CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7367 | high | — | 7.5 | 11y ago | Revive Adserver before 3.2.2 allows remote attackers to perform unspecified actions by leveraging an unexpired session after the user has been (1) deleted or (2) unlinked. | |||
| CVE-2015-1304 | high | — | 7.5 | 11y ago | object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Orig… | |||
| CVE-2015-1303 | high | — | 7.5 | 11y ago | bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remot… | |||
| CVE-2015-7707 | high | — | 7.5 | 11y ago | Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp. | |||
| CVE-2015-7392 | high | — | 7.5 | 11y ago | Heap-based buffer overflow in the parse_string function in libs/esl/src/esl_json.c in FreeSWITCH before 1.4.23 and 1.6.x before 1.6.2 allows remote attackers to execute arbitrary code via a trailing … | |||
| CVE-2015-5687 | high | — | 7.5 | 11y ago | system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie. | |||
| CVE-2015-5653 | high | — | 7.5 | 11y ago | Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet. | |||
| CVE-2015-2858 | high | — | 7.5 | 11y ago | Datalex airline booking software before 2015-09-03 allows remote attackers to read or write to arbitrary user data via a modified profileId parameter to (1) ValidateFormAction.do or (2) ProfileConfir… | |||
| CVE-2015-7236 | high | 7.5 | 7.5 | 11y ago | Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in rpcbind 0.2.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via crafted packets, involving a PMA… | |||
| CVE-2015-7319 | high | — | 7.5 | 11y ago | SQL injection vulnerability in cpabc_appointments_admin_int_calendar_list.inc.php in the Appointment Booking Calendar plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary SQ… | |||
| CVE-2015-7375 | high | — | 7.5 | 11y ago | Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code or cause a denial of service (unhandled runtime exception and application crash) via a crafted Indu… | |||
| CVE-2015-7374 | high | — | 7.5 | 11y ago | The Remote Agent component in Schneider Electric InduSoft Web Studio before 8.0 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-2649. | |||
| CVE-2015-7180 | high | — | 7.5 | 11y ago | The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value of a function call, which might allow remote attackers to ca… | |||
| CVE-2015-7179 | high | — | 7.5 | 11y ago | The VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, incorrectly allocates memory for shader… | |||
| CVE-2015-7178 | high | — | 7.5 | 11y ago | The ProgramBinary::linkAttributes function in libGLES in ANGLE, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 on Windows, mishandles shader access, which allows remote attac… | |||
| CVE-2015-7177 | high | — | 7.5 | 11y ago | The InitTextures function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possib… | |||
| CVE-2015-7176 | high | — | 7.5 | 11y ago | The AnimationThread function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf function, which might allow remote attackers to cause a denial of… | |||
| CVE-2015-7175 | high | — | 7.5 | 11y ago | The XULContentSinkImpl::AddText function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application c… | |||
| CVE-2015-7174 | high | — | 7.5 | 11y ago | The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application c… | |||
| CVE-2015-4522 | high | — | 7.5 | 11y ago | The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application… | |||
| CVE-2015-4521 | high | — | 7.5 | 11y ago | The ConvertDialogOptions function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) o… | |||
| CVE-2015-4517 | high | — | 7.5 | 11y ago | NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly have u… | |||
| CVE-2015-4509 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the HTMLVideoElement interface in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via crafted JavaScript… | |||
| CVE-2015-4501 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2015-4500 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to cause a denial of service (memory corruption and a… | |||
| CVE-2015-7309 | medium | — | 7.5 | 11y ago | The theme editor in Bolt before 2.2.5 does not check the file extension when renaming files, which allows remote authenticated users to execute arbitrary code by renaming a crafted file and then dire… | |||
| CVE-2015-5603 | medium | — | 7.5 | 11y ago | The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerab… | |||
| CVE-2015-6460 | high | — | 7.5 | 11y ago | Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway Server before 2.3.9.34 allow remote attackers to execute arbitrary code via opcode (1) 0x3ef or (2) 0x3f0. | |||
| CVE-2015-7239 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function module in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5874 | high | — | 7.5 | 11y ago | CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file. | |||
| CVE-2015-1173 | high | — | 7.5 | 11y ago | Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not properly restrict access to the (1) Design Mode and (2) Debug Logger mode modules, which allows remote attackers to gain privileges … | |||
| CVE-2015-6967 | medium | — | 7.5 | 11y ago | Unrestricted file upload vulnerability in the My Image plugin in Nibbleblog before 4.0.5 allows remote administrators to execute arbitrary code by uploading a file with an executable extension, then … | |||
| CVE-2015-6829 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in the getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin before 2.0.1 for WordPress allow remote attackers to execute arbitrar… | |||
| CVE-2015-4499 | high | — | 7.5 | 11y ago | Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x before 4.4.10, and 5.x before 5.0.1 mishandles long e-mail addresses during account registration, which allows remote attackers to… | |||
| CVE-2015-6915 | high | — | 7.5 | 11y ago | SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 and earlier allows remote attackers to execute arbitrary SQL commands via the "user" cookie to plugins/feedback/pages/feedback.ph… | |||
| CVE-2015-6910 | high | — | 7.5 | 11y ago | SQL injection vulnerability in Synology Video Station before 1.5-0757 allows remote attackers to execute arbitrary SQL commands via the id parameter to audiotrack.cgi. | |||
| CVE-2015-6826 | high | — | 7.5 | 11y ago | The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.7.2 does not initialize certain structure members, which allows remote attackers to cause a denial of service (inv… | |||
| CVE-2015-6825 | high | — | 7.5 | 11y ago | The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.7.2 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (inval… | |||
| CVE-2015-6824 | high | — | 7.5 | 11y ago | The sws_init_context function in libswscale/utils.c in FFmpeg before 2.7.2 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation… | |||
| CVE-2015-6823 | high | — | 7.5 | 11y ago | The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.7.2 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation)… | |||
| CVE-2015-6822 | high | — | 7.5 | 11y ago | The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.7.2 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of se… | |||
| CVE-2015-6821 | high | — | 7.5 | 11y ago | The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.7.2 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid p… | |||
| CVE-2015-6820 | high | — | 7.5 | 11y ago | The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.7.2 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which all… | |||
| CVE-2015-6819 | high | — | 7.5 | 11y ago | Multiple integer underflows in the ff_mjpeg_decode_frame function in libavcodec/mjpegdec.c in FFmpeg before 2.7.2 allow remote attackers to cause a denial of service (out-of-bounds array access) or p… | |||
| CVE-2015-6818 | high | — | 7.5 | 11y ago | The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.7.2 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a … | |||
| CVE-2015-4538 | high | — | 7.5 | 11y ago | The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an extern… | |||
| CVE-2015-6581 | high | — | 7.5 | 11y ago | Double free vulnerability in the opj_j2k_copy_default_tcp_and_create_tcd function in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 45.0.2454.85, allows remote attackers to… | |||
| CVE-2015-6580 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, as used in Google Chrome before 45.0.2454.85, allow attackers to cause a denial of service or possibly have other impact via unkno… | |||
| CVE-2015-1301 | high | — | 7.5 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-1299 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the shared-timer implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecifi… | |||
| CVE-2015-1297 | high | — | 7.5 | 11y ago | The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the requ… | |||
| CVE-2015-1295 | high | — | 7.5 | 11y ago | Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attack… | |||
| CVE-2015-1294 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of servi… | |||
| CVE-2015-1293 | high | — | 7.5 | 11y ago | The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||
| CVE-2015-3308 | high | — | 7.5 | 11y ago | Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before 3.3.14 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted CRL distribution … | |||
| CVE-2015-6728 | high | — | 7.5 | 11y ago | The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 does not perform token comparison in constant time, which allows remote attackers to… | |||
| CVE-2015-6520 | high | — | 7.5 | 11y ago | IPPUSBXD before 1.22 listens on all interfaces, which allows remote attackers to obtain access to USB connected printers via a direct request. | |||
| CVE-2015-5698 | high | — | 7.5 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified… | |||
| CVE-2015-4555 | high | — | 7.5 | 11y ago | Buffer overflow in the HTTP administrative interface in TIBCO Rendezvous before 8.4.4, Rendezvous Network Server before 1.1.1, Substation ES before 2.9.0, and Messaging Appliance before 8.7.2 allows … | |||
| CVE-2015-4498 | high | — | 7.5 | 11y ago | The add-on installation feature in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to bypass an intended user-confirmation requirement by constructing a craft… | |||
| CVE-2015-5432 | high | — | 7.5 | 11y ago | HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or m… | |||
| CVE-2015-5429 | high | — | 7.5 | 11y ago | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-… | |||
| CVE-2015-5428 | high | — | 7.5 | 11y ago | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5427 and CVE-2015-… | |||
| CVE-2015-5427 | high | — | 7.5 | 11y ago | HP Matrix Operating Environment before 7.5.0 allows remote attackers to obtain sensitive information or modify data via unspecified vectors, a different vulnerability than CVE-2015-5428 and CVE-2015-… | |||
| CVE-2015-5404 | high | — | 7.5 | 11y ago | HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote attackers to obtain sensitive information or modify data via u… | |||
| CVE-2015-5409 | high | — | 7.5 | 11y ago | Buffer overflow in HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. | |||
| CVE-2015-5424 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2885. | |||
| CVE-2015-5423 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884. | |||
| CVE-2015-5422 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2883. | |||
| CVE-2015-5421 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2881. | |||
| CVE-2015-5420 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2880. | |||
| CVE-2015-5419 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2879. | |||
| CVE-2015-5418 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2877. | |||
| CVE-2015-5417 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2876. | |||
| CVE-2015-5416 | high | — | 7.5 | 11y ago | Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2875. | |||
| CVE-2015-6659 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the SQL comment filtering system in the Database API in Drupal 7.x before 7.39 allows remote attackers to execute arbitrary SQL commands via an SQL comment. | |||
| CVE-2015-6525 | high | — | 7.5 | 11y ago | Multiple integer overflows in the evbuffer API in Libevent 2.0.x before 2.0.22 and 2.1.x before 2.1.5-beta allow context-dependent attackers to cause a denial of service or possibly have other unspec… | |||
| CVE-2015-4535 | high | — | 7.5 | 11y ago | Java Method Server (JMS) in EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, 7.0 before P19, 7.1 before P16, and 7.2 before P02, when __debug_trace__ is configured, allows remote a… | |||
| CVE-2015-0536 | high | 7.5 | 7.5 | 11y ago | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier, when client authentication and an ephemeral Diffie-Hellman ciphersuite are ena… | |||
| CVE-2015-0535 | high | 7.5 | 7.5 | 11y ago | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier do not properly restrict TLS state transitions, which makes it easier for remot… | |||
| CVE-2015-0534 | high | 7.5 | 7.5 | 11y ago | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-J before 6.2, RSA BSAFE SSL-J before 6.2, and RSA BSAFE SSL-C 2.8.9 and earlier do not enforce cert… | |||
| CVE-2015-0533 | high | 7.5 | 7.5 | 11y ago | EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3 and RSA BSAFE SSL-C 2.8.9 and earlier allow remote SSL servers to conduct ECDHE-to-ECDH downgrade attacks and trigger… | |||
| CVE-2015-5504 | high | — | 7.5 | 11y ago | SQL injection vulnerability in the Novalnet Payment Module Ubercart module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2015-5502 | high | — | 7.5 | 11y ago | The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not properly restrict access to Storage API fields attached to entities that are not nodes, which allows remote attackers to have unspeci… | |||
| CVE-2015-5501 | high | — | 7.5 | 11y ago | The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x before 7.x-3.0-beta2 for Drupal allows remote attackers to execute arbitrary PHP code via a crafted file in the directory used to writ… | |||
| CVE-2015-4426 | high | — | 7.5 | 11y ago | SQL injection vulnerability in pimcore before build 3473 allows remote attackers to execute arbitrary SQL commands via the filter parameter to admin/asset/grid-proxy. | |||
| CVE-2015-6516 | medium | — | 7.5 | 11y ago | SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php. | |||
| CVE-2015-6513 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in the J2Store (com_j2store) extension before 3.1.7 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) sortby or (2) manufacturer_… | |||
| CVE-2015-5681 | high | — | 7.5 | 11y ago | Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extensi… | |||
| CVE-2015-5599 | high | — | 7.5 | 11y ago | Multiple SQL injection vulnerabilities in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) albumid or (2) name paramet… | |||
| CVE-2015-5779 | high | — | 7.5 | 11y ago | QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulne… | |||
| CVE-2015-5776 | high | — | 7.5 | 11y ago | Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by leveraging use of… | |||
| CVE-2015-5775 | high | — | 7.5 | 11y ago | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted fon… | |||
| CVE-2015-5750 | high | — | 7.5 | 11y ago | Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted series of Unicode ch… | |||
| CVE-2015-3804 | high | — | 7.5 | 11y ago | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted fon… | |||
| CVE-2015-3797 | high | — | 7.5 | 11y ago | The TRE library in Libc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows context-dependent attackers to execute arbitrary code or cause a denial of service (memory corruption and application … | |||
| CVE-2015-3773 | high | — | 7.5 | 11y ago | The SMB client in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors. | |||
| CVE-2015-4492 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a Sh… | |||
| CVE-2015-4489 | high | — | 7.5 | 11y ago | The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possib… | |||
| CVE-2015-4488 | high | — | 7.5 | 11y ago | Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified im… |