CVEs from 2015
Total
7,313
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
17.9%
% with KEV
0.6%
% with exploit
0.8%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2015-0145 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to hijack … | |
| CVE-2015-6309 | medium | — | 6.8 | 11y ago | Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows remote authenticated users to cause a denial of service (file-descriptor consumption and device reload) via crafted HTTP requests, … | |
| CVE-2015-7612 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Organizations page in Enterprise Manager in McAfee Vulnerability Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the… | |
| CVE-2015-3845 | medium | — | 6.8 | 11y ago | The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in Android before 5.1.1 LMY48M does not consider parcel boundaries during identification of binder objects in an append operation, … | |
| CVE-2015-3844 | medium | — | 6.8 | 11y ago | The getProcessRecordLocked method in services/core/java/com/android/server/am/ActivityManagerService.java in ActivityManager in Android before 5.1.1 LMY48I allows attackers to trigger incorrect proce… | |
| CVE-2015-7337 | medium | — | 6.8 | 11y ago | The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to execute arbitrary JavaScript code via a crafted file, which triggers a redirect to files… | |
| CVE-2015-5075 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM before 5.2 allows remote attackers to hijack the authentication of administrators for requests that create an administrative account … | |
| CVE-2015-5400 | medium | — | 6.8 | 11y ago | Squid before 3.5.6 does not properly handle CONNECT method peer responses when configured with cache_peer, which allows remote attackers to bypass intended restrictions and gain access to a backend p… | |
| CVE-2015-1781 | medium | — | 6.8 | 11y ago | Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash… | |
| CVE-2015-6928 | medium | — | 6.8 | 11y ago | classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x before 6.0.7 does not properly validate that a password reset request was made, which allows remote attackers to change the administr… | |
| CVE-2015-6007 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Web Reference Database (aka refbase) through 0.9.6 allows remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2015-6468 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Resource Data Management Data Manager before 2.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | |
| CVE-2015-6304 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence Server software 3.0(2.24) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCut63718, CSCut6… | |
| CVE-2015-4511 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in the nestegg_track_codec_data function in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allows remote attackers to execute arbitrary code via a crafted hea… | |
| CVE-2015-4510 | medium | — | 6.8 | 11y ago | Race condition in the WorkerPrivate::NotifyFeatures function in Mozilla Firefox before 41.0 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free and applicat… | |
| CVE-2015-4506 | medium | — | 6.8 | 11y ago | Buffer overflow in the vp9_init_context_buffers function in libvpx, as used in Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3, allows remote attackers to execute arbitrary code via a cr… | |
| CVE-2015-5991 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 … | |
| CVE-2015-2916 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 and Almond-2015 devices with firmware before AL2-R088M allows remote attackers t… | |
| CVE-2015-5689 | medium | — | 6.8 | 11y ago | ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions Suite (GSS) before 3.0 HF2 12.0.0.8010 and Symantec Deployment Solution (DS) before 7.6 HF4 12.0.0.7045 performs improper sign-exten… | |
| CVE-2015-5637 | medium | — | 6.8 | 11y ago | The Newphoria Photon application before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |
| CVE-2015-5636 | medium | — | 6.8 | 11y ago | The Newphoria Reversi application before 1.0.3 for Android and before 1.2 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |
| CVE-2015-5635 | medium | — | 6.8 | 11y ago | The Newphoria Koritore application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |
| CVE-2015-5634 | medium | — | 6.8 | 11y ago | The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |
| CVE-2015-5633 | medium | — | 6.8 | 11y ago | The Newphoria Auction Camera application for iOS and before 1.2 for Android allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors. | |
| CVE-2015-5632 | medium | — | 6.8 | 11y ago | The runtime engine in the Newphoria applican framework before 1.12.3 for Android and before 1.12.2 for iOS allows attackers to bypass a whitelist.xml URL whitelist protection mechanism and obtain API… | |
| CVE-2015-5829 | medium | — | 6.8 | 11y ago | Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file. | |
| CVE-2015-5823 | medium | — | 6.8 | 11y ago | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash… | |
| CVE-2015-5822 | medium | — | 6.8 | 11y ago | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash… | |
| CVE-2015-5821 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5819 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5818 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5817 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5816 | medium | — | 6.8 | 11y ago | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash… | |
| CVE-2015-5815 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |
| CVE-2015-5814 | medium | — | 6.8 | 11y ago | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash… | |
| CVE-2015-5813 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5812 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5811 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5810 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5809 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5808 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |
| CVE-2015-5807 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5806 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5805 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5804 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5803 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5802 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5801 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5800 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5799 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5798 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to… | |
| CVE-2015-5797 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5796 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5795 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5794 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5793 | medium | — | 6.8 | 11y ago | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash… | |
| CVE-2015-5792 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5791 | medium | — | 6.8 | 11y ago | WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash… | |
| CVE-2015-5790 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-5789 | medium | — | 6.8 | 11y ago | WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted we… | |
| CVE-2015-6966 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in Nibbleblog before 4.0.5 allow remote attackers to hijack the authentication of administrators for requests that (1) create a post via a n… | |
| CVE-2015-6965 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators f… | |
| CVE-2015-6828 | medium | — | 6.8 | 11y ago | The tweet_info function in class/__functions.php in the SecureMoz Security Audit plugin 1.0.5 and earlier for WordPress does not use an HTTPS session for downloading serialized data, which allows man… | |
| CVE-2015-6948 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in the Microsoft Word document conversion feature in Corel WordPerfect allows remote attackers to execute arbitrary code via a crafted document. | |
| CVE-2015-6944 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to hijack the authentication of users for requests that execute arbitrary SQL commands via the… | |
| CVE-2015-5629 | medium | — | 6.8 | 11y ago | The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows attackers to bypass a URL whitelist protection mechanism and obtai… | |
| CVE-2015-6465 | medium | — | 6.8 | 11y ago | The GoAhead web server on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote authenticated users to cause a denial of service (reboot) via a crafted URL. | |
| CVE-2015-5631 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Remote UI on Canon PIXMA MG7500 printers allows remote attackers to hijack the authentication of administrators. | |
| CVE-2015-6827 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php. | |
| CVE-2015-5624 | medium | — | 6.8 | 11y ago | Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELPhoneBtnV6 ActiveX control allows remote attackers to execute arbitrary code via a crafted HTML document, related to the discontin… | |
| CVE-2015-2991 | medium | — | 6.8 | 11y ago | Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via crafted save data. | |
| CVE-2015-6582 | medium | — | 6.8 | 11y ago | The decompose function in platform/transforms/TransformationMatrix.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not verify that a matrix inversion succeeded, which allows remote a… | |
| CVE-2015-6545 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account … | |
| CVE-2015-6655 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin… | |
| CVE-2015-5411 | medium | — | 6.8 | 11y ago | HP Version Control Repository Manager (VCRM) before 7.5.0 allows remote authenticated users to obtain sensitive information via unspecified vectors. | |
| CVE-2015-5949 | medium | — | 6.8 | 11y ago | VideoLAN VLC media player 2.2.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP file, which triggers the freeing of arbitrary pointe… | |
| CVE-2015-5161 | medium | — | 6.8 | 11y ago | ZendXml and Zend Framework contain XXE and XEE Vulnerabilities | |
| CVE-2015-6262 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in Cisco Prime Infrastructure 1.2(0.103) and 2.0(0.0) allows remote attackers to hijack the authentication of arbitrary users, aka Bug IDs CSCum49054 a… | |
| CVE-2015-5786 | medium | — | 6.8 | 11y ago | Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability tha… | |
| CVE-2015-5785 | medium | — | 6.8 | 11y ago | Apple QuickTime before 7.7.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted file, a different vulnerability tha… | |
| CVE-2015-6664 | medium | — | 6.8 | 11y ago | XML external entity (XXE) vulnerability in the application import functionality in SAP Mobile Platform 2.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact v… | |
| CVE-2015-6662 | medium | — | 6.8 | 11y ago | XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data, aka SAP Security N… | |
| CVE-2015-6660 | medium | — | 6.8 | 11y ago | The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not properly validate the form token, which allows remote attackers to conduct CSRF attacks that upload files in a different user's acc… | |
| CVE-2015-2905 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN modems with firmware before NCS01-1.0.13 allows remote attackers to hijack the authentication or intranet connectivity of arbitrar… | |
| CVE-2015-2983 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentica… | |
| CVE-2015-4530 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in EMC Documentum WebTop before 6.8P01, Documentum Administrator through 7.2, Documentum Digital Assets Manager through 6.5SP6, Documentum Web Publishe… | |
| CVE-2015-0542 | medium | — | 6.8 | 11y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA Archer GRC 5.5 SP1 before P3 allow remote attackers to hijack the authentication of arbitrary users. | |
| CVE-2015-6523 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in the Portfolio plugin before 1.05 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspeci… | |
| CVE-2015-4308 | medium | — | 6.8 | 11y ago | The webGUI configuration-export feature in Cisco Edge Bluebird Operating System 1.2 on Edge 340 devices allows remote authenticated users to obtain sensitive information via unspecified vectors, aka … | |
| CVE-2015-4301 | medium | — | 6.8 | 11y ago | Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated users to cause a denial of service (device hang) via large files that are copied to a device's filesystem, aka Bug ID CSCuu77225. | |
| CVE-2015-6517 | medium | — | 6.8 | 11y ago | Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 allows remote attackers to hijack the authentication of users for requests that drop database tables via the droptable parameter to… | |
| CVE-2015-5505 | medium | — | 6.8 | 11y ago | The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the "include subdomains" directive, which causes the HSTS pol… | |
| CVE-2015-5778 | medium | — | 6.8 | 11y ago | CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra… | |
| CVE-2015-5777 | medium | — | 6.8 | 11y ago | CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra… | |
| CVE-2015-5773 | medium | — | 6.8 | 11y ago | QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted offi… | |
| CVE-2015-5772 | medium | — | 6.8 | 11y ago | Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code via a crafted Collada file. | |
| CVE-2015-5771 | medium | — | 6.8 | 11y ago | Quartz Composer Framework in Apple OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted QuickTime… | |
| CVE-2015-5761 | medium | — | 6.8 | 11y ago | CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted font … | |
| CVE-2015-5758 | medium | — | 6.8 | 11y ago | ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF i… | |
| CVE-2015-5756 | medium | — | 6.8 | 11y ago | FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted fon… |