CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-0308 | critical | — | 10.0 | 12y ago | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windo… | |||
| CVE-2015-0306 | critical | — | 10.0 | 12y ago | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27… | |||
| CVE-2015-0304 | critical | — | 10.0 | 12y ago | Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows… | |||
| CVE-2015-0303 | critical | — | 10.0 | 12y ago | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27… | |||
| CVE-2015-0301 | critical | — | 10.0 | 12y ago | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27… | |||
| CVE-2015-0014 | critical | — | 10.0 | 12y ago | Buffer overflow in the Telnet service in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold … | |||
| CVE-2015-7411 | critical | 9.9 | 9.9 | 10y ago | The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileges via unspecified vectors. | |||
| CVE-2015-7926 | critical | 9.9 | 9.9 | 11y ago | eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL. | |||
| CVE-2015-7669 | critical | 9.8 | 9.8 | 9y ago | Multiple directory traversal vulnerabilities in (1) includes/MapImportCSV2.php and (2) includes/MapImportCSV.php in the Easy2Map plugin before 1.3.0 for WordPress allow remote attackers to include an… | |||
| CVE-2015-6237 | critical | 9.8 | 9.8 | 9y ago | The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 before 7.2.6 allows remote attackers to bypass authentication and (1) enumerate users, (2) reset passwords, or (3) manipulate IP… | |||
| CVE-2015-7224 | critical | 9.8 | 9.8 | 9y ago | puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host… | |||
| CVE-2015-7501 | critical | 9.8 | 9.8 | 9y ago | Deserialization of Untrusted Data in Apache commons collections | |||
| CVE-2015-9245 | critical | 9.8 | 9.8 | 9y ago | Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via… | |||
| CVE-2015-3249 | critical | 9.8 | 9.8 | 9y ago | The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.1 allows remote attackers to cause a denial of service (out-of-bounds access and daemon crash) or possibly execute arbitrary … | |||
| CVE-2015-5172 | critical | 9.8 | 9.8 | 9y ago | Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password | |||
| CVE-2015-5171 | critical | 9.8 | 9.8 | 9y ago | Cloud Foundry Runtime Insufficient Session Expiration vulnerability | |||
| CVE-2015-5740 | critical | 9.8 | 9.8 | 9y ago | Request smuggling due to improper header parsing in net/http | |||
| CVE-2015-5739 | critical | 9.8 | 9.8 | 9y ago | Request smuggling due to improper header parsing in net/http | |||
| CVE-2015-5376 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in the login form in GSI WiNPAT Portal 3.2.0.1001 through 3.6.1.0 allows remote attackers to execute arbitrary SQL commands via the username field. | |||
| CVE-2015-7806 | critical | 9.8 | 9.8 | 9y ago | Eval injection vulnerability in the fm_saveHelperGatherItems function in ajax.php in the Form Manager plugin before 1.7.3 for WordPress allows remote attackers to execute arbitrary code via unspecifi… | |||
| CVE-2015-7687 | critical | 9.8 | 9.8 | 9y ago | Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via vectors involving req_ca_vrfy_smtp and req_ca_vrfy_mt… | |||
| CVE-2015-4650 | critical | 9.8 | 9.8 | 9y ago | Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote attackers to gain shell access and execute arbitrary code with root privileges via unspecified vectors. | |||
| CVE-2015-2146 | critical | 9.8 | 9.8 | 9y ago | Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to project.php, the (2) group_id pa… | |||
| CVE-2015-7841 | critical | 9.8 | 9.8 | 9y ago | The login page of the server on Huawei FusionServer rack servers RH2288 V3 with software before V100R003C00SPC603, RH2288H V3 with software before V100R003C00SPC503, XH628 V3 with software before V10… | |||
| CVE-2015-7670 | critical | 9.8 | 9.8 | 9y ago | Multiple SQL injection vulnerabilities in includes/update.php in the Support Ticket System plugin before 1.2.1 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user … | |||
| CVE-2015-7390 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in TestLink before 1.9.14 allows remote attackers to execute arbitrary SQL commands via the apikey parameter to lnl.php. | |||
| CVE-2015-8707 | critical | 9.8 | 9.8 | 9y ago | Password reset tokens in Magento CE before 1.9.2.2, and Magento EE before 1.14.2.2 are passed via a GET request and not canceled after use, which allows remote attackers to obtain user passwords via … | |||
| CVE-2015-7510 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the getpwnam and getgrnam functions of the NSS module nss-mymachines in systemd. | |||
| CVE-2015-5284 | critical | 9.8 | 9.8 | 9y ago | ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate and private key in /etc/httpd/alias/kra-agent.pem, which is world readable. | |||
| CVE-2015-6673 | critical | 9.8 | 9.8 | 9y ago | Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. | |||
| CVE-2015-3431 | critical | 9.8 | 9.8 | 9y ago | Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to execute arbitrary commands via unspecified vectors, aka "Pydio OS Command Injection Vulnerabilities." | |||
| CVE-2015-5206 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5168. | |||
| CVE-2015-5168 | critical | 9.8 | 9.8 | 9y ago | Unspecified vulnerability in the HTTP/2 experimental feature in Apache Traffic Server 5.3.x before 5.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2015-5206. | |||
| CVE-2015-4689 | critical | 9.8 | 9.8 | 9y ago | Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows remote attackers to reset arbitrary passwords via unspecified vectors, aka "Weak Password Reset." | |||
| CVE-2015-7877 | critical | 9.8 | 9.8 | 9y ago | Multiple SQL injection vulnerabilities in the User Dashboard module 7.x before 7.x-1.4 for Drupal allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5052 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in Sefrengo before 1.6.5 beta2. | |||
| CVE-2015-4629 | critical | 9.8 | 9.8 | 9y ago | Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to read device configuration information, enable PIN/PUK authentication, and perform other unspecified actions. | |||
| CVE-2015-4627 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in Pragyan CMS 3.0. | |||
| CVE-2015-3991 | critical | 9.8 | 9.8 | 9y ago | strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code. | |||
| CVE-2015-3442 | critical | 9.8 | 9.8 | 9y ago | Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call. | |||
| CVE-2015-5959 | critical | 9.8 | 9.8 | 9y ago | Froxlor before 0.9.33.2 with the default configuration/setup might allow remote attackers to obtain the database password by reading /logs/sql-error.log. | |||
| CVE-2015-7746 | critical | 9.8 | 9.8 | 9y ago | NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows remote attackers to bypass authentication and (1) obtain sensitive information from or (2) modify volumes via vectors related to UTF-8… | |||
| CVE-2015-7700 | critical | 9.8 | 9.8 | 9y ago | Double-free vulnerability in the sPLT chunk structure and png.c in pngcrush before 1.7.87 allows attackers to have unspecified impact via unknown vectors. | |||
| CVE-2015-8299 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in the Group messages monitor (Falcon) in KNX ETS 4.1.5 (Build 3246) allows remote attackers to execute arbitrary code via a crafted KNXnet/IP UDP packet. | |||
| CVE-2015-7517 | critical | 9.8 | 9.8 | 9y ago | Multiple SQL injection vulnerabilities in the Double Opt-In for Download plugin before 2.0.9 for WordPress allow remote attackers to execute arbitrary SQL commands via the ver parameter to (1) class-… | |||
| CVE-2015-1430 | critical | 9.8 | 9.8 | 9y ago | Buffer overflow in xymon 4.3.17-1. | |||
| CVE-2015-1401 | critical | 9.8 | 9.8 | 9y ago | Improper Authentication vulnerability in the "LDAP / SSO Authentication" (ig_ldap_sso_auth) extension 2.0.0 for TYPO3. | |||
| CVE-2015-1801 | critical | 9.8 | 9.8 | 9y ago | The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. | |||
| CVE-2015-5224 | critical | 9.8 | 9.8 | 9y ago | The mkostemp function in login-utils in util-linux when used incorrectly allows remote attackers to cause file name collision and possibly other attacks. | |||
| CVE-2015-6473 | critical | 9.8 | 9.8 | 9y ago | WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain privilege separation. | |||
| CVE-2015-6472 | critical | 9.8 | 9.8 | 9y ago | WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO 758-870 have weak credential management. | |||
| CVE-2015-9073 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. | |||
| CVE-2015-9072 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. | |||
| CVE-2015-9071 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. | |||
| CVE-2015-9070 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. | |||
| CVE-2015-9069 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. | |||
| CVE-2015-9068 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated. | |||
| CVE-2015-9067 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed. | |||
| CVE-2015-9066 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure. | |||
| CVE-2015-9065 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. | |||
| CVE-2015-9064 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated. | |||
| CVE-2015-9063 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. | |||
| CVE-2015-9062 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file. | |||
| CVE-2015-9061 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory. | |||
| CVE-2015-9060 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call. | |||
| CVE-2015-9055 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. | |||
| CVE-2015-9054 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding. | |||
| CVE-2015-9053 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM. | |||
| CVE-2015-9052 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. | |||
| CVE-2015-9051 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Inform… | |||
| CVE-2015-9050 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. | |||
| CVE-2015-9049 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. | |||
| CVE-2015-9048 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. | |||
| CVE-2015-9047 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. | |||
| CVE-2015-9046 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency lis… | |||
| CVE-2015-9045 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. | |||
| CVE-2015-9044 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency lis… | |||
| CVE-2015-9043 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. | |||
| CVE-2015-9042 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message. | |||
| CVE-2015-9041 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning. | |||
| CVE-2015-9040 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API. | |||
| CVE-2015-9039 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. | |||
| CVE-2015-9038 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end. | |||
| CVE-2015-9037 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. | |||
| CVE-2015-9036 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted. | |||
| CVE-2015-9035 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion. | |||
| CVE-2015-9034 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow. | |||
| CVE-2015-8596 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. | |||
| CVE-2015-8595 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. | |||
| CVE-2015-8594 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. | |||
| CVE-2015-8593 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. | |||
| CVE-2015-8592 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. | |||
| CVE-2015-4464 | critical | 9.8 | 9.8 | 9y ago | Kguard Digital Video Recorder 104, 108, v2 does not have any authorization or authentication between an ActiveX client and the application server. | |||
| CVE-2015-0575 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. | |||
| CVE-2015-0574 | critical | 9.8 | 9.8 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. | |||
| CVE-2015-1817 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the inet_pton function in network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0 through 1.1.7 allows attackers to have unspecified impact via unknown vectors. | |||
| CVE-2015-3616 | critical | 9.8 | 9.8 | 9y ago | SQL injection vulnerability in Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows remote attackers to execute arbitrary commands via unspecified parameters. | |||
| CVE-2015-6816 | critical | 9.8 | 9.8 | 9y ago | ganglia-web before 3.7.1 allows remote attackers to bypass authentication. | |||
| CVE-2015-2311 | critical | 9.8 | 9.8 | 9y ago | Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 might allow remote peers to cause a denial of service or possibly obtain sensitive information from memory or execut… | |||
| CVE-2015-0786 | critical | 9.8 | 9.8 | 9y ago | Stack-based buffer overflow in the logging functionality in the Preboot Policy service in Novell ZENworks Configuration Management (ZCM) allows remote attackers to execute arbitrary code via unspecif… |