CVEs from 2015
Total
7,261
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1130 | unknown | — | 2.5 | 4y ago | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. | |||
| CVE-2015-1635 | unknown | — | 2.5 | 4y ago | Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution. | |||
| CVE-2015-2051 | unknown | — | 2.5 | 4y ago | D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |||
| CVE-2015-7450 | unknown | — | 2.5 | 4y ago | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands | |||
| CVE-2015-4852 | unknown | — | 2.5 | 5y ago | Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution. | |||
| CVE-2015-8651 | unknown | — | 1.5 | 4y ago | Integer overflow in Adobe Flash Player allows attackers to execute code. | |||
| CVE-2015-6175 | unknown | — | 1.5 | 4y ago | The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application. | |||
| CVE-2015-1671 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. | |||
| CVE-2015-2360 | unknown | — | 1.5 | 4y ago | Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS). | |||
| CVE-2015-2425 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | |||
| CVE-2015-1769 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links. | |||
| CVE-2015-0071 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site. | |||
| CVE-2015-0310 | unknown | — | 1.5 | 4y ago | Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism. | |||
| CVE-2015-5317 | unknown | — | 1.5 | 4y ago | Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages. | |||
| CVE-2015-2502 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS). | |||
| CVE-2015-5123 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | |||
| CVE-2015-1770 | unknown | — | 1.5 | 4y ago | Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document. | |||
| CVE-2015-0666 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files. | |||
| CVE-2015-4068 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service. | |||
| CVE-2015-2546 | unknown | — | 1.5 | 4y ago | The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application. | |||
| CVE-2015-2590 | unknown | — | 1.5 | 4y ago | An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution. | |||
| CVE-2015-2424 | unknown | — | 1.5 | 4y ago | Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document. | |||
| CVE-2015-4902 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment. | |||
| CVE-2015-2545 | unknown | — | 1.5 | 4y ago | Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image. | |||
| CVE-2015-1642 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document. | |||
| CVE-2015-2387 | unknown | — | 1.5 | 4y ago | ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application. | |||
| CVE-2015-1641 | unknown | — | 1.5 | 5y ago | Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context… | |||
| CVE-2015-5745 | unknown | — | — | — | Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control … | |||
| CVE-2015-20001 | unknown | — | — | — | In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range … | |||
| CVE-2015-5160 | unknown | — | — | — | libvirt before 2.2 includes Ceph credentials on the qemu command line when using RADOS Block Device (aka RBD), which allows local users to obtain sensitive information via a process listing. | |||
| CVE-2015-5230 | unknown | — | — | — | The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. | |||
| CVE-2015-9289 | unknown | — | — | — | In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the usersp… | |||
| CVE-2015-9016 | unknown | — | — | — | In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead… | |||
| CVE-2015-5239 | unknown | — | — | — | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | |||
| CVE-2015-6815 | unknown | — | — | — | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of ser… | |||
| CVE-2015-5278 | unknown | — | — | — | The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors r… | |||
| CVE-2015-2309 | unknown | — | — | 2y ago | Symfony has unsafe methods in the Request class | |||
| CVE-2015-8371 | unknown | — | — | 3y ago | Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because o… | |||
| CVE-2015-8031 | unknown | — | — | 4y ago | Hudson XML API susceptible to External Entity Injection Vunerability prior to v3.3.2 | |||
| CVE-2015-5298 | unknown | — | — | 4y ago | Jenkins Google Login Plugin 1.0 and 1.1 allows anonymous users to authenticate through client-side request modification | |||
| CVE-2015-9543 | unknown | — | — | 4y ago | An issue was discovered in OpenStack Nova before 18.2.4, 19.x before 19.1.0, and 20.x before 20.1.0. It can leak consoleauth tokens into log files. An attacker with read access to the service's logs … | |||
| CVE-2015-1809 | unknown | — | — | 4y ago | XML external entity (XXE) vulnerability in Jenkins | |||
| CVE-2015-1811 | unknown | — | — | 4y ago | XML external entity (XXE) vulnerability in Jenkins | |||
| CVE-2015-6420 | unknown | — | — | 6y ago | Insecure Deserialization in Apache Commons Collection | |||
| CVE-2015-7559 | unknown | — | — | 7y ago | Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ |