CVEs from 2015
Total
7,323
critical
critical 1,307
high
high 1,666
medium
medium 3,617
low
low 553
% Critical
17.8%
% with KEV
0.6%
% with exploit
0.6%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2015-7755 | unknown | — | 1.5 | 8mo ago | Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device. | |
| CVE-2015-2291 | unknown | — | 1.5 | 3y ago | Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS). | |
| CVE-2015-0071 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site. | |
| CVE-2015-0310 | unknown | — | 1.5 | 4y ago | Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism. | |
| CVE-2015-4495 | unknown | — | 1.5 | 4y ago | Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. | |
| CVE-2015-8651 | unknown | — | 1.5 | 4y ago | Integer overflow in Adobe Flash Player allows attackers to execute code. | |
| CVE-2015-2360 | unknown | — | 1.5 | 4y ago | Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS). | |
| CVE-2015-6175 | unknown | — | 1.5 | 4y ago | The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application. | |
| CVE-2015-0016 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges. | |
| CVE-2015-1769 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links. | |
| CVE-2015-2425 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | |
| CVE-2015-1671 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. | |
| CVE-2015-1427 | unknown | — | 1.5 | 4y ago | The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. | |
| CVE-2015-5317 | unknown | — | 1.5 | 4y ago | Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages. | |
| CVE-2015-5123 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | |
| CVE-2015-2502 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS). | |
| CVE-2015-5122 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | |
| CVE-2015-0313 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. | |
| CVE-2015-0311 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. | |
| CVE-2015-3113 | unknown | — | 1.5 | 4y ago | Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. | |
| CVE-2015-1770 | unknown | — | 1.5 | 4y ago | Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document. | |
| CVE-2015-2426 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. | |
| CVE-2015-2419 | unknown | — | 1.5 | 4y ago | JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |
| CVE-2015-1187 | unknown | — | 1.5 | 4y ago | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. | |
| CVE-2015-4068 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service. | |
| CVE-2015-0666 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files. | |
| CVE-2015-3035 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. | |
| CVE-2015-2546 | unknown | — | 1.5 | 4y ago | The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application. | |
| CVE-2015-1701 | unknown | — | 1.5 | 4y ago | An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges. | |
| CVE-2015-7645 | unknown | — | 1.5 | 4y ago | Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file. | |
| CVE-2015-2424 | unknown | — | 1.5 | 4y ago | Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document. | |
| CVE-2015-2545 | unknown | — | 1.5 | 4y ago | Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image. | |
| CVE-2015-2590 | unknown | — | 1.5 | 4y ago | An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution. | |
| CVE-2015-4902 | unknown | — | 1.5 | 4y ago | Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment. | |
| CVE-2015-5119 | unknown | — | 1.5 | 4y ago | A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution. | |
| CVE-2015-3043 | unknown | — | 1.5 | 4y ago | A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution. | |
| CVE-2015-2387 | unknown | — | 1.5 | 4y ago | ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application. | |
| CVE-2015-1642 | unknown | — | 1.5 | 4y ago | Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document. | |
| CVE-2015-1635 | unknown | — | 1.5 | 4y ago | Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution. | |
| CVE-2015-1130 | unknown | — | 1.5 | 4y ago | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. | |
| CVE-2015-2051 | unknown | — | 1.5 | 4y ago | D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |
| CVE-2015-7450 | unknown | — | 1.5 | 4y ago | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands | |
| CVE-2015-4852 | unknown | — | 1.5 | 5y ago | Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution. | |
| CVE-2015-1641 | unknown | — | 1.5 | 5y ago | Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context… | |
| CVE-2015-4042 | unknown | — | — | — | Integer overflow in the keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 might allow attackers to cause a denial of service (application crash) or possibly have unspecified othe… | |
| CVE-2015-20109 | unknown | — | — | — | end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstra… | |
| CVE-2015-2793 | unknown | — | — | — | Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parame… | |
| CVE-2015-5316 | unknown | — | — | — | The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a de… | |
| CVE-2015-9265 | unknown | — | — | — | ||
| CVE-2015-9289 | unknown | — | — | — | In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the usersp… | |
| CVE-2015-10141 | unknown | — | — | — | An unauthenticated OS command injection vulnerability exists within Xdebug versions 2.5.5 and earlier, a PHP debugging extension developed by Derick Rethans. When remote debugging is enabled, Xdebug … | |
| CVE-2015-1877 | unknown | — | — | — | The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands… | |
| CVE-2015-5278 | unknown | — | — | — | The ne2000_receive function in hw/net/ne2000.c in QEMU before 2.4.0.1 allows attackers to cause a denial of service (infinite loop and instance crash) or possibly execute arbitrary code via vectors r… | |
| CVE-2015-5239 | unknown | — | — | — | Integer overflow in the VNC display driver in QEMU before 2.1.0 allows attachers to cause a denial of service (process crash) via a CLIENT_CUT_TEXT message, which triggers an infinite loop. | |
| CVE-2015-6815 | unknown | — | — | — | The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4.0.1 does not properly process transmit descriptor data when sending a network packet, which allows attackers to cause a denial of ser… | |
| CVE-2015-7848 | unknown | — | — | — | An integer overflow can occur in NTP-dev.4.3.70 leading to an out-of-bounds memory copy operation when processing a specially crafted private mode packet. The crafted packet needs to have the correct… | |
| CVE-2015-0843 | unknown | — | — | — | yubiserver before 0.6 is prone to buffer overflows due to misuse of sprintf. | |
| CVE-2015-0796 | unknown | — | — | — | In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow bu… | |
| CVE-2015-20001 | unknown | — | — | — | In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range … | |
| CVE-2015-1853 | unknown | — | — | — | chrony before 1.31.1 does not properly protect state variables in authenticated symmetric NTP associations, which allows remote attackers with knowledge of NTP peering to cause a denial of service (i… | |
| CVE-2015-4041 | unknown | — | — | — | The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, wh… | |
| CVE-2015-1142857 | unknown | — | — | — | ||
| CVE-2015-0837 | unknown | — | — | — | The mpi_powm function in Libgcrypt before 1.6.3 and GnuPG before 1.4.19 allows attackers to obtain sensitive information by leveraging timing differences when accessing a pre-computed table during mo… | |
| CVE-2015-5966 | unknown | — | — | — | ||
| CVE-2015-9262 | unknown | — | — | — | _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. | |
| CVE-2015-9016 | unknown | — | — | — | In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead… | |
| CVE-2015-9290 | unknown | — | — | — | In FreeType before 2.6.1, a buffer over-read occurs in type1/t1parse.c on function T1_Get_Private_Dict where there is no check that the new values of cur and limit are sensible before going to Again. | |
| CVE-2015-1396 | unknown | — | — | — | A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an in… | |
| CVE-2015-1416 | unknown | — | — | — | Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 before 10.2-BETA2-p2, and 10.1 before 10.1-RELEASE-p16; Bitrig; GNU patch before 2.2.5; and possibly other patch variants allow … | |
| CVE-2015-9274 | unknown | — | — | — | HarfBuzz before 1.0.4 allows remote attackers to cause a denial of service (invalid read of two bytes and application crash) because of GPOS and GSUB table mishandling, related to hb-ot-layout-gpos-t… | |
| CVE-2015-5230 | unknown | — | — | — | The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets. | |
| CVE-2015-7542 | unknown | — | — | — | A vulnerability exists in libgwenhywfar through 4.12.0 due to the usage of outdated bundled CA certificates. | |
| CVE-2015-2929 | unknown | — | — | — | The Hidden Service (HS) client implementation in Tor before 0.2.4.27, 0.2.5.x before 0.2.5.12, and 0.2.6.x before 0.2.6.7 allows remote servers to cause a denial of service (assertion failure and app… | |
| CVE-2015-7747 | unknown | — | — | — | Buffer overflow in the afReadFrames function in audiofile (aka libaudiofile and Audio File Library) allows user-assisted remote attackers to cause a denial of service (program crash) or possibly exec… | |
| CVE-2015-5745 | unknown | — | — | — | Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control … | |
| CVE-2015-7851 | unknown | — | — | — | Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such … | |
| CVE-2015-7505 | unknown | — | — | — | Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitr… | |
| CVE-2015-9259 | unknown | — | — | — | In Docker Notary before 0.1, the checkRoot function in gotuf/client/client.go does not check expiry of root.json files, despite a comment stating that it does. Even if a user creates a new root.json … | |
| CVE-2015-10082 | unknown | — | — | — | ||
| CVE-2015-0849 | unknown | — | — | — | pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability. | |
| CVE-2015-8980 | unknown | — | — | — | The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code. | |
| CVE-2015-2060 | unknown | — | — | — | cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character … | |
| CVE-2015-9381 | unknown | — | — | — | FreeType before 2.6.1 has a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c. | |
| CVE-2015-1607 | unknown | — | — | — | kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (inval… | |
| CVE-2015-0294 | unknown | — | — | — | GnuTLS before 3.3.13 does not validate that the signature algorithms match when importing a certificate. | |
| CVE-2015-1208 | unknown | — | — | — | Integer underflow in the mov_read_default function in libavformat/mov.c in FFmpeg before 2.4.6 allows remote attackers to obtain sensitive information from heap and/or stack memory via a crafted MP4 … | |
| CVE-2015-2320 | unknown | — | — | — | The TLS stack in Mono before 3.12.1 allows remote attackers to have unspecified impact via vectors related to client-side SSLv2 fallback. | |
| CVE-2015-2318 | unknown | — | — | — | The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers to conduct message skipping attacks and consequently impersonate clients by leveraging missing handshake state validation, aka a… | |
| CVE-2015-9261 | unknown | — | — | — | huft_build in archival/libarchive/decompress_gunzip.c in BusyBox before 1.27.2 misuses a pointer, causing segfaults and an application crash during an unzip operation on a specially crafted ZIP file. | |
| CVE-2015-0841 | unknown | — | — | — | Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line. | |
| CVE-2015-1606 | unknown | — | — | — | The keyring DB in GnuPG before 2.1.2 does not properly handle invalid packets, which allows remote attackers to cause a denial of service (invalid read and use-after-free) via a crafted keyring file. | |
| CVE-2015-9542 | unknown | — | — | — | add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy(). An attacker could … | |
| CVE-2015-3406 | unknown | — | — | — | The PGP signature parsing in Module::Signature before 0.74 allows remote attackers to cause the unsigned portion of a SIGNATURE file to be treated as the signed portion via unspecified vectors. | |
| CVE-2015-8313 | unknown | — | — | — | GnuTLS incorrectly validates the first byte of padding in CBC modes | |
| CVE-2015-2319 | unknown | — | — | — | The TLS stack in Mono before 3.12.1 makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different v… | |
| CVE-2015-7506 | unknown | — | — | — | The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted LZW stream in a GIF … | |
| CVE-2015-7507 | unknown | — | — | — | libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function. | |
| CVE-2015-7810 | unknown | — | — | — | libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files | |
| CVE-2015-5297 | unknown | — | — | — | An integer overflow issue has been reported in the general_composite_rect() function in pixman prior to version 0.32.8. An attacker could exploit this issue to cause an application using pixman to cr… | |
| CVE-2015-0842 | unknown | — | — | — | yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass. |