Skip to main content
CVE-2015-3078 CRITICAL PATCH Act Now

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +4
NVD
CVSS 2.0
10.0
EPSS
4.7%
CVE-2015-3074 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3072 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3071 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Reader Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3069 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3068 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3067 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3066 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3065 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Reader Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3064 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3063 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3062 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Reader Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3061 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Reader Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3060 CRITICAL PATCH Act Now

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to bypass intended restrictions on JavaScript API execution via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Adobe Authentication Bypass Acrobat Reader Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3059 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +4
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3054 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe RCE Microsoft Acrobat Mac Os X +2
NVD
CVSS 2.0
10.0
EPSS
3.6%
CVE-2015-3053 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +4
NVD
CVSS 2.0
10.0
EPSS
3.1%
CVE-2015-1700 MEDIUM This Month

Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. Epss exploitation probability 20.2% and no vendor patch available.

RCE Microsoft Sharepoint Foundation Sharepoint Server
NVD
CVSS 2.0
6.0
EPSS
20.2%
CVE-2015-3081 MEDIUM POC PATCH This Month

Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

Adobe Race Condition Authentication Bypass Microsoft Flash Player +3
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
5.9%
CVE-2015-1692 MEDIUM This Month

Microsoft Internet Explorer 7 through 11 allows user-assisted remote attackers to read the clipboard contents via crafted web script, aka "Internet Explorer Clipboard Information Disclosure. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 24.7% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
24.7%
CVE-2015-1713 MEDIUM This Month

Microsoft Internet Explorer 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 11.0% and no vendor patch available.

Privilege Escalation Microsoft Internet Explorer
NVD
CVSS 2.0
6.8
EPSS
11.0%
CVE-2015-1704 MEDIUM This Month

Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 11.0% and no vendor patch available.

Privilege Escalation Microsoft Internet Explorer
NVD
CVSS 2.0
6.8
EPSS
11.0%
CVE-2015-1703 MEDIUM This Month

Microsoft Internet Explorer 6 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability," a different vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 11.0% and no vendor patch available.

Privilege Escalation Microsoft Internet Explorer
NVD
CVSS 2.0
6.8
EPSS
11.0%
CVE-2015-1688 MEDIUM This Month

Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 11.0% and no vendor patch available.

Privilege Escalation Microsoft Internet Explorer
NVD
CVSS 2.0
6.8
EPSS
11.0%
CVE-2015-1685 MEDIUM This Month

Microsoft Internet Explorer 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 23.4% and no vendor patch available.

Privilege Escalation Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
23.4%
CVE-2015-1674 MEDIUM POC PATCH This Month

The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. Public exploit code available.

Authentication Bypass Microsoft Windows 8 Windows 8 1 Windows Rt +2
NVD Exploit-DB
CVSS 2.0
4.6
EPSS
0.9%
CVE-2015-1716 MEDIUM PATCH This Month

Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.4%.

Information Disclosure Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD
CVSS 2.0
5.0
EPSS
18.4%
CVE-2015-1672 MEDIUM This Month

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 allows remote attackers to cause a denial of service (recursion and performance degradation) via crafted encrypted data in an. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 16.2% and no vendor patch available.

Denial Of Service Microsoft Net Framework
NVD
CVSS 2.0
5.0
EPSS
16.2%
CVE-2015-1702 MEDIUM PATCH This Month

The Service Control Manager (SCM) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2,. Rated medium severity (CVSS 6.9).

Privilege Escalation Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD
CVSS 2.0
6.9
EPSS
5.5%
CVE-2015-3055 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +4
NVD
CVSS 2.0
7.5
EPSS
2.0%
CVE-2015-3085 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

Adobe Privilege Escalation Microsoft Air Air Sdk +2
NVD
CVSS 2.0
6.4
EPSS
6.0%
CVE-2015-1686 MEDIUM This Month

The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.1% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer Vbscript
NVD
CVSS 2.0
4.3
EPSS
13.1%
CVE-2015-1684 MEDIUM This Month

VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used in Internet Explorer 8 through 11 and other products, allows remote attackers to bypass the ASLR protection mechanism via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 13.1% and no vendor patch available.

Information Disclosure Microsoft Vbscript Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
13.1%
CVE-2015-1680 LOW POC PATCH Monitor

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
2.5%
CVE-2015-1678 LOW POC PATCH Monitor

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
2.5%
CVE-2015-1677 LOW POC PATCH Monitor

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
2.5%
CVE-2015-1676 LOW POC PATCH Monitor

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
2.5%
CVE-2015-1679 LOW POC PATCH Monitor

The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Microsoft Windows 7 Windows 8 Windows 8 1 +6
NVD Exploit-DB
CVSS 2.0
2.1
EPSS
2.4%
CVE-2015-3058 MEDIUM PATCH This Month

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to obtain sensitive information from process memory via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Acrobat Reader Mac Os X +2
NVD
CVSS 2.0
5.0
EPSS
5.7%
CVE-2015-3047 MEDIUM PATCH This Month

Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow attackers to cause a denial of service (NULL pointer dereference) via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Denial Of Service Microsoft Acrobat Reader Mac Os X +2
NVD
CVSS 2.0
5.0
EPSS
4.3%
CVE-2015-1670 MEDIUM This Month

The Windows DirectWrite library, as used in Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2, allows remote attackers to obtain sensitive information from process memory via a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Net Framework
NVD
CVSS 2.0
4.3
EPSS
4.5%
CVE-2015-3079 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Adobe Privilege Escalation Microsoft Flash Player Air +2
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2015-3092 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Flash Player Air +2
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-3091 MEDIUM PATCH This Month

Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Microsoft Flash Player Air +2
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-1681 LOW PATCH Monitor

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to cause a. Rated low severity (CVSS 1.9). This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service Buffer Overflow Microsoft Windows 7 Windows 8 +6
NVD
CVSS 2.0
1.9
EPSS
1.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy