CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-2828 | critical | — | 9.0 | 11y ago | CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate serialized Java objects, which allows remote authenticated users to obtain administrative privileges via crafted object data. | |||
| CVE-2015-0635 | critical | — | 9.0 | 11y ago | The Autonomic Networking Infrastructure (ANI) implementation in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.10.xS through 3.13.xS before 3.13.1S allows remote attackers to spoof Aut… | |||
| CVE-2015-0980 | critical | — | 9.0 | 11y ago | Format string vulnerability in BACnOPCServer.exe in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via format string spec… | |||
| CVE-2015-0979 | critical | — | 9.0 | 11y ago | Heap-based buffer overflow in the SOAP web interface in SCADA Engine BACnet OPC Server before 2.1.371.24 allows remote attackers to execute arbitrary code via a crafted packet. | |||
| CVE-2015-0518 | critical | — | 9.0 | 12y ago | The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to obtain superuser pri… | |||
| CVE-2015-0589 | critical | — | 9.0 | 12y ago | The administrative web interface in Cisco WebEx Meetings Server 1.0 through 1.5 allows remote authenticated users to execute arbitrary OS commands with root privileges via unspecified fields, aka Bug… | |||
| CVE-2015-1469 | critical | — | 9.0 | 12y ago | time.htm in the web interface on SerVision HVG Video Gateway devices with firmware through 2.2.26a100 allows remote authenticated users to gain privileges by leveraging a cookie received in an HTTP r… |