CVEs from 2015
Total
7,267
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
2.2%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0777 | low | — | 2.1 | 11y ago | drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows … | |||
| CVE-2015-2111 | low | — | 2.1 | 11y ago | Unspecified vulnerability in HP Intelligent Provisioning 1.40 through 1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain sensitive information via unknown vectors. | |||
| CVE-2015-0992 | low | — | 2.1 | 11y ago | Inductive Automation Ignition 7.7.2 stores cleartext OPC Server credentials, which allows local users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-0999 | low | — | 2.1 | 11y ago | Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 store cleartext OPC User credentials in a configuration file, which allow… | |||
| CVE-2015-0996 | low | — | 2.1 | 11y ago | Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and InTouch Machine Edition 2014 before 7.1.3.4 SP3 Patch 4 rely on a hardcoded cleartext password to control read access to Project … | |||
| CVE-2015-2157 | low | — | 2.1 | 11y ago | The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY 0.51 through 0.63 do not properly wipe SSH-2 private keys from memory, which allows local users to obtain sensitive information … | |||
| CVE-2015-0527 | low | — | 2.1 | 11y ago | EMC Documentum xCelerated Management System (xMS) 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform (xCP) prov… | |||
| CVE-2015-0136 | low | — | 2.1 | 11y ago | powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 places an access token on the command line during IVM and PowerKVM management, which allows local users to obtain sen… | |||
| CVE-2015-0146 | low | — | 2.1 | 11y ago | IBM Content Collector for Email 3.0 before 3.0.0.6-IBM-ICC-Server-IF001 and 4.0 before 4.0.0.3-IBM-ICC-Server-IF001 does not properly handle an unspecified query operator during searches of IBM FileN… | |||
| CVE-2015-2045 | low | — | 2.1 | 11y ago | The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does not properly initialize data structures, which allows local guest users to obtain sensitive information via unspecified vectors. | |||
| CVE-2015-2044 | low | — | 2.1 | 11y ago | The emulation routines for unspecified X86 devices in Xen 3.2.x through 4.5.x does not properly initialize data, which allow local HVM guest users to obtain sensitive information via vectors involvin… | |||
| CVE-2015-0094 | low | — | 2.1 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Window… | |||
| CVE-2015-0084 | low | — | 2.1 | 11y ago | The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly constrain impersonati… | |||
| CVE-2015-0077 | low | — | 2.1 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Window… | |||
| CVE-2015-1599 | low | — | 2.1 | 11y ago | The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error. | |||
| CVE-2015-1598 | low | — | 2.1 | 11y ago | The Siemens SPCanywhere application for Android does not properly store application passwords, which allows physically proximate attackers to obtain sensitive information by examining the device file… | |||
| CVE-2015-1355 | low | — | 2.1 | 11y ago | Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak password-hash algorithm, which makes it easier for local users to determine cleartext passwords by reading a project file and conducting … | |||
| CVE-2015-0519 | low | — | 2.1 | 11y ago | The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows … | |||
| CVE-2015-1345 | low | — | 2.1 | 11y ago | The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the -F option. | |||
| CVE-2015-1426 | low | — | 2.1 | 12y ago | Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata | |||
| CVE-2015-1563 | low | — | 2.1 | 12y ago | The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. | |||
| CVE-2015-1200 | low | — | 2.1 | 12y ago | Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for the output file when compressing a file before changing the permission to match the original file, which allows local users to byp… | |||
| CVE-2015-0418 | low | — | 2.1 | 12y ago | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown v… | |||
| CVE-2015-0397 | low | — | 2.1 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600. | |||
| CVE-2015-0378 | low | — | 2.1 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc. | |||
| CVE-2015-7511 | low | 2.0 | 2.0 | 10y ago | Libgcrypt before 1.6.5 does not properly perform elliptic-point curve multiplication during decryption, which makes it easier for physically proximate attackers to extract ECDH keys by measuring elec… | |||
| CVE-2015-4808 | low | — | 1.9 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In… | |||
| CVE-2015-7404 | low | — | 1.9 | 11y ago | IBM Tivoli Storage Manager for Databases: Data Protection for Microsoft SQL Server (aka Spectrum Protect for Databases) 5.5 before 5.5.6.2, 6.3 before 6.3.1.6, 6.4 before 6.4.1.8, and 7.1 before 7.1.… | |||
| CVE-2015-4766 | low | — | 1.9 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier allows local users to affect availability via unknown vectors related to Server : Security : Firewall. | |||
| CVE-2015-7829 | low | — | 1.9 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 o… | |||
| CVE-2015-3785 | low | — | 1.9 | 11y ago | The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors. | |||
| CVE-2015-2534 | low | — | 1.9 | 11y ago | Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 improperly processes ACL settings, which allows local users to bypass intended network-traffic restrictions via a crafted appl… | |||
| CVE-2015-4037 | low | — | 1.9 | 11y ago | The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creati… | |||
| CVE-2015-5960 | low | — | 1.9 | 11y ago | Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount… | |||
| CVE-2015-2662 | low | — | 1.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to DHCP Server. | |||
| CVE-2015-2580 | low | — | 1.9 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4. | |||
| CVE-2015-1901 | low | — | 1.9 | 11y ago | The installer in IBM InfoSphere Information Server 8.5 through 11.3 before 11.3.1.2 allows local users to obtain sensitive information via unspecified commands. | |||
| CVE-2015-2830 | low | — | 1.9 | 11y ago | arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protectio… | |||
| CVE-2015-1681 | low | — | 1.9 | 11y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a denia… | |||
| CVE-2015-1146 | low | — | 1.9 | 11y ago | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different v… | |||
| CVE-2015-1145 | low | — | 1.9 | 11y ago | The Code Signing implementation in Apple OS X before 10.10.3 does not properly validate signatures, which allows local users to bypass intended access restrictions via a crafted bundle, a different v… | |||
| CVE-2015-1114 | low | — | 1.9 | 11y ago | The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to discover hardware identifiers via a crafted app. | |||
| CVE-2015-1113 | low | — | 1.9 | 11y ago | The Sandbox Profiles component in Apple iOS before 8.3 allows attackers to read the (1) telephone number or (2) e-mail address of a recent contact via a crafted app. | |||
| CVE-2015-1107 | low | — | 1.9 | 11y ago | The Lock Screen component in Apple iOS before 8.3 does not properly implement the erasure feature for incorrect passcode-authentication attempts, which makes it easier for physically proximate attack… | |||
| CVE-2015-1097 | low | — | 1.9 | 11y ago | IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. | |||
| CVE-2015-1096 | low | — | 1.9 | 11y ago | IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. | |||
| CVE-2015-1094 | low | — | 1.9 | 11y ago | IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 allows attackers to obtain sensitive information about kernel memory via a crafted app. | |||
| CVE-2015-1085 | low | — | 1.9 | 11y ago | AppleKeyStore in Apple iOS before 8.3 does not properly restrict a certain passcode-confirmation interface, which makes it easier for attackers to verify correct passcode guesses via a crafted app. | |||
| CVE-2015-2152 | low | — | 1.9 | 11y ago | Xen 4.5.x and earlier enables certain default backends when emulating a VGA device for an x86 HVM guest qemu even when the configuration disables them, which allows local guest users to obtain access… | |||
| CVE-2015-1420 | low | — | 1.9 | 11y ago | Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memo… | |||
| CVE-2015-1064 | low | — | 1.9 | 11y ago | Springboard in Apple iOS before 8.2 allows physically proximate attackers to bypass an intended activation requirement and read the home screen by leveraging an application crash during the activatio… | |||
| CVE-2015-1197 | low | — | 1.9 | 11y ago | cpio 2.11, when using the --no-absolute-filenames option, allows local users to write to arbitrary files via a symlink attack on a file in an archive. | |||
| CVE-2015-0245 | low | — | 1.9 | 11y ago | D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of service … | |||
| CVE-2015-0010 | low | — | 1.9 | 12y ago | The CryptProtectMemory function in cng.sys (aka the Cryptography Next Generation driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 an… | |||
| CVE-2015-0430 | low | — | 1.9 | 12y ago | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility. | |||
| CVE-2015-0413 | low | — | 1.9 | 12y ago | Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. | |||
| CVE-2015-0001 | low | — | 1.9 | 12y ago | The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light … | |||
| CVE-2015-1798 | low | — | 1.8 | 11y ago | The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-… | |||
| CVE-2015-0875 | low | — | 1.8 | 11y ago | The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a f… | |||
| CVE-2015-4792 | low | — | 1.7 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, … | |||
| CVE-2015-1009 | low | — | 1.7 | 11y ago | Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local user… | |||
| CVE-2015-4767 | low | — | 1.7 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Security : Firewall, a different v… | |||
| CVE-2015-0498 | low | — | 1.7 | 11y ago | Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Replication. | |||
| CVE-2015-2291 | unknown | — | 1.5 | 3y ago | Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS). | |||
| CVE-2015-2360 | unknown | — | 1.5 | 4y ago | Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS). | |||
| CVE-2015-2425 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | |||
| CVE-2015-8651 | unknown | — | 1.5 | 4y ago | Integer overflow in Adobe Flash Player allows attackers to execute code. | |||
| CVE-2015-6175 | unknown | — | 1.5 | 4y ago | The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application. | |||
| CVE-2015-0310 | unknown | — | 1.5 | 4y ago | Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism. | |||
| CVE-2015-1769 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links. | |||
| CVE-2015-0071 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site. | |||
| CVE-2015-1671 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. | |||
| CVE-2015-5317 | unknown | — | 1.5 | 4y ago | Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages. | |||
| CVE-2015-2502 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS). | |||
| CVE-2015-5123 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | |||
| CVE-2015-2419 | unknown | — | 1.5 | 4y ago | JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2015-1770 | unknown | — | 1.5 | 4y ago | Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document. | |||
| CVE-2015-4068 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service. | |||
| CVE-2015-0666 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files. | |||
| CVE-2015-2546 | unknown | — | 1.5 | 4y ago | The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application. | |||
| CVE-2015-4902 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment. | |||
| CVE-2015-7645 | unknown | — | 1.5 | 4y ago | Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file. | |||
| CVE-2015-2545 | unknown | — | 1.5 | 4y ago | Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image. | |||
| CVE-2015-1642 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document. | |||
| CVE-2015-2387 | unknown | — | 1.5 | 4y ago | ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application. | |||
| CVE-2015-2424 | unknown | — | 1.5 | 4y ago | Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document. | |||
| CVE-2015-2590 | unknown | — | 1.5 | 4y ago | An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution. | |||
| CVE-2015-1641 | unknown | — | 1.5 | 5y ago | Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context… | |||
| CVE-2015-4878 | low | — | 1.5 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Ou… | |||
| CVE-2015-4877 | low | — | 1.5 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Ou… | |||
| CVE-2015-4811 | low | — | 1.5 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In… | |||
| CVE-2015-4809 | low | — | 1.5 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In… | |||
| CVE-2015-0493 | low | — | 1.5 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Ou… | |||
| CVE-2015-0474 | low | — | 1.5 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Ou… | |||
| CVE-2015-5464 | low | — | 1.3 | 11y ago | The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition. | |||
| CVE-2015-4823 | low | — | 1.2 | 11y ago | Unspecified vulnerability in the Hyperion Installation Technology component in Oracle Hyperion 11.1.2.3 allows local users to affect confidentiality via unknown vectors related to Essbase Rapid Deplo… | |||
| CVE-2015-4822 | low | — | 1.2 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2015-4831. | |||
| CVE-2015-0489 | low | — | 1.2 | 11y ago | Unspecified vulnerability in the Application Management Pack for Oracle E-Business Suite component in Oracle E-Business Suite AMP 121030 and 121020 allows local users to affect confidentiality via ve… | |||
| CVE-2015-5160 | unknown | — | — | — | libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. | |||
| CVE-2015-9289 | unknown | — | — | — | In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the usersp… |