embedded_worker_instance.cc in the ServiceWorker implementation in Google Chrome before 46.0.2490.71 allows remote attackers to cause a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.6%
CVE-2015-6755 HIGH This Week

The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-6760 HIGH This Week

The Image11::map function in renderer/d3d/d3d11/Image11.cpp in libANGLE, as used in Google Chrome before 46.0.2490.71, mishandles mapping failures after device-lost events, which allows remote. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
7.5
EPSS
1.0%
CVE-2015-6762 HIGH This Week

The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Authentication Bypass Chrome
NVD
CVSS 2.0
7.5
EPSS
0.7%
CVE-2015-7834 HIGH This Week

Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as used in Google Chrome before 46.0.2490.71, allow attackers to cause a denial of service or possibly have other impact via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Google V8 Chrome
NVD
CVSS 2.0
7.5
EPSS
0.2%
CVE-2015-6507 HIGH This Week

The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows local users to cause a denial of service (memory corruption) and possibly have unspecified other impact via unknown vectors, aka. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service SAP Buffer Overflow Hana
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2015-6761 MEDIUM This Month

The update_dimensions function in libavcodec/vp8.c in FFmpeg through 2.8.1, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Race Condition Google Buffer Overflow Ffmpeg +1
NVD
CVSS 2.0
6.8
EPSS
1.5%
CVE-2015-6758 MEDIUM This Month

The CPDF_Document::GetPage function in fpdfapi/fpdf_parser/fpdf_parser_document.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object,. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Chrome
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2015-6756 MEDIUM This Month

Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service Google Buffer Overflow Chrome
NVD
CVSS 2.0
6.8
EPSS
1.0%
CVE-2015-7725 MEDIUM This Month

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allow remote authenticated users to execute arbitrary SQL commands via the (1). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Hana
NVD
CVSS 2.0
6.5
EPSS
1.0%
CVE-2015-7727 MEDIUM This Month

Multiple SQL injection vulnerabilities in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allow remote authenticated users to execute arbitrary SQL commands via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi SAP Hana
NVD
CVSS 2.0
6.5
EPSS
0.6%
CVE-2015-7729 MEDIUM This Month

Eval injection in test-net.xsjs in the Web-based Development Workbench in SAP HANA Developer Edition DB 1.00.091.00.1418659308 allows remote authenticated users to execute arbitrary XSJS code via. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE SAP Code Injection Hana
NVD
CVSS 2.0
6.5
EPSS
0.5%
CVE-2015-7628 MEDIUM PATCH This Month

Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK &. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Flash Player Air +2
NVD
CVSS 2.0
5.0
EPSS
1.4%
CVE-2015-6759 MEDIUM This Month

The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Google Information Disclosure Chrome
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-7728 LOW Monitor

Cross-site scripting (XSS) vulnerability in user creation in the Web-based Development Workbench in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote authenticated users to inject arbitrary. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Hana
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-7726 LOW Monitor

Cross-site scripting (XSS) vulnerability in role deletion in the Web-based Development Workbench in SAP HANA DB 1.00.091.00.1418659308 allows remote authenticated users to inject arbitrary web script. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

XSS SAP Hana
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2015-7829 LOW PATCH Monitor

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069. Rated low severity (CVSS 1.9). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Adobe Buffer Overflow Microsoft Acrobat Acrobat Dc +2
NVD
CVSS 2.0
1.9
EPSS
0.4%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy