CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-1592 | high | — | 8.5 | 11y ago | Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and Advanced 6.0.x before 6.0.7 does not properly use the Perl Storable::thaw function, which allows remote attackers to include and … | |||
| CVE-2015-1587 | high | — | 8.5 | 11y ago | Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file w… | |||
| CVE-2015-1499 | high | — | 8.5 | 12y ago | The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | |||
| CVE-2015-1471 | high | — | 8.5 | 12y ago | SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI. | |||
| CVE-2015-1576 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.… | |||
| CVE-2015-1518 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. | |||
| CVE-2015-1172 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code … | |||
| CVE-2015-1467 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Translations in Fork CMS before 3.8.6 allow remote authenticated users to execute arbitrary SQL commands via the (1) language[] or (2) type[] parameter to pr… | |||
| CVE-2015-1477 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/… | |||
| CVE-2015-1476 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) pa… | |||
| CVE-2015-1428 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authe… | |||
| CVE-2015-1400 | high | — | 8.5 | 12y ago | SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter. | |||
| CVE-2015-1375 | high | — | 8.5 | 12y ago | pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files. | |||
| CVE-2015-1372 | high | — | 8.5 | 12y ago | SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote attackers to execute arbitrary SQL commands via the p parameter in an update action to admin.php. | |||
| CVE-2015-1371 | high | — | 8.5 | 12y ago | Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct… | |||
| CVE-2015-1364 | high | — | 8.5 | 12y ago | SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username … | |||
| CVE-2015-1362 | high | — | 8.5 | 12y ago | Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot 4.7.2 allows remote attackers to execute arbitrary code via a long string in the maker element in an XML file. | |||
| CVE-2015-0307 | high | — | 8.5 | 12y ago | Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.27… | |||
| CVE-2015-0919 | high | — | 8.5 | 12y ago | Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter… | |||
| CVE-2015-7551 | high | 8.4 | 8.4 | 10y ago | The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby before 2.0.0-p648, 2.1 before 2.1.8, and 2.2 before 2.2.4, as distributed in Apple OS X before 10.11.4 and other products, mishandles … | |||
| CVE-2015-6566 | high | 8.4 | 8.4 | 11y ago | zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*. | |||
| CVE-2015-6862 | high | 8.4 | 8.4 | 11y ago | HPE UCMDB Browser before 4.02 allows remote attackers to obtain sensitive information or bypass intended access restrictions via unspecified vectors. | |||
| CVE-2015-6860 | high | 8.4 | 8.4 | 11y ago | HPE Network Switches with software 15.16.x and 15.17.x allow local users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2015-6859. | |||
| CVE-2015-7430 | high | 8.4 | 8.4 | 11y ago | The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for IBM Spectrum Scale and General Parallel File System (GPFS) allows local users to read or write to arbitrary GPFS data via unspecif… | |||
| CVE-2015-6850 | high | 8.4 | 8.4 | 11y ago | EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a default password for the root account, which allows local users to gain privileges by leveraging a login session. | |||
| CVE-2015-6023 | high | 7.3 | 8.3 | 9y ago | ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE:… | |||
| CVE-2015-8973 | high | 8.3 | 8.3 | 10y ago | xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remote attackers to bypass intended access restrictions via vectors related to… | |||
| CVE-2015-7521 | high | 8.3 | 8.3 | 11y ago | High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service | |||
| CVE-2015-8765 | high | 8.3 | 8.3 | 11y ago | Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, 5.1.x before 5.1.3 Hotfix 1106041, and 5.3.x before 5.3.1 Hotfix 1106041 allow remote attackers to execute arbitrary code via a craft… | |||
| CVE-2015-8663 | high | 8.3 | 8.3 | 11y ago | The ff_get_buffer function in libavcodec/utils.c in FFmpeg before 2.8.4 preserves width and height values after a failure, which allows remote attackers to cause a denial of service (out-of-bounds ar… | |||
| CVE-2015-8661 | high | 8.3 | 8.3 | 11y ago | The h264_slice_header_init function in libavcodec/h264_slice.c in FFmpeg before 2.8.3 does not validate the relationship between the number of threads and the number of slices, which allows remote at… | |||
| CVE-2015-6481 | high | 8.3 | 8.3 | 11y ago | The login function in the RequestController class in Moxa OnCell Central Manager before 2.2 has a hardcoded root password, which allows remote attackers to obtain administrative access via a login se… | |||
| CVE-2015-6480 | high | 8.3 | 8.3 | 11y ago | The MessageBrokerServlet servlet in Moxa OnCell Central Manager before 2.2 does not require authentication, which allows remote attackers to obtain administrative access via a command, as demonstrate… | |||
| CVE-2015-6547 | high | — | 8.3 | 11y ago | The management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allows remote authenticated users to execute arbitrary commands at boot time via unspecified v… | |||
| CVE-2015-2904 | high | — | 8.3 | 11y ago | Actiontec GT784WN modems with firmware before NCS01-1.0.13 have hardcoded credentials, which makes it easier for remote attackers to obtain root access by connecting to the web administration interfa… | |||
| CVE-2015-5611 | high | — | 8.3 | 11y ago | Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles (FCA) from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehi… | |||
| CVE-2015-2233 | high | — | 8.3 | 11y ago | Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 does not properly validate CA chains during signature validation, which allows man-in-the-middle attackers to upload and ex… | |||
| CVE-2015-0675 | high | — | 8.3 | 11y ago | The failover ipsec implementation in Cisco Adaptive Security Appliance (ASA) Software 9.1 before 9.1(6), 9.2 before 9.2(3.3), and 9.3 before 9.3(3) does not properly validate failover communication m… | |||
| CVE-2015-2247 | high | — | 8.3 | 11y ago | Unspecified vulnerability in Boosted Boards skateboards allows physically proximate attackers to modify skateboard movement, cause human injury, or cause physical damage via vectors related to an "in… | |||
| CVE-2015-5533 | high | 7.2 | 8.2 | 9y ago | SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep… | |||
| CVE-2015-7714 | high | 7.2 | 8.2 | 9y ago | Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in… | |||
| CVE-2015-7570 | high | 7.2 | 8.2 | 9y ago | Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb… | |||
| CVE-2015-8813 | high | 8.2 | 8.2 | 9y ago | Umbraco CMS vulnerable to CSRF | |||
| CVE-2015-1000002 | high | 8.2 | 8.2 | 10y ago | Open Proxy in filedownload v1.4 wordpress plugin | |||
| CVE-2015-8550 | high | 8.2 | 8.2 | 10y ago | Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend… | |||
| CVE-2015-8397 | high | 8.2 | 8.2 | 11y ago | The JPEGLSCodec::DecodeExtent function in MediaStorageAndFileFormat/gdcmJPEGLSCodec.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows remote attackers to obtain sensitive information from proces… | |||
| CVE-2015-4027 | high | — | 8.2 | 11y ago | The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner (WVS) before 10 build 20151125 allows local users to gain privileges via a command parameter in the reporttemplate property in a p… | |||
| CVE-2015-7108 | high | — | 8.2 | 11y ago | The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-7106 | high | — | 8.2 | 11y ago | The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2015-7084 | high | — | 8.2 | 11y ago | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified… | |||
| CVE-2015-7083 | high | — | 8.2 | 11y ago | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified… | |||
| CVE-2015-7078 | high | — | 8.2 | 11y ago | Use-after-free vulnerability in Hypervisor in Apple OS X before 10.11.2 allows local users to gain privileges via vectors involving VM objects. | |||
| CVE-2015-7077 | high | — | 8.2 | 11y ago | The Intel Graphics Driver component in Apple OS X before 10.11.2 allows local users to gain privileges or cause a denial of service (out-of-bounds memory access) via unspecified vectors. | |||
| CVE-2015-7047 | high | — | 8.2 | 11y ago | The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows local users to gain privileges via a crafted mach message that is misparsed. | |||
| CVE-2015-6174 | high | — | 8.2 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and… | |||
| CVE-2015-6173 | high | — | 8.2 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and… | |||
| CVE-2015-6171 | high | — | 8.2 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and… | |||
| CVE-2015-6133 | high | — | 8.2 | 11y ago | Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle library loading, which allows local users to gain privileges via a c… | |||
| CVE-2015-6132 | high | — | 8.2 | 11y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandl… | |||
| CVE-2015-6128 | high | — | 8.2 | 11y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Libra… | |||
| CVE-2015-7985 | high | — | 8.2 | 11y ago | Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. | |||
| CVE-2015-5602 | high | — | 8.2 | 11y ago | sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/… | |||
| CVE-2015-6098 | high | — | 8.2 | 11y ago | Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privile… | |||
| CVE-2015-2554 | high | — | 8.2 | 11y ago | The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows … | |||
| CVE-2015-2553 | high | — | 8.2 | 11y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandl… | |||
| CVE-2015-5889 | high | — | 8.2 | 11y ago | rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables. | |||
| CVE-2015-1338 | high | — | 8.2 | 11y ago | kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.lo… | |||
| CVE-2015-6306 | high | — | 8.2 | 11y ago | Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does not verify pathnames before installation actions, which allows local users to obtain root privileges via a crafted installation f… | |||
| CVE-2015-6305 | high | — | 8.2 | 11y ago | Untrusted search path vulnerability in the CMainThread::launchDownloader function in vpndownloader.exe in Cisco AnyConnect Secure Mobility Client 2.0 through 4.1 on Windows allows local users to gain… | |||
| CVE-2015-6923 | high | — | 8.2 | 11y ago | The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call. | |||
| CVE-2015-5465 | high | — | 8.2 | 11y ago | Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404… | |||
| CVE-2015-2528 | high | — | 8.2 | 11y ago | Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges … | |||
| CVE-2015-2527 | high | — | 8.2 | 11y ago | The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does n… | |||
| CVE-2015-2525 | high | — | 8.2 | 11y ago | Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allo… | |||
| CVE-2015-2524 | high | — | 8.2 | 11y ago | Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges … | |||
| CVE-2015-2512 | high | — | 8.2 | 11y ago | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and… | |||
| CVE-2015-2508 | high | — | 8.2 | 11y ago | The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability." | |||
| CVE-2015-2507 | high | — | 8.2 | 11y ago | The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and… | |||
| CVE-2015-5736 | high | — | 8.2 | 11y ago | The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 … | |||
| CVE-2015-3290 | high | — | 8.2 | 11y ago | arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform improperly relies on espfix64 during nested NMI processing, which allows local users to gain privileges by triggering… | |||
| CVE-2015-6565 | high | — | 8.2 | 11y ago | sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY devices, which allows local users to cause a denial of service (terminal disruption) or possibly have unspecified other impact by w… | |||
| CVE-2015-3760 | high | — | 8.2 | 11y ago | dyld in Apple OS X before 10.10.5 does not properly validate pathnames in the environment, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2015-3246 | high | — | 8.2 | 11y ago | libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (incon… | |||
| CVE-2015-2370 | high | — | 8.2 | 11y ago | The authentication implementation in the RPC subsystem in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, W… | |||
| CVE-2015-2366 | high | — | 8.2 | 11y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users t… | |||
| CVE-2015-2365 | high | — | 8.2 | 11y ago | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 201… | |||
| CVE-2015-3673 | high | — | 8.2 | 11y ago | Admin Framework in Apple OS X before 10.10.4 does not properly restrict the location of writeconfig clients, which allows local users to obtain root privileges by moving and then modifying Directory … | |||
| CVE-2015-1727 | high | — | 8.2 | 11y ago | Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Serve… | |||
| CVE-2015-1726 | high | — | 8.2 | 11y ago | Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, … | |||
| CVE-2015-1725 | high | — | 8.2 | 11y ago | Buffer overflow in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Serve… | |||
| CVE-2015-1724 | high | — | 8.2 | 11y ago | Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, … | |||
| CVE-2015-1723 | high | — | 8.2 | 11y ago | Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, … | |||
| CVE-2015-1722 | high | — | 8.2 | 11y ago | Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, … | |||
| CVE-2015-1721 | high | — | 8.2 | 11y ago | The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2,… | |||
| CVE-2015-2219 | high | — | 8.2 | 11y ago | Lenovo System Update (formerly ThinkVantage System Update) before 5.06.0034 uses predictable security tokens, which allows local users to gain privileges by sending a valid token with a command to th… | |||
| CVE-2015-1318 | high | — | 8.2 | 11y ago | The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container). | |||
| CVE-2015-0179 | high | — | 8.2 | 11y ago | Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V. | |||
| CVE-2015-2285 | high | — | 8.2 | 11y ago | The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privile… | |||
| CVE-2015-1515 | high | — | 8.2 | 11y ago | The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x002… | |||
| CVE-2015-0058 | high | — | 8.2 | 12y ago | Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted application… |