CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7755 | unknown | — | 2.5 | 8mo ago | Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device. | |||
| CVE-2015-2291 | unknown | — | 2.5 | 3y ago | Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS). | |||
| CVE-2015-0016 | unknown | — | 2.5 | 4y ago | Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges. | |||
| CVE-2015-4495 | unknown | — | 2.5 | 4y ago | Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. | |||
| CVE-2015-1427 | unknown | — | 2.5 | 4y ago | The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. | |||
| CVE-2015-0313 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-0311 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-3113 | unknown | — | 2.5 | 4y ago | Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-5122 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | |||
| CVE-2015-2426 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. | |||
| CVE-2015-2419 | unknown | — | 2.5 | 4y ago | JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2015-1187 | unknown | — | 2.5 | 4y ago | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. | |||
| CVE-2015-3035 | unknown | — | 2.5 | 4y ago | Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. | |||
| CVE-2015-7645 | unknown | — | 2.5 | 4y ago | Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file. | |||
| CVE-2015-3043 | unknown | — | 2.5 | 4y ago | A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution. | |||
| CVE-2015-1701 | unknown | — | 2.5 | 4y ago | An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges. | |||
| CVE-2015-5119 | unknown | — | 2.5 | 4y ago | A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution. | |||
| CVE-2015-1635 | unknown | — | 2.5 | 4y ago | Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution. | |||
| CVE-2015-2051 | unknown | — | 2.5 | 4y ago | D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |||
| CVE-2015-1130 | unknown | — | 2.5 | 4y ago | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. | |||
| CVE-2015-7450 | unknown | — | 2.5 | 5y ago | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands | |||
| CVE-2015-4852 | unknown | — | 2.5 | 5y ago | Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution. |