CVEs from 2015
Total
7,323
critical
critical 1,307
high
high 1,666
medium
medium 3,617
low
low 553
% Critical
17.8%
% with KEV
0.6%
% with exploit
0.6%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2015-1830 | medium | — | 6.0 | 11y ago | Improper Limitation of a Pathname to a Restricted Directory in Apache ActiveMQ | |
| CVE-2015-4000 | low | 3.7 | 4.7 | 11y ago | The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to c… | |
| CVE-2015-7755 | unknown | — | 1.5 | 8mo ago | Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device. | |
| CVE-2015-2291 | unknown | — | 1.5 | 3y ago | Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS). | |
| CVE-2015-6175 | unknown | — | 1.5 | 4y ago | The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application. | |
| CVE-2015-2360 | unknown | — | 1.5 | 4y ago | Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS). | |
| CVE-2015-8651 | unknown | — | 1.5 | 4y ago | Integer overflow in Adobe Flash Player allows attackers to execute code. | |
| CVE-2015-4495 | unknown | — | 1.5 | 4y ago | Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. | |
| CVE-2015-2425 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | |
| CVE-2015-0071 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site. | |
| CVE-2015-0016 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges. | |
| CVE-2015-1671 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. | |
| CVE-2015-1769 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links. | |
| CVE-2015-0310 | unknown | — | 1.5 | 4y ago | Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism. | |
| CVE-2015-1427 | unknown | — | 1.5 | 4y ago | The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. | |
| CVE-2015-5317 | unknown | — | 1.5 | 4y ago | Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages. | |
| CVE-2015-2502 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS). | |
| CVE-2015-3113 | unknown | — | 1.5 | 4y ago | Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. | |
| CVE-2015-0313 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. | |
| CVE-2015-0311 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. | |
| CVE-2015-5122 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | |
| CVE-2015-5123 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | |
| CVE-2015-1770 | unknown | — | 1.5 | 4y ago | Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document. | |
| CVE-2015-2426 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. | |
| CVE-2015-2419 | unknown | — | 1.5 | 4y ago | JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |
| CVE-2015-4068 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service. | |
| CVE-2015-0666 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files. | |
| CVE-2015-1187 | unknown | — | 1.5 | 4y ago | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. | |
| CVE-2015-3035 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. | |
| CVE-2015-2546 | unknown | — | 1.5 | 4y ago | The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application. | |
| CVE-2015-2424 | unknown | — | 1.5 | 4y ago | Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document. | |
| CVE-2015-3043 | unknown | — | 1.5 | 4y ago | A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution. | |
| CVE-2015-7645 | unknown | — | 1.5 | 4y ago | Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file. | |
| CVE-2015-1642 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document. | |
| CVE-2015-2590 | unknown | — | 1.5 | 4y ago | An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution. | |
| CVE-2015-2545 | unknown | — | 1.5 | 4y ago | Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image. | |
| CVE-2015-1701 | unknown | — | 1.5 | 4y ago | An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges. | |
| CVE-2015-4902 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment. | |
| CVE-2015-2387 | unknown | — | 1.5 | 4y ago | ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application. | |
| CVE-2015-5119 | unknown | — | 1.5 | 4y ago | A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution. | |
| CVE-2015-1130 | unknown | — | 1.5 | 4y ago | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. | |
| CVE-2015-2051 | unknown | — | 1.5 | 4y ago | D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |
| CVE-2015-1635 | unknown | — | 1.5 | 4y ago | Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution. | |
| CVE-2015-7450 | unknown | — | 1.5 | 4y ago | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands | |
| CVE-2015-4852 | unknown | — | 1.5 | 5y ago | Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution. | |
| CVE-2015-1641 | unknown | — | 1.5 | 5y ago | Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context… |