CVEs from 2015
Total
7,266
critical
critical 1,306
high
high 1,666
medium
medium 3,617
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-6412 | critical | 9.8 | 9.8 | 11y ago | Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug … | |||
| CVE-2015-6323 | critical | 9.8 | 9.8 | 11y ago | The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 before patch 17, 1.2.1 before patch 8, 1.3 before patch 5, and 1.4 before patch 4 allows remote attackers to obtain administrativ… | |||
| CVE-2015-6314 | critical | 9.8 | 9.8 | 11y ago | Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bu… | |||
| CVE-2015-8611 | critical | 9.8 | 9.8 | 11y ago | BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and PEM 12.0.0 before HF1 on the 2000, 4000, 5000, 7000, and 10000 platforms do not properly sync passwords with the Always-On Managem… | |||
| CVE-2015-8098 | critical | 9.8 | 9.8 | 11y ago | F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and 11.6.0 before 11.6.0 HF4 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors relate… | |||
| CVE-2015-7938 | critical | 9.8 | 9.8 | 11y ago | Advantech EKI-132x devices with firmware before 2015-12-31 allow remote attackers to bypass authentication via unspecified vectors. | |||
| CVE-2015-8668 | critical | 9.8 | 9.8 | 11y ago | Heap-based buffer overflow in the PackBitsPreEncode function in tif_packbits.c in bmp2tiff in libtiff 4.0.6 and earlier allows remote attackers to execute arbitrary code or cause a denial of service … | |||
| CVE-2015-7554 | critical | 9.8 | 9.8 | 11y ago | The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows attackers to cause a denial of service (invalid memory write and crash) or possibly have unspecified other impact via crafted field da… | |||
| CVE-2015-5254 | critical | 9.8 | 9.8 | 11y ago | Improper Input Validation in Apache ActiveMQ | |||
| CVE-2015-6642 | critical | 9.8 | 9.8 | 11y ago | The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors,… | |||
| CVE-2015-6636 | critical | 9.8 | 9.8 | 11y ago | mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, a… | |||
| CVE-2015-5989 | critical | 9.8 | 9.8 | 11y ago | Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStat… | |||
| CVE-2015-5988 | critical | 9.8 | 9.8 | 11y ago | The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. | |||
| CVE-2015-7280 | critical | 9.8 | 9.8 | 11y ago | The web administration interface on ReadyNet WRT300N-DD devices with firmware 1.0.26 has a default password of admin for the admin account, which allows remote attackers to obtain administrative priv… | |||
| CVE-2015-7277 | critical | 9.8 | 9.8 | 11y ago | The web administration interface on Amped Wireless R10000 devices with firmware 2.5.2.11 has a default password of admin for the admin account, which allows remote attackers to obtain administrative … | |||
| CVE-2015-6016 | critical | 9.8 | 9.8 | 11y ago | ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with firmware 1.00AANC0b5, and NBG-418N devices have a default password of 1234 for the admin account, which allows re… | |||
| CVE-2015-2874 | critical | 9.8 | 9.8 | 11y ago | Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate Wireless Plus Mobile Storage, and LaCie FUEL devices with firmware before 3.4.1.105 have a default password of root for the root acc… | |||
| CVE-2015-7792 | critical | 9.8 | 9.8 | 11y ago | Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. | |||
| CVE-2015-6538 | critical | 9.8 | 9.8 | 11y ago | The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles authentication requests, which allows remote attackers to conduct LDAP injection attacks, and consequently bypass intended access… | |||
| CVE-2015-6537 | critical | 9.8 | 9.8 | 11y ago | SQL injection vulnerability in the login page in Epiphany Cardio Server 3.3 allows remote attackers to execute arbitrary SQL commands via a crafted URL. | |||
| CVE-2015-6792 | critical | 9.8 | 9.8 | 11y ago | The MIDI subsystem in Google Chrome before 47.0.2526.106 does not properly handle the sending of data, which allows remote attackers to execute arbitrary code or cause a denial of service (applicatio… | |||
| CVE-2015-8969 | critical | 9.8 | 9.8 | 11y ago | Git-fastclone passes user modifiable strings directly to a shell command | |||
| CVE-2015-6764 | critical | 9.8 | 9.8 | 11y ago | The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which al… | |||
| CVE-2015-8394 | critical | 9.8 | 9.8 | 11y ago | PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via … | |||
| CVE-2015-8391 | critical | 9.8 | 9.8 | 11y ago | The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecifie… | |||
| CVE-2015-8390 | critical | 9.8 | 9.8 | 11y ago | PCRE before 8.38 mishandles the [: and \\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other im… | |||
| CVE-2015-8389 | critical | 9.8 | 9.8 | 11y ago | PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact… | |||
| CVE-2015-8386 | critical | 9.8 | 9.8 | 11y ago | PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have … | |||
| CVE-2015-8383 | critical | 9.8 | 9.8 | 11y ago | PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted r… | |||
| CVE-2015-7182 | critical | 9.8 | 9.8 | 11y ago | Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network Security Services (NSS) before 3.19.2.1 and 3.20.x before 3.20.1, as used in Firefox before 42.0 and Firefox ESR 38.x before 38.4 an… | |||
| CVE-2015-0537 | critical | 9.8 | 9.8 | 11y ago | Integer underflow in the base64-decoding implementation in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x before 4.1.3, RSA BSAFE Crypto-C Micro Edition (Crypto-C ME) before 4.0… | |||
| CVE-2015-3253 | critical | 9.8 | 9.8 | 11y ago | Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy | |||
| CVE-2015-1276 | critical | 9.8 | 9.8 | 11y ago | Use-after-free vulnerability in content/browser/indexed_db/indexed_db_backing_store.cc in the IndexedDB implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial o… | |||
| CVE-2015-8857 | critical | 9.8 | 9.8 | 11y ago | The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possi… | |||
| CVE-2015-0192 | critical | 9.8 | 9.8 | 11y ago | Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0 before SR16 FP10 allows remote attackers to gain privileges via… | |||
| CVE-2015-1820 | critical | 9.8 | 9.8 | 11y ago | REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a respon… | |||
| CVE-2015-8214 | critical | — | 9.7 | 11y ago | A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All versions), SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All versions < V3.0.44), SIMATIC NET CP 343-… | |||
| CVE-2015-5211 | critical | 9.6 | 9.6 | 9y ago | Files or Directories Accessible to External Parties in org.springframework:spring-core | |||
| CVE-2015-8866 | critical | 9.6 | 9.6 | 10y ago | ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when PHP-FPM is used, does not isolate each thread from libxml_disable_entity_loader changes in other threads, which allows remote att… | |||
| CVE-2015-8789 | critical | 9.6 | 9.6 | 11y ago | Use-after-free vulnerability in the EbmlMaster::Read function in libEBML before 1.3.3 allows context-dependent attackers to have unspecified impact via a "deeply nested element with infinite size" fo… | |||
| CVE-2015-7939 | critical | 9.6 | 9.6 | 11y ago | Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before 9.8.09 allows remote attackers to execute arbitrary code via a long vlp filename. | |||
| CVE-2015-8751 | critical | — | 9.5 | — | multiple issues in jasper | |||
| CVE-2015-6259 | critical | — | 9.4 | 11y ago | The JavaServer Pages (JSP) component in Cisco Integrated Management Controller (IMC) Supervisor before 1.0.0.1 and UCS Director (formerly Cloupia Unified Infrastructure Controller) before 5.2.0.1 all… | |||
| CVE-2015-7908 | critical | — | 9.3 | 11y ago | Honeywell Midas gas detectors before 1.13b3 and Midas Black gas detectors before 2.13b3 allow remote attackers to discover cleartext passwords by sniffing the network. | |||
| CVE-2015-6789 | critical | — | 9.3 | 11y ago | Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have un… | |||
| CVE-2015-7111 | critical | — | 9.3 | 11y ago | The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of servi… | |||
| CVE-2015-7109 | critical | — | 9.3 | 11y ago | IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted … | |||
| CVE-2015-7079 | critical | — | 9.3 | 11y ago | dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||
| CVE-2015-7072 | critical | — | 9.3 | 11y ago | dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 mishandles segment validation, which allows attackers to execute arbitrary code in a privileged context via a crafted app. | |||
| CVE-2015-7070 | critical | — | 9.3 | 11y ago | Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability… | |||
| CVE-2015-7069 | critical | — | 9.3 | 11y ago | Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows attackers to execute arbitrary code in a privileged context via an app that provides a crafted pathname, a different vulnerability… | |||
| CVE-2015-7055 | critical | — | 9.3 | 11y ago | AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 does not prevent changes to access-control structures, which allows attackers to execute arbitrary code in a privileged context vi… | |||
| CVE-2015-7051 | critical | — | 9.3 | 11y ago | MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 mishandles the timing of trust-cache loading, which allows attackers to execute arbitrary code in a privileged context via a crafted a… | |||
| CVE-2015-8456 | critical | — | 9.3 | 11y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8450 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8449 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A… | |||
| CVE-2015-8448 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in the DisplacementMapFilter object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554… | |||
| CVE-2015-8447 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in the Color object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe… | |||
| CVE-2015-8446 | critical | — | 9.3 | 11y ago | Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK… | |||
| CVE-2015-8445 | critical | — | 9.3 | 11y ago | Integer overflow in the Shader filter implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before… | |||
| CVE-2015-8442 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A… | |||
| CVE-2015-8439 | critical | — | 9.3 | 11y ago | The SharedObject object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, A… | |||
| CVE-2015-8438 | critical | — | 9.3 | 11y ago | Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK… | |||
| CVE-2015-8437 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in the Selection object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A… | |||
| CVE-2015-8436 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in the PrintJob object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Ad… | |||
| CVE-2015-8058 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8050 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in the MovieClip object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A… | |||
| CVE-2015-8049 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, A… | |||
| CVE-2015-6177 | critical | — | 9.3 | 11y ago | Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulne… | |||
| CVE-2015-6172 | critical | — | 9.3 | 11y ago | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2016, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted e… | |||
| CVE-2015-6166 | critical | — | 9.3 | 11y ago | Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read or write access) via unspecified open and close requests… | |||
| CVE-2015-6162 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2015-6160 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2015-6159 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2015-6158 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2015-6156 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-6155 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Brows… | |||
| CVE-2015-6154 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2015-6153 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2015-6151 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 8 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2015-6150 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2015-6149 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption… | |||
| CVE-2015-6148 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br… | |||
| CVE-2015-6147 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption… | |||
| CVE-2015-6146 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption… | |||
| CVE-2015-6145 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption… | |||
| CVE-2015-6143 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln… | |||
| CVE-2015-6142 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2015-6141 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne… | |||
| CVE-2015-6140 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo… | |||
| CVE-2015-6139 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 11 and Microsoft Edge mishandle content types, which allows remote attackers to execute arbitrary web script in a privileged context via a crafted web site, aka "Microsoft… | |||
| CVE-2015-6136 | critical | — | 9.3 | 11y ago | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafte… | |||
| CVE-2015-6134 | critical | — | 9.3 | 11y ago | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulne… | |||
| CVE-2015-6130 | critical | — | 9.3 | 11y ago | Integer underflow in Uniscribe in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows remote attackers to execute arbitrary code via a crafted font, aka "Windows Integer Underflow Vulnerabi… | |||
| CVE-2015-6125 | critical | — | 9.3 | 11y ago | Use-after-free vulnerability in the DNS server in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka … | |||
| CVE-2015-6124 | critical | — | 9.3 | 11y ago | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office docum… | |||
| CVE-2015-6122 | critical | — | 9.3 | 11y ago | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Micr… | |||
| CVE-2015-6118 | critical | — | 9.3 | 11y ago | Microsoft Office 2007 SP3 and Office 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||
| CVE-2015-6108 | critical | — | 9.3 | 11y ago | The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT Gold and 8.1; Office 20… | |||
| CVE-2015-6107 | critical | — | 9.3 | 11y ago | The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 1… |