CVEs from 2015
Total
7,261
critical
critical 1,307
high
high 1,666
medium
medium 3,616
low
low 554
% Critical
18.0%
% with KEV
0.6%
% with exploit
10.1%
Top vendors
Top products
- firefox 4,609
- flash_player 3,392
- php 1,526
- moodle 1,087
- acrobat 878
- acrobat_reader 878
- safari 736
- internet_explorer 712
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-3934 | critical | 9.8 | 10.0 | 9y ago | Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/app_article/controller/rating.php or (2) user pa… | |||
| CVE-2015-3933 | critical | 9.8 | 10.0 | 9y ago | MetalGenix GeniXCMS vulnerable to SQL Injection | |||
| CVE-2015-2780 | critical | 9.8 | 10.0 | 9y ago | Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct re… | |||
| CVE-2015-2147 | critical | 9.8 | 10.0 | 9y ago | Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker before 1.7.0 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. | |||
| CVE-2015-8249 | critical | 9.8 | 10.0 | 9y ago | The FileUploadServlet class in ManageEngine Desktop Central 9 before build 91093 allows remote attackers to upload and execute arbitrary files via the ConnectionId parameter. | |||
| CVE-2015-4667 | critical | 9.8 | 10.0 | 9y ago | Multiple hardcoded credentials in Xsuite 2.x. | |||
| CVE-2015-4073 | critical | 9.8 | 10.0 | 9y ago | Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (… | |||
| CVE-2015-4683 | critical | 9.8 | 10.0 | 9y ago | Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows attackers to obtain sensitive information and potentially gain privileges by leveraging use of session identifiers as parameters wit… | |||
| CVE-2015-8351 | critical | 9.0 | 10.0 | 9y ago | PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code v… | |||
| CVE-2015-4523 | critical | 9.3 | 10.0 | 9y ago | Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware Analyzer G2 allow remote attackers to bypass a virtual machine protection mechanism and consequently write to arbitrary files, caus… | |||
| CVE-2015-3313 | critical | 9.8 | 10.0 | 9y ago | SQL injection vulnerability in WordPress Community Events plugin before 1.4. | |||
| CVE-2015-7241 | critical | 9.8 | 10.0 | 9y ago | XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. | |||
| CVE-2015-8352 | critical | 9.8 | 10.0 | 9y ago | Directory traversal vulnerability in Zen Cart 1.5.4 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the act parameter to ajax.php. | |||
| CVE-2015-2857 | critical | 9.8 | 10.0 | 9y ago | Accellion File Transfer Appliance before FTA_9_11_210 allows remote attackers to execute arbitrary code via shell metacharacters in the oauth_token parameter. | |||
| CVE-2015-7871 | critical | 9.8 | 10.0 | 9y ago | Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to bypass authentication. | |||
| CVE-2015-2798 | critical | 9.8 | 10.0 | 9y ago | SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||
| CVE-2015-2279 | critical | 9.8 | 10.0 | 9y ago | cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters aft… | |||
| CVE-2015-9098 | critical | 9.8 | 10.0 | 9y ago | In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitor… | |||
| CVE-2015-2692 | critical | 10.0 | 10.0 | 9y ago | AdBlock before 2.21 allows remote attackers to block arbitrary resources on arbitrary websites and to disable arbitrary blocking filters. | |||
| CVE-2015-7346 | critical | 9.8 | 10.0 | 9y ago | SQL injection vulnerability in ZCMS 1.1. | |||
| CVE-2015-0936 | critical | 9.8 | 10.0 | 9y ago | Ceragon FibeAir IP-10 have a default SSH public key in the authorized_keys file for the mateidu user, which allows remote attackers to obtain SSH access by leveraging knowledge of the private key. | |||
| CVE-2015-4455 | critical | 9.8 | 10.0 | 9y ago | Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by up… | |||
| CVE-2015-7568 | critical | 9.8 | 10.0 | 9y ago | SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter. | |||
| CVE-2015-7247 | critical | 9.8 | 10.0 | 9y ago | D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration… | |||
| CVE-2015-7246 | critical | 9.8 | 10.0 | 9y ago | D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obt… | |||
| CVE-2015-8282 | critical | 9.8 | 10.0 | 9y ago | SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account. | |||
| CVE-2015-7564 | critical | 9.8 | 10.0 | 9y ago | TeamPass vulnerable to SQL Injection | |||
| CVE-2015-8556 | critical | 10.0 | 10.0 | 9y ago | Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1. | |||
| CVE-2015-6024 | critical | 9.8 | 10.0 | 9y ago | ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in… | |||
| CVE-2015-2794 | critical | 9.8 | 10.0 | 9y ago | The installation wizard in DotNetNuke (DNN) allows privilege escalation | |||
| CVE-2015-8974 | critical | 10.0 | 10.0 | 10y ago | SQL injection vulnerability in the Group Promotions module in the admin control panel in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and MyBB Merge System before 1.8.6 allows remo… | |||
| CVE-2015-4594 | critical | 9.8 | 10.0 | 10y ago | eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an exist… | |||
| CVE-2015-6835 | critical | 9.8 | 10.0 | 10y ago | The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or ca… | |||
| CVE-2015-6834 | critical | 9.8 | 10.0 | 10y ago | Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable… | |||
| CVE-2015-7425 | critical | 10.0 | 10.0 | 10y ago | The Data Protection component in the VMware vSphere GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.3 before 6… | |||
| CVE-2015-8747 | critical | 10.0 | 10.0 | 11y ago | The multifilesystem storage backend in Radicale before 1.1 allows remote attackers to read or write to arbitrary files via a crafted component name. | |||
| CVE-2015-6015 | critical | — | 10.0 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Ou… | |||
| CVE-2015-6014 | critical | — | 10.0 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Ou… | |||
| CVE-2015-6013 | critical | — | 10.0 | 11y ago | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Ou… | |||
| CVE-2015-8617 | critical | 9.8 | 10.0 | 11y ago | Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a … | |||
| CVE-2015-8396 | critical | 10.0 | 10.0 | 11y ago | Integer overflow in the ImageRegionReader::ReadIntoBuffer function in MediaStorageAndFileFormat/gdcmImageRegionReader.cxx in Grassroots DICOM (aka GDCM) before 2.6.2 allows attackers to execute arbit… | |||
| CVE-2015-8659 | critical | 10.0 | 10.0 | 11y ago | The idle stream handling in nghttp2 before 1.6.0 allows attackers to have unspecified impact via unknown vectors, aka a heap-use-after-free bug. | |||
| CVE-2015-8261 | critical | 9.8 | 10.0 | 11y ago | The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks vi… | |||
| CVE-2015-7541 | critical | 10.0 | 10.0 | 11y ago | colorscore Command Injection vulnerability | |||
| CVE-2015-7426 | critical | 10.0 | 10.0 | 11y ago | The Data Protection extension in the VMware GUI in IBM Tivoli Storage Manager for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 7.1 before 7.1.3.0 a… | |||
| CVE-2015-6018 | critical | 9.8 | 10.0 | 11y ago | The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter. | |||
| CVE-2015-5995 | critical | 9.8 | 10.0 | 11y ago | Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Coo… | |||
| CVE-2015-7251 | critical | 9.8 | 10.0 | 11y ago | ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a hardcoded password of root for the root account, which allows remote attackers to obtain administrative access via a TELNET session. | |||
| CVE-2015-8459 | critical | 10.0 | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe … | |||
| CVE-2015-7930 | critical | 10.0 | 10.0 | 11y ago | Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded credentials, which allows remote attackers to obtain administrative access via unspecified vectors. | |||
| CVE-2015-8267 | critical | 10.0 | 10.0 | 11y ago | The PasswordReset.Controllers.ResetController.ChangePasswordIndex method in PasswordReset.dll in Dovestones AD Self Password Reset before 3.0.4.0 allows remote attackers to reset arbitrary passwords … | |||
| CVE-2015-7937 | critical | — | 10.0 | 11y ago | Stack-based buffer overflow in the GoAhead Web Server on Schneider Electric Modicon M340 PLC BMXNOx and BMXPx devices allows remote attackers to execute arbitrary code via a long password in HTTP Bas… | |||
| CVE-2015-7919 | critical | 10.0 | 10.0 | 11y ago | SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the config file, and consequently cause a denial of service (application crash), via unspecified vectors. | |||
| CVE-2015-7906 | critical | — | 10.0 | 11y ago | LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices allow remote attackers to read a password-hash backup file via unspecified vectors. | |||
| CVE-2015-8358 | critical | — | 10.0 | 11y ago | Directory traversal vulnerability in the bitrix.mpbuilder module before 1.0.12 for Bitrix allows remote administrators to include and execute arbitrary local files via a .. (dot dot) in the element n… | |||
| CVE-2015-7221 | critical | — | 10.0 | 11y ago | Buffer overflow in the nsDeque::GrowCapacity function in xpcom/glue/nsDeque.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified o… | |||
| CVE-2015-7220 | critical | — | 10.0 | 11y ago | Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or possibly have unspecified other impact… | |||
| CVE-2015-7205 | critical | — | 10.0 | 11y ago | Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 might allow remote attackers to obtain sensitive information, cause … | |||
| CVE-2015-7203 | critical | — | 10.0 | 11y ago | Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData function in gfx/thebes/gfxDWriteFontList.cpp in Mozilla Firefox before 43.0 might allow remote attackers to cause a denial of service or… | |||
| CVE-2015-7202 | critical | — | 10.0 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2015-7201 | critical | — | 10.0 | 11y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote attackers to cause a denial of service (memory corruption and a… | |||
| CVE-2015-8548 | critical | — | 10.0 | 11y ago | Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.80, allow attackers to cause a denial of service or possibly have other impact via unknow… | |||
| CVE-2015-6791 | critical | — | 10.0 | 11y ago | Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.80 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2015-6788 | critical | — | 10.0 | 11y ago | The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, wh… | |||
| CVE-2015-7113 | critical | — | 10.0 | 11y ago | The LaunchServices component in Apple iOS before 9.2 and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a m… | |||
| CVE-2015-7112 | critical | — | 10.0 | 11y ago | The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and watchOS before 2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of servi… | |||
| CVE-2015-7082 | critical | — | 10.0 | 11y ago | Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases. | |||
| CVE-2015-7071 | critical | — | 10.0 | 11y ago | The File Bookmark component in Apple OS X before 10.11.2 allows attackers to bypass a sandbox protection mechanism for app scoped bookmarks via a crafted pathname. | |||
| CVE-2015-8457 | critical | — | 10.0 | 11y ago | Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SD… | |||
| CVE-2015-8455 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8454 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8452 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8451 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8444 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8443 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8441 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8440 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8435 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8434 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8433 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8432 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8431 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8430 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8429 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8428 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8427 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8426 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8425 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8424 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8423 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8422 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8421 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8420 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8419 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8418 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8417 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8416 | critical | — | 10.0 | 11y ago | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe … | |||
| CVE-2015-8415 | critical | — | 10.0 | 11y ago | Buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.… | |||
| CVE-2015-8414 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… | |||
| CVE-2015-8413 | critical | — | 10.0 | 11y ago | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR S… |