2015 CVEs

8779 CVEs published in 2015. 537 critical, 1003 high. Browse by vendor, severity, or with PoCs.

Top CVEs published in 2015
CVESeverityScorePublishedSummary
CVE-2015-0565Critical10.02020-02-25NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
CVE-2015-9280Critical10.02019-01-16MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter.
CVE-2015-2692Critical10.02017-06-08AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters.
CVE-2015-8556Critical10.02017-03-24Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.
CVE-2015-8974Critical10.02017-01-31SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and My…
CVE-2015-7425Critical10.02016-02-21The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protec…
CVE-2015-8747Critical10.02016-02-03The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name.
CVE-2015-8396Critical10.02016-01-12Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before…
CVE-2015-8659Critical10.02016-01-12The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug.
CVE-2015-7541Critical10.02016-01-08The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to e…
CVE-2015-7426Critical10.02016-01-02The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Vi…
CVE-2015-8459Critical10.02015-12-28Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Ado…
CVE-2015-7930Critical10.02015-12-24Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified ve…
CVE-2015-8267Critical10.02015-12-24The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote…
CVE-2015-7919Critical10.02015-12-21SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecifie…
CVE-2015-8104Critical10.02015-11-16The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by…
CVE-2015-0987Critical10.02015-10-06Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remot…
CVE-2015-2079Critical9.92025-04-28Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form o…
CVE-2015-5951Critical9.92020-01-06A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web r…
CVE-2015-7411Critical9.92016-03-12The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileg…