CVEs from 2015
Total
7,267
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
2.2%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0411 | high | — | 7.5 | 12y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related… | |||
| CVE-2015-0396 | high | — | 7.5 | 12y ago | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unkno… | |||
| CVE-2015-1055 | high | — | 7.5 | 12y ago | SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/adm… | |||
| CVE-2015-0919 | high | — | 7.5 | 12y ago | Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter… | |||
| CVE-2015-5639 | high | 7.4 | 7.4 | 9y ago | niconico App for iOS before 6.38 does not verify SSL certificates which could allow remote attackers to execute man-in-the-middle attacks. | |||
| CVE-2015-2988 | high | 7.4 | 7.4 | 9y ago | Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL certificates which might allow remote attackers to execute man-in-the-middle attacks. | |||
| CVE-2015-8870 | high | 7.4 | 7.4 | 10y ago | Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows remote attackers to cause a denial of service (heap-based buffer over-read), or possibly obtain sensitive information from process … | |||
| CVE-2015-8843 | high | 7.4 | 7.4 | 10y ago | The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges… | |||
| CVE-2015-8474 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in the valid_back_url function in app/controllers/application_controller.rb in Redmine before 2.6.7, 3.0.x before 3.0.5, and 3.1.x before 3.1.1 allows remote attackers to … | |||
| CVE-2015-7428 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attac… | |||
| CVE-2015-3272 | high | 7.4 | 7.4 | 10y ago | Moodle open redirect vulnerability | |||
| CVE-2015-8483 | high | 7.4 | 7.4 | 10y ago | Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. | |||
| CVE-2015-4956 | high | 7.4 | 7.4 | 10y ago | The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 allows remote authenticated users to execute unspecified OS commands via unknown vectors. | |||
| CVE-2015-8466 | high | 7.4 | 7.4 | 11y ago | Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header. | |||
| CVE-2015-7393 | high | 7.4 | 7.4 | 11y ago | dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AAM 11.4.0 through 11.6.0 and 12.0.0 before 12.0.0 HF1, BIG-IP AFM and PEM 11.… | |||
| CVE-2015-8400 | high | 7.4 | 7.4 | 11y ago | The HTTPS fallback implementation in Shell In A Box (aka shellinabox) before 2.19 makes it easier for remote attackers to conduct DNS rebinding attacks via the "/plain" URL. | |||
| CVE-2015-8331 | high | 7.4 | 7.4 | 11y ago | The Operation and Maintenance Unit (OMU) in Huawei VCN500 with software before V100R002C00SPC200 does not properly invalidate the session ID when an "abnormal exit" occurs, which allows remote attack… | |||
| CVE-2015-7397 | high | 7.4 | 7.4 | 11y ago | Multiple open redirect vulnerabilities in the Aurora starter store in IBM WebSphere Commerce 7.0 through Feature Pack 8 allow remote attackers to redirect users to arbitrary web sites and conduct phi… | |||
| CVE-2015-8597 | high | 7.4 | 7.4 | 11y ago | Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 and 6.6 and Advanced Secure Gateway (ASG) 6.6 might allow remote attackers to redirect users to arbitrary web sites and conduct phi… | |||
| CVE-2015-7410 | high | 7.4 | 7.4 | 11y ago | The Health Check tool in IBM Sterling B2B Integrator 5.2 does not properly use cookies in conjunction with HTTPS sessions, which allows man-in-the-middle attackers to obtain sensitive information or … | |||
| CVE-2015-1947 | high | 7.4 | 7.4 | 11y ago | Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0, when a DB2 database is used, allows local users to gain privileges via a Trojan horse library that is… | |||
| CVE-2015-5663 | high | 7.4 | 7.4 | 11y ago | The file-execution functionality in WinRAR before 5.30 beta 5 allows local users to gain privileges via a Trojan horse file with a name similar to an extensionless filename that was selected by the u… | |||
| CVE-2015-8370 | high | 7.4 | 7.4 | 11y ago | Multiple integer underflows in Grub2 1.98 through 2.02 allow physically proximate attackers to bypass authentication, obtain sensitive information, or cause a denial of service (disk corruption) via … | |||
| CVE-2015-8570 | high | — | 7.4 | 11y ago | The password reset functionality in Lepide Active Directory Self Service allows remote authenticated users to change arbitrary domain user passwords via a crafted request. | |||
| CVE-2015-6023 | high | 7.3 | 7.3 | 9y ago | ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE:… | |||
| CVE-2015-8962 | high | 7.3 | 7.3 | 10y ago | Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and… | |||
| CVE-2015-8955 | high | 7.3 | 7.3 | 10y ago | arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving… | |||
| CVE-2015-8800 | high | 7.3 | 7.3 | 10y ago | Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x before 1.0 MP5, Embedded Security: Critical System Protection for Controllers and Devices (SES:CSP) 6.5.0 before MP1, Critical S… | |||
| CVE-2015-8865 | high | 7.3 | 7.3 | 10y ago | The file_check_mem function in funcs.c in file before 5.23, as used in the Fileinfo component in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x before 7.0.5, mishandles continuation-level jumps, whi… | |||
| CVE-2015-8560 | high | 7.3 | 7.3 | 10y ago | Incomplete blacklist vulnerability in util.c in foomatic-rip in cups-filters 1.0.42 before 1.4.0 and in foomatic-filters in Foomatic 4.0.x allows remote attackers to execute arbitrary commands via a … | |||
| CVE-2015-8708 | high | 7.3 | 7.3 | 10y ago | Stack-based buffer overflow in the conv_euctojis function in codeconv.c in Claws Mail 3.13.1 allows remote attackers to have unspecified impact via a crafted email, involving Japanese character set c… | |||
| CVE-2015-8614 | high | 7.3 | 7.3 | 10y ago | Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) conv_euctojis, and (3) conv_sjistoeuc functions in codeconv.c in Claws Mail before 3.13.1 allow remote attackers to have unspecifie… | |||
| CVE-2015-5329 | high | 7.3 | 7.3 | 10y ago | The TripleO Heat templates (tripleo-heat-templates), as used in Red Hat Enterprise Linux OpenStack Platform 7.0, do not properly use the configured RabbitMQ credentials, which makes it easier for rem… | |||
| CVE-2015-8837 | high | 7.3 | 7.3 | 10y ago | Stack-based buffer overflow in the isofs_real_readdir function in isofs.c in FuseISO 20070708 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary co… | |||
| CVE-2015-8836 | high | 7.3 | 7.3 | 10y ago | Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other imp… | |||
| CVE-2015-7909 | high | 7.3 | 7.3 | 11y ago | Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attac… | |||
| CVE-2015-8472 | high | 7.3 | 7.3 | 11y ago | Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers t… | |||
| CVE-2015-6836 | high | 7.3 | 7.3 | 11y ago | The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary… | |||
| CVE-2015-6832 | high | 7.3 | 7.3 | 11y ago | Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitra… | |||
| CVE-2015-6831 | high | 7.3 | 7.3 | 11y ago | Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObjec… | |||
| CVE-2015-6527 | high | 7.3 | 7.3 | 11y ago | The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplac… | |||
| CVE-2015-5590 | high | 7.3 | 7.3 | 11y ago | Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of servic… | |||
| CVE-2015-6863 | high | 7.3 | 7.3 | 11y ago | HPE ArcSight Logger before 6.1P1 allows remote attackers to execute arbitrary code via unspecified input to the (1) Intellicus or (2) client-certificate upload component. | |||
| CVE-2015-6336 | high | 7.3 | 7.3 | 11y ago | Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), 8.1(112.4), and 8.1(15.14) have a default account, which makes it easier for remote attackers to obtain access via unspecified vect… | |||
| CVE-2015-8607 | high | 7.3 | 7.3 | 11y ago | The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to byp… | |||
| CVE-2015-8769 | high | 7.3 | 7.3 | 11y ago | SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-2895 | high | 7.3 | 7.3 | 11y ago | Buffer overflow in the up.time client in Idera Uptime Infrastructure Monitor 7.4 might allow remote attackers to execute arbitrary code via long command input. | |||
| CVE-2015-7788 | high | 7.3 | 7.3 | 11y ago | ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. | |||
| CVE-2015-8662 | high | 7.3 | 7.3 | 11y ago | The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg before 2.8.4 does not validate the number of decomposition levels before proceeding with Discrete Wavelet Transform decoding, which al… | |||
| CVE-2015-1836 | high | 7.3 | 7.3 | 11y ago | High severity vulnerability that affects org.apache.hbase:hbase | |||
| CVE-2015-1772 | high | 7.3 | 7.3 | 11y ago | Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service | |||
| CVE-2015-6934 | high | 7.3 | 7.3 | 11y ago | Serialized-object interfaces in VMware vRealize Orchestrator 6.x, vCenter Orchestrator 5.x, vRealize Operations 6.x, vCenter Operations 5.x, and vCenter Application Discovery Manager (vADM) 7.x allow… | |||
| CVE-2015-8387 | high | 7.3 | 7.3 | 11y ago | PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impa… | |||
| CVE-2015-2915 | high | — | 7.3 | 11y ago | Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M have a default password of admin for the admin account, which allows remote … | |||
| CVE-2015-1098 | high | 7.3 | 7.3 | 11y ago | iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | |||
| CVE-2015-5533 | high | 7.2 | 7.2 | 9y ago | SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep… | |||
| CVE-2015-7714 | high | 7.2 | 7.2 | 9y ago | Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in… | |||
| CVE-2015-5164 | high | 7.2 | 7.2 | 9y ago | The Qpid server on Red Hat Satellite 6 does not properly restrict message types, which allows remote authenticated users with administrative access on a managed content host to execute arbitrary code… | |||
| CVE-2015-9234 | high | 7.2 | 7.2 | 9y ago | The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) plugin before 1.1.6 for WordPress has SQL injection via the cp_contactformpp_id parameter to cp_contactformpp.php. | |||
| CVE-2015-9227 | high | 7.2 | 7.2 | 9y ago | PHP remote file inclusion vulnerability in the get_file function in upload/admin2/controller/report_logs.php in AlegroCart 1.2.8 allows remote administrators to execute arbitrary PHP code via a URL i… | |||
| CVE-2015-9226 | high | 7.2 | 7.2 | 9y ago | Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow remote administrators to execute arbitrary SQL commands via the download parameter in the (1) check_download and possibly (2) check_fi… | |||
| CVE-2015-4649 | high | 7.2 | 7.2 | 9y ago | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than … | |||
| CVE-2015-3657 | high | 7.2 | 7.2 | 9y ago | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain "Super Admin" privileges via unspecified vectors. | |||
| CVE-2015-3656 | high | 7.2 | 7.2 | 9y ago | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated lower-level administrators to gain privileges by leveraging failure to properly enforce authori… | |||
| CVE-2015-3654 | high | 7.2 | 7.2 | 9y ago | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to gain root privileges via unspecified vectors, a different vulnerability than … | |||
| CVE-2015-3653 | high | 7.2 | 7.2 | 9y ago | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote authenticated administrators to write to arbitrary files within the underlying operating system and consequen… | |||
| CVE-2015-1445 | high | 7.2 | 7.2 | 9y ago | HTTP header injection in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30. | |||
| CVE-2015-0249 | high | 7.2 | 7.2 | 9y ago | The weblog page template in Apache Roller 5.1 through 5.1.1 allows remote authenticated users with admin privileges for a weblog to execute arbitrary Java code via crafted Velocity Text Language (aka… | |||
| CVE-2015-4046 | high | 7.2 | 7.2 | 9y ago | The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows remote authenticated users to execute arbitrary commands via the assets array parameter to netscan/do_scan.php. | |||
| CVE-2015-7570 | high | 7.2 | 7.2 | 9y ago | Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb… | |||
| CVE-2015-7472 | high | 7.2 | 7.2 | 10y ago | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF20, and 8.5.0 before CF10 allows remote attackers to conduct LDAP injec… | |||
| CVE-2015-5252 | high | 7.2 | 7.2 | 11y ago | vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended f… | |||
| CVE-2015-7917 | high | 7.2 | 7.2 | 11y ago | Untrusted search path vulnerability in Open Automation OPC Systems.NET 8.00.0023 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2015-6426 | high | — | 7.2 | 11y ago | Cisco Prime Network Services Controller 3.0 allows local users to bypass intended access restrictions and execute arbitrary commands via additional parameters to an unspecified command, aka Bug ID CS… | |||
| CVE-2015-6424 | high | — | 7.2 | 11y ago | The boot manager in Cisco Application Policy Infrastructure Controller (APIC) 1.1(0.920a) allows local users to bypass intended access restrictions and obtain single-user-mode root access via unspeci… | |||
| CVE-2015-8338 | high | — | 7.2 | 11y ago | Xen 4.6.x and earlier does not properly enforce limits on page order inputs for the (1) XENMEM_increase_reservation, (2) XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other HYPERVISOR_me… | |||
| CVE-2015-5277 | high | — | 7.2 | 11y ago | The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corrup… | |||
| CVE-2015-4027 | high | — | 7.2 | 11y ago | The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a p… | |||
| CVE-2015-6403 | high | — | 7.2 | 11y ago | The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x phones 7.5.7 improperly validates firmware-image file integrity, which allows local users to load a Trojan horse image by levera… | |||
| CVE-2015-7108 | high | — | 7.2 | 11y ago | The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-7106 | high | — | 7.2 | 11y ago | The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-7084 | high | — | 7.2 | 11y ago | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified… | |||
| CVE-2015-7083 | high | — | 7.2 | 11y ago | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified… | |||
| CVE-2015-7078 | high | — | 7.2 | 11y ago | Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects. | |||
| CVE-2015-7077 | high | — | 7.2 | 11y ago | The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors. | |||
| CVE-2015-7076 | high | — | 7.2 | 11y ago | The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | |||
| CVE-2015-7063 | high | — | 7.2 | 11y ago | The kernel loader in EFI in Apple OS X before 10.11.2 allows local users to gain privileges via a crafted pathname. | |||
| CVE-2015-7052 | high | — | 7.2 | 11y ago | kext tools in Apple OS X before 10.11.2 mishandles kernel-extension loading, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-7047 | high | — | 7.2 | 11y ago | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed. | |||
| CVE-2015-6174 | high | — | 7.2 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and… | |||
| CVE-2015-6173 | high | — | 7.2 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and… | |||
| CVE-2015-6171 | high | — | 7.2 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and… | |||
| CVE-2015-6126 | high | — | 7.2 | 11y ago | Race condition in the Pragmatic General Multicast (PGM) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Serv… | |||
| CVE-2015-1344 | high | — | 7.2 | 11y ago | The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not properly check permissions, which allows local users to gain privileges by writing a pid to the tasks file. | |||
| CVE-2015-6383 | high | — | 7.2 | 11y ago | Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software packages, which allows local users to bypass license restrictions and obtain certain root privileges by using the CLI to enter craf… | |||
| CVE-2015-6385 | high | — | 7.2 | 11y ago | The publish-event event-manager feature in Cisco IOS 15.5(2)S and 15.5(3)S on Cloud Services Router 1000V devices allows local users to execute arbitrary commands with root privileges by leveraging a… | |||
| CVE-2015-6857 | high | — | 7.2 | 11y ago | Unspecified vulnerability in Virtual Table Server (VTS) in HP LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-3138. | |||
| CVE-2015-7985 | high | — | 7.2 | 11y ago | Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. | |||
| CVE-2015-7866 | high | — | 7.2 | 11y ago | Unquoted Windows search path vulnerability in the Smart Maximize Helper (nvSmartMaxApp.exe) in the Control Panel in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 bef… | |||
| CVE-2015-7496 | high | — | 7.2 | 11y ago | GNOME Display Manager (gdm) before 3.18.2 allows physically proximate attackers to bypass the lock screen by holding the Escape key. |