CVEs from 2015
Total
7,267
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
2.2%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6325 | high | — | 7.1 | 11y ago | Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before 8.2(5.58), 8.3 and 8.4 before 8.4(7.29), 8.5 through 8.7 before 8.7(1.17), 9.0 before 9.0(4.37), 9.1 before 9.1(6.4), 9.2 before 9.… | |||
| CVE-2015-6324 | high | — | 7.1 | 11y ago | The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) software 9.0 before 9.0(4.37), 9.1 before 9.1(6.6), 9.2 before 9.2(4), 9.3 before 9.3(3.5), and 9.4 before 9.4(2) allows rem… | |||
| CVE-2015-6994 | high | — | 7.1 | 11y ago | The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles reuse of virtual memory, which allows attackers to cause a denial of service via a crafted app. | |||
| CVE-2015-7004 | high | — | 7.1 | 11y ago | The kernel in Apple iOS before 9.1 allows attackers to cause a denial of service via a crafted app. | |||
| CVE-2015-5900 | high | — | 7.1 | 11y ago | The protected range register in the EFI component in Apple OS X before 10.11 has an incorrect value, which allows attackers to cause a denial of service (boot failure) via a crafted app that writes t… | |||
| CVE-2015-5986 | high | — | 7.1 | 11y ago | openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x before 9.10.2-P4 allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted D… | |||
| CVE-2015-5769 | high | — | 7.1 | 11y ago | The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video. | |||
| CVE-2015-0681 | high | — | 7.1 | 11y ago | The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS,… | |||
| CVE-2015-2593 | high | — | 7.1 | 11y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors rel… | |||
| CVE-2015-1762 | high | — | 7.1 | 11y ago | Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 and SP2, and 2014, when transactional replication is configured, does not prevent use of uninitialized memory in unspecified funct… | |||
| CVE-2015-5359 | high | — | 7.1 | 11y ago | Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D10, 13.2 before 13.2R7, 13.3 before 13.3R5, 14.1R3 bef… | |||
| CVE-2015-5358 | high | — | 7.1 | 11y ago | Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R9, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R7, 13.2X51 before 13.2X51-D35, 13… | |||
| CVE-2015-4226 | high | — | 7.1 | 11y ago | The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending ma… | |||
| CVE-2015-4199 | high | — | 7.1 | 11y ago | Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in the Performance Routing Engine (PRE) module on UBR devices allows remote attackers to cause a denial of service (NULL pointer fr… | |||
| CVE-2015-0772 | high | — | 7.1 | 11y ago | Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in … | |||
| CVE-2015-2578 | high | — | 7.1 | 11y ago | Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap. | |||
| CVE-2015-2942 | high | — | 7.1 | 11y ago | MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of nested… | |||
| CVE-2015-2937 | high | — | 7.1 | 11y ago | MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2, when using HHVM or Zend PHP, allows remote attackers to cause a denial of service ("quadratic blowup" and memory consumption) v… | |||
| CVE-2015-2936 | high | — | 7.1 | 11y ago | MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password hashing, allows remote attackers to cause a denial of service (CPU consumption) via a long password. | |||
| CVE-2015-0676 | high | — | 7.1 | 11y ago | The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6… | |||
| CVE-2015-1102 | high | — | 7.1 | 11y ago | The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and Apple TV before 7.2 does not properly handle TCP headers, which allows man-in-the-middle attackers to cause a denial of service via … | |||
| CVE-2015-0688 | high | — | 7.1 | 11y ago | Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services Processor (ESP) module, when NAT is enabled, allows remote attackers to cause a denial of service (module crash) via malformed H.3… | |||
| CVE-2015-0616 | high | — | 7.1 | 11y ago | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allow… | |||
| CVE-2015-0615 | high | — | 7.1 | 11y ago | The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows… | |||
| CVE-2015-0614 | high | — | 7.1 | 11y ago | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integ… | |||
| CVE-2015-0613 | high | — | 7.1 | 11y ago | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integ… | |||
| CVE-2015-0612 | high | — | 7.1 | 11y ago | The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allow… | |||
| CVE-2015-2751 | high | — | 7.1 | 11y ago | Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, allows remote domains with partial management control to cause a denial of service (host lock) via unspecified domctl operations. | |||
| CVE-2015-0638 | high | — | 7.1 | 11y ago | Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is configured, allows remote attackers to cause a denial of service (interface queue wedge) via crafted ICMPv4 packets, aka Bug ID CSC… | |||
| CVE-2015-0654 | high | — | 7.1 | 11y ago | Race condition in the TLS implementation in MainApp in the management interface in Cisco Intrusion Prevention System (IPS) Software before 7.3(3)E4 allows remote attackers to cause a denial of servic… | |||
| CVE-2015-0887 | high | — | 7.1 | 11y ago | npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji routers 1.00 through 3.30, SEIL/X1 routers 3.50 through 4.70, SEIL/X2 routers 3.50 through 4.70, and SEIL/B1 routers 3.50 through 4.… | |||
| CVE-2015-0631 | high | — | 7.1 | 11y ago | Race condition in the SSL implementation on Cisco Intrusion Prevention System (IPS) devices allows remote attackers to cause a denial of service by making many management-interface HTTPS connections … | |||
| CVE-2015-0618 | high | — | 7.1 | 11y ago | Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 devices and 5.1.3 and 5.1.4 on Carrier Routing System X (CRS-X) devices allows remote attackers to cause a denial of service (lin… | |||
| CVE-2015-0622 | high | — | 7.1 | 11y ago | The Wireless Intrusion Detection (aka WIDS) functionality on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device outage) via crafted packets that … | |||
| CVE-2015-0609 | high | — | 7.1 | 11y ago | Race condition in the Common Classification Engine (CCE) in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to ca… | |||
| CVE-2015-0593 | high | — | 7.1 | 11y ago | The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reloa… | |||
| CVE-2015-0608 | high | — | 7.1 | 12y ago | Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) vi… | |||
| CVE-2015-1454 | high | — | 7.1 | 12y ago | Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof… | |||
| CVE-2015-4422 | high | 7.0 | 7.0 | 9y ago | The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before V100R001CHNC00B126SP03 allows local users with root permissions to gain privileges or cause a denial of service (memory corruption) v… | |||
| CVE-2015-8239 | high | 7.0 | 7.0 | 9y ago | The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. | |||
| CVE-2015-0162 | high | 7.0 | 7.0 | 9y ago | IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local users to gain privileges. | |||
| CVE-2015-4685 | high | 7.0 | 7.0 | 9y ago | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo m… | |||
| CVE-2015-3222 | high | 7.0 | 7.0 | 9y ago | syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root. | |||
| CVE-2015-1325 | high | 7.0 | 7.0 | 9y ago | Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before 2.14.70ubuntu8.5 as packaged in Ubuntu 14.10, before 2.14.1-0ubuntu3.11 as packaged in Ubuntu 14.04 LTS, and befo… | |||
| CVE-2015-0576 | high | 7.0 | 7.0 | 9y ago | In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. | |||
| CVE-2015-7891 | high | 7.0 | 7.0 | 9y ago | Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging def… | |||
| CVE-2015-7543 | high | 7.0 | 7.0 | 9y ago | aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create temporary directories, which allows local users to hijack the IPC by pre-creating the temporary directory. | |||
| CVE-2015-9022 | high | 7.0 | 7.0 | 9y ago | In all Android releases from CAF using the Linux kernel, time-of-check Time-of-use (TOCTOU) Race Conditions exist in several TZ APIs. | |||
| CVE-2015-8997 | high | 7.0 | 7.0 | 9y ago | In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel. | |||
| CVE-2015-8996 | high | 7.0 | 7.0 | 9y ago | In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. | |||
| CVE-2015-8109 | high | 7.0 | 7.0 | 9y ago | Lenovo System Update (formerly ThinkVantage System Update) before 5.07.0019 allows local users to gain privileges by making a prediction of tvsu_tmp_xxxxxXXXXX account credentials that requires knowl… | |||
| CVE-2015-8993 | high | 7.0 | 7.0 | 9y ago | Malicious file execution vulnerability in Intel Security CloudAV (Beta) before 0.5.0.151.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifically crafted m… | |||
| CVE-2015-8992 | high | 7.0 | 7.0 | 9y ago | Malicious file execution vulnerability in Intel Security WebAdvisor before 4.0.2, 4.0.1 and 3.7.2 allows attackers to make the product momentarily vulnerable via executing preexisting specifically cr… | |||
| CVE-2015-8991 | high | 7.0 | 7.0 | 9y ago | Malicious file execution vulnerability in Intel Security McAfee Security Scan+ (MSS+) before 3.11.266.3 allows attackers to make the product momentarily vulnerable via executing preexisting specifica… | |||
| CVE-2015-8963 | high | 7.0 | 7.0 | 10y ago | Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an sweven… | |||
| CVE-2015-0572 | high | 7.0 | 7.0 | 10y ago | Multiple race conditions in drivers/char/adsprpc.c and drivers/char/adsprpc_compat.c in the ADSPRPC driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions… | |||
| CVE-2015-8709 | high | 7.0 | 7.0 | 10y ago | kernel/ptrace.c in the Linux kernel through 4.4.1 mishandles uid and gid mappings, which allows local users to gain privileges by establishing a user namespace, waiting for a root process to enter th… | |||
| CVE-2015-8705 | high | 7.0 | 7.0 | 11y ago | buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash)… | |||
| CVE-2015-7442 | high | 7.0 | 7.0 | 11y ago | consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x before 1.8.4 and Packaging Utility before 1.7.4.4 and 1.8.x before 1.8.4 allows local users to gain privileges via a Trojan horse p… | |||
| CVE-2015-8543 | high | 7.0 | 7.0 | 11y ago | The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol identifiers for certain protocol families, which allows local users … | |||
| CVE-2015-5649 | high | — | 7.0 | 11y ago | Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles authentication requests, which allows remote authenticated users to conduct LDAP injection attacks, and consequently bypass intended l… | |||
| CVE-2015-6564 | high | 7.0 | 7.0 | 11y ago | Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in OpenSSH before 7.0 on non-OpenBSD platforms might allow local users to gain privileges by leveraging contro… | |||
| CVE-2015-0461 | high | — | 7.0 | 11y ago | Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote authenticated users to affect confidentiality and integrity via unknow… | |||
| CVE-2015-6973 | high | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a pass… | |||
| CVE-2015-7707 | high | — | 6.5 | 11y ago | Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp. | |||
| CVE-2015-6972 | high | — | 4.3 | 11y ago | Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/cli… | |||
| CVE-2015-7755 | unknown | — | 2.5 | 8mo ago | Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device. | |||
| CVE-2015-4495 | unknown | — | 2.5 | 4y ago | Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. | |||
| CVE-2015-0016 | unknown | — | 2.5 | 4y ago | Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges. | |||
| CVE-2015-1427 | unknown | — | 2.5 | 4y ago | The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. | |||
| CVE-2015-3113 | unknown | — | 2.5 | 4y ago | Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-0311 | unknown | — | 2.5 | 4y ago | Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-0313 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. | |||
| CVE-2015-5122 | unknown | — | 2.5 | 4y ago | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | |||
| CVE-2015-2426 | unknown | — | 2.5 | 4y ago | A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. | |||
| CVE-2015-3035 | unknown | — | 2.5 | 4y ago | Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. | |||
| CVE-2015-1187 | unknown | — | 2.5 | 4y ago | The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. | |||
| CVE-2015-5119 | unknown | — | 2.5 | 4y ago | A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution. | |||
| CVE-2015-3043 | unknown | — | 2.5 | 4y ago | A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution. | |||
| CVE-2015-1701 | unknown | — | 2.5 | 4y ago | An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges. | |||
| CVE-2015-1635 | unknown | — | 2.5 | 4y ago | Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution. | |||
| CVE-2015-1130 | unknown | — | 2.5 | 4y ago | The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. | |||
| CVE-2015-2051 | unknown | — | 2.5 | 4y ago | D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | |||
| CVE-2015-7450 | unknown | — | 2.5 | 4y ago | Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands | |||
| CVE-2015-4852 | unknown | — | 2.5 | 5y ago | Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution. | |||
| CVE-2015-2291 | unknown | — | 1.5 | 3y ago | Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS). | |||
| CVE-2015-1769 | unknown | — | 1.5 | 4y ago | A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links. | |||
| CVE-2015-2360 | unknown | — | 1.5 | 4y ago | Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS). | |||
| CVE-2015-0071 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site. | |||
| CVE-2015-6175 | unknown | — | 1.5 | 4y ago | The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application. | |||
| CVE-2015-8651 | unknown | — | 1.5 | 4y ago | Integer overflow in Adobe Flash Player allows attackers to execute code. | |||
| CVE-2015-1671 | unknown | — | 1.5 | 4y ago | A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. | |||
| CVE-2015-0310 | unknown | — | 1.5 | 4y ago | Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism. | |||
| CVE-2015-2425 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | |||
| CVE-2015-5317 | unknown | — | 1.5 | 4y ago | Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the "Fingerprints" pages. | |||
| CVE-2015-2502 | unknown | — | 1.5 | 4y ago | Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS). | |||
| CVE-2015-5123 | unknown | — | 1.5 | 4y ago | Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | |||
| CVE-2015-1770 | unknown | — | 1.5 | 4y ago | Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document. | |||
| CVE-2015-2419 | unknown | — | 1.5 | 4y ago | JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | |||
| CVE-2015-0666 | unknown | — | 1.5 | 4y ago | Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files. |