2015 CVEs
8779 CVEs published in 2015. 537 critical, 1003 high. Browse by vendor, severity, or with PoCs.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2015-0565 | Critical | 10.0 | 2020-02-25 | NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible. |
CVE-2015-9280 | Critical | 10.0 | 2019-01-16 | MailEnable before 8.60 allows XXE via an XML document in the request.aspx Options parameter. |
CVE-2015-2692 | Critical | 10.0 | 2017-06-08 | AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters. |
CVE-2015-8556 | Critical | 10.0 | 2017-03-24 | Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. |
CVE-2015-8974 | Critical | 10.0 | 2017-01-31 | SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and My… |
CVE-2015-7425 | Critical | 10.0 | 2016-02-21 | The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protec… |
CVE-2015-8747 | Critical | 10.0 | 2016-02-03 | The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. |
CVE-2015-8396 | Critical | 10.0 | 2016-01-12 | Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before… |
CVE-2015-8659 | Critical | 10.0 | 2016-01-12 | The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. |
CVE-2015-7541 | Critical | 10.0 | 2016-01-08 | The initialize method in the Histogram class in lib/colorscore/histogram.rb in the colorscore gem before 0.0.5 for Ruby allows context-dependent attackers to e… |
CVE-2015-7426 | Critical | 10.0 | 2016-01-02 | The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Vi… |
CVE-2015-8459 | Critical | 10.0 | 2015-12-28 | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Ado… |
CVE-2015-7930 | Critical | 10.0 | 2015-12-24 | Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified ve… |
CVE-2015-8267 | Critical | 10.0 | 2015-12-24 | The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote… |
CVE-2015-7919 | Critical | 10.0 | 2015-12-21 | SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecifie… |
CVE-2015-8104 | Critical | 10.0 | 2015-11-16 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by… |
CVE-2015-0987 | Critical | 10.0 | 2015-10-06 | Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remot… |
CVE-2015-2079 | Critical | 9.9 | 2025-04-28 | Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form o… |
CVE-2015-5951 | Critical | 9.9 | 2020-01-06 | A file upload issue exists in the specid parameter in Thomson Reuters FATCH before 5.2, which allows malicious users to upload arbitrary PHP files to the web r… |
CVE-2015-7411 | Critical | 9.9 | 2016-03-12 | The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 through FP5, and 6.3.0 through FP6 allows remote authenticated users to gain privileg… |