CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat_reader 878
- acrobat 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-7626 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK &… | |||
| CVE-2015-7625 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK &… | |||
| CVE-2015-7622 | critical | — | 10.0 | 11y ago | Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 o… | |||
| CVE-2015-6691 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Co… | |||
| CVE-2015-6687 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Co… | |||
| CVE-2015-6684 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Co… | |||
| CVE-2015-6683 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Co… | |||
| CVE-2015-5586 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Co… | |||
| CVE-2015-5569 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on Windows and OS X and before 11.2.202.535 on Linux, Adobe AIR before 19.0.0.213, Adobe AIR SDK before 19.0.0.213, and Adobe AIR SDK &… | |||
| CVE-2015-2482 | critical | — | 10.0 | 11y ago | The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code or cause a d… | |||
| CVE-2015-2342 | critical | — | 10.0 | 11y ago | The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitr… | |||
| CVE-2015-7766 | critical | — | 10.0 | 11y ago | PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and earlier allows remote administrators to bypass SQL query restrictions via a comment in the query to api/json/admin/SubmitQuery, as … | |||
| CVE-2015-7765 | critical | — | 10.0 | 11y ago | ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a hardcoded password of "plugin" for the IntegrationUser account, which allows remote authenticated users to obtain administrator access … | |||
| CVE-2015-5922 | critical | — | 10.0 | 11y ago | Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors. | |||
| CVE-2015-5887 | critical | — | 10.0 | 11y ago | The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, … | |||
| CVE-2015-5780 | critical | — | 10.0 | 11y ago | The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors. | |||
| CVE-2015-7716 | critical | — | 10.0 | 11y ago | libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 2072105… | |||
| CVE-2015-6604 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23129786. | |||
| CVE-2015-6603 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23227354. | |||
| CVE-2015-6601 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22935234. | |||
| CVE-2015-6600 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22882938. | |||
| CVE-2015-6599 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23416608. | |||
| CVE-2015-6598 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23306638. | |||
| CVE-2015-3877 | critical | — | 10.0 | 11y ago | Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20723696. | |||
| CVE-2015-3875 | critical | — | 10.0 | 11y ago | libutils in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted audio file, aka internal bug 22952485. | |||
| CVE-2015-3874 | critical | — | 10.0 | 11y ago | The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 233… | |||
| CVE-2015-3873 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, … | |||
| CVE-2015-3872 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. | |||
| CVE-2015-3871 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. | |||
| CVE-2015-3870 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. | |||
| CVE-2015-3869 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. | |||
| CVE-2015-3868 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. | |||
| CVE-2015-3867 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. | |||
| CVE-2015-3823 | critical | — | 10.0 | 11y ago | libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. | |||
| CVE-2015-0987 | critical | 10.0 | 10.0 | 11y ago | Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, and CJ2H PLC devices before 1.5 rely on cleartext password transmission, which allows remote attackers to obtain sensitive informat… | |||
| CVE-2015-7709 | critical | — | 10.0 | 11y ago | The arkeiad daemon in the Arkeia Backup Agent in Western Digital Arkeia 11.0.12 and earlier allows remote attackers to bypass authentication and execute arbitrary commands via a series of crafted req… | |||
| CVE-2015-6575 | critical | — | 10.0 | 11y ago | SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly consider integer promotion, which allows remote attackers to execute arbitrary code or cause a denial of service (in… | |||
| CVE-2015-3864 | critical | — | 10.0 | 11y ago | Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code vi… | |||
| CVE-2015-3836 | critical | — | 10.0 | 11y ago | The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows rem… | |||
| CVE-2015-3834 | critical | — | 10.0 | 11y ago | Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted appl… | |||
| CVE-2015-3832 | critical | — | 10.0 | 11y ago | Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka… | |||
| CVE-2015-3829 | critical | — | 10.0 | 11y ago | Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial … | |||
| CVE-2015-3828 | critical | — | 10.0 | 11y ago | The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (… | |||
| CVE-2015-3824 | critical | — | 10.0 | 11y ago | The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbit… | |||
| CVE-2015-1539 | critical | — | 10.0 | 11y ago | Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atom… | |||
| CVE-2015-1538 | critical | — | 10.0 | 11y ago | Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted … | |||
| CVE-2015-5957 | critical | — | 10.0 | 11y ago | Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name. | |||
| CVE-2015-5082 | critical | — | 10.0 | 11y ago | Endian Firewall before 3.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) NEW_PASSWORD_1 or (2) NEW_PASSWORD_2 parameter to cgi-bin/chpasswd.cgi. | |||
| CVE-2015-6682 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before… | |||
| CVE-2015-6678 | critical | — | 10.0 | 11y ago | Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, … | |||
| CVE-2015-6677 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-6676 | critical | — | 10.0 | 11y ago | Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, … | |||
| CVE-2015-5588 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-5587 | critical | — | 10.0 | 11y ago | Stack-based buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before … | |||
| CVE-2015-5584 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before… | |||
| CVE-2015-5582 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-5581 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before… | |||
| CVE-2015-5580 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-5579 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-5578 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-5577 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-5575 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-5574 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before… | |||
| CVE-2015-5573 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-5570 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before… | |||
| CVE-2015-5568 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-5567 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &… | |||
| CVE-2015-7303 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in the Update Manager service in Avira Management Console allows remote attackers to execute arbitrary code via a large header. | |||
| CVE-2015-6459 | critical | — | 10.0 | 11y ago | Absolute path traversal vulnerability in the download feature in FileDownloadServlet in GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before 3.1.5 allows remote attackers to read or dele… | |||
| CVE-2015-5911 | critical | — | 10.0 | 11y ago | Multiple unspecified vulnerabilities in Twisted in Wiki Server in Apple OS X Server before 5.0.3 allow attackers to have an unknown impact via an XML document. | |||
| CVE-2015-5903 | critical | — | 10.0 | 11y ago | The kernel in Apple iOS before 9 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5868 and CVE-2… | |||
| CVE-2015-5895 | critical | — | 10.0 | 11y ago | Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as used in Apple iOS before 9, have unknown impact and attack vectors. | |||
| CVE-2015-5538 | critical | — | 10.0 | 11y ago | Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build 132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e … | |||
| CVE-2015-5998 | critical | — | 10.0 | 11y ago | Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASSWORD string for authentication, which allows remote attackers to execute arbitrary programs via an encrypted command. | |||
| CVE-2015-6912 | critical | — | 10.0 | 11y ago | Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi. | |||
| CVE-2015-3964 | critical | — | 10.0 | 11y ago | SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier for remote attackers to obtain access via unspecified vectors. | |||
| CVE-2015-6681 | critical | — | 10.0 | 11y ago | Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6… | |||
| CVE-2015-6680 | critical | — | 10.0 | 11y ago | Adobe Shockwave Player before 12.2.0.162 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6… | |||
| CVE-2015-2523 | critical | — | 10.0 | 11y ago | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary c… | |||
| CVE-2015-2521 | critical | — | 10.0 | 11y ago | Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory … | |||
| CVE-2015-2520 | critical | — | 10.0 | 11y ago | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, … | |||
| CVE-2015-2510 | critical | — | 10.0 | 11y ago | Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2… | |||
| CVE-2015-2509 | critical | — | 10.0 | 11y ago | Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Media Center link (mcl) fi… | |||
| CVE-2015-2135 | critical | — | 10.0 | 11y ago | Unspecified vulnerability in HP Intelligent Provisioning 1.00 through 1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2015-4497 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by le… | |||
| CVE-2015-1171 | critical | — | 10.0 | 11y ago | Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file. | |||
| CVE-2015-5566 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR … | |||
| CVE-2015-2137 | critical | — | 10.0 | 11y ago | Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute arbitrary code via unknown vectors. | |||
| CVE-2015-5784 | critical | — | 10.0 | 11y ago | runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged … | |||
| CVE-2015-5754 | critical | — | 10.0 | 11y ago | Race condition in runner in Install.framework in the Install Framework Legacy component in Apple OS X before 10.10.5 allows attackers to execute arbitrary code in a privileged context via a crafted a… | |||
| CVE-2015-4486 | critical | — | 10.0 | 11y ago | The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds… | |||
| CVE-2015-4485 | critical | — | 10.0 | 11y ago | Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malfo… | |||
| CVE-2015-4479 | critical | — | 10.0 | 11y ago | Multiple integer overflows in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to execute arbitrary code via a crafted saio chunk in MPEG-4 video … | |||
| CVE-2015-4477 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in the MediaStream playback feature in Mozilla Firefox before 40.0 allows remote attackers to execute arbitrary code via unspecified use of the Web Audio API. | |||
| CVE-2015-4474 | critical | — | 10.0 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2015-4473 | critical | — | 10.0 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote attackers to cause a denial of service (memory corruption and a… | |||
| CVE-2015-2470 | critical | — | 10.0 | 11y ago | Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a craf… | |||
| CVE-2015-2469 | critical | — | 10.0 | 11y ago | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulne… | |||
| CVE-2015-2468 | critical | — | 10.0 | 11y ago | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Service… | |||
| CVE-2015-2467 | critical | — | 10.0 | 11y ago | Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability." |